How do i get rid of a trojan virus on my computer?

My computer has a trojan virus. There are so many pop-ups..and it randomly shuts down every half hour. how do i remove this virus?

Hi mnk2595 And Welcome!

The shuts down every half hour is not good sign.

1. Download ComboFix from below:
   
   Combofix download
   
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
   
3. Double click on combofix.exe & follow the prompts.
   
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   

im still having trouble with disabling my AntiVirus applications. I have several applications that keep popping up and i tried following the link you gave me to help, but the applications require an account to disable them. What should i do?

but the applications require an account to disable them. What should i do?

You lost me?

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
  
• Doubleclick on the HJTInstall.exe icon on your desktop.
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed, it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  

i downloaded it but it won't show up on my desktop...and when i try to open a pop-up from the virus shows up. As for what i said before, for my AntiVirus applications if i try to click "access my account" or something like that Internet Explorer will pop-up (which really really slows my computer down) and it'll make me register for software.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
   
2. rkill.com
   
3. rkill.scr
   
4. rkill.pif
   
5. WiNlOgOn.exe
   
6. uSeRiNiT.exe
   

Once you've gotten one of them to run then try to immediately run the following:

ComboFix as in my first post.

ComboFix 10-04-21.01 - Mohna 04/24/2010 21:49:19.2.1 - x86
Microsoft Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.895.135 [GMT -5:00]
Running from: c:\users\Mohna\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-25 03:02 . 2010-04-25 03:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-25 03:02 . 2010-04-25 03:02 -------- d-----w- c:\users\Naeem\AppData\Local\temp
2010-04-25 03:02 . 2010-04-25 03:02 -------- d-----w- c:\users\Minna\AppData\Local\temp
2010-04-25 03:02 . 2010-04-25 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-24 23:12 . 2010-04-24 23:11 61696 ----a-w- c:\users\Mohna\AppData\Local\asam.exe
2010-04-24 23:11 . 2010-04-24 23:11 61696 ----a-w- c:\users\Mohna\AppData\Local\syssvc.exe
2010-04-24 23:08 . 2010-04-24 23:08 -------- d-----w- c:\users\Mohna\AppData\Local\tarhowcaa
2010-04-24 00:14 . 2010-04-24 00:14 -------- d-----w- c:\users\Mohna\AppData\Local\avG
2010-04-24 00:14 . 2010-04-24 00:14 -------- d-----w- c:\programdata\avG
2010-04-24 00:13 . 2010-04-24 00:13 -------- d-----w- c:\users\Mohna\AppData\Roaming\24174809A31F690B8A343C4C0AF43F1F
2010-04-14 02:41 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 02:41 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 02:41 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 02:41 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 02:41 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 02:41 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 02:40 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 02:40 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 02:40 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 02:40 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-14 02:40 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-04-14 02:40 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-14 00:39 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 00:18 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-02 18:27 . 2010-04-02 18:19 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-02 18:27 . 2010-04-02 18:17 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-02 18:27 . 2010-04-02 18:27 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-02 18:26 . 2010-04-02 18:26 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-02 18:26 . 2010-04-02 18:26 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-02 18:26 . 2010-04-02 18:26 57677 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-04-02 18:24 . 2010-04-07 12:50 -------- d-----w- c:\users\Mohna\AppData\Roaming\DivX
2010-04-02 18:22 . 2010-04-02 18:22 84035 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-02 18:22 . 2010-04-02 18:22 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-02 18:22 . 2010-04-02 18:22 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-02 18:22 . 2010-04-02 18:22 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-02 18:22 . 2010-04-02 18:22 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-02 18:20 . 2010-04-02 18:20 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-02 18:20 . 2010-04-02 18:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-02 18:20 . 2010-04-02 18:20 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-04-02 18:19 . 2010-04-02 18:26 -------- d-----w- c:\program files\DivX
2010-04-02 18:19 . 2010-04-02 18:19 62776 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-02 18:18 . 2010-04-02 18:27 -------- d-----w- c:\programdata\DivX
2010-03-28 07:40 . 2010-03-28 07:41 20846064 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-26 03:53 . 2010-03-26 03:53 -------- d-----w- c:\users\Mohna\AppData\Roaming\Leawo
2010-03-26 03:48 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-03-26 03:48 . 2010-03-26 03:48 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-26 03:47 . 2010-03-26 03:47 -------- d-----w- c:\program files\Leawo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 02:43 . 2008-03-03 04:08 -------- d-----w- c:\users\Mohna\AppData\Roaming\Spare Backup
2010-04-24 23:29 . 2008-04-15 01:16 24634 ----a-w- c:\users\Mohna\AppData\Roaming\wklnhst.dat
2010-04-24 02:21 . 2008-04-20 20:55 -------- d-----w- c:\programdata\Google Updater
2010-04-23 23:00 . 2008-12-14 00:41 -------- d-----w- c:\program files\Norton Security Scan
2010-04-18 19:43 . 2010-03-11 23:41 439816 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-14 23:31 . 2010-01-23 18:53 -------- d-----w- c:\users\Mohna\AppData\Roaming\TuneUpMedia
2010-04-14 18:57 . 2007-11-18 01:40 -------- d-----w- c:\programdata\WildTangent
2010-04-14 08:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-13 20:13 . 2007-11-18 01:35 -------- d-----w- c:\program files\Google
2010-04-02 18:22 . 2008-11-29 02:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-26 16:47 . 2009-10-11 04:35 -------- d-sh--w- c:\users\Mohna\AppData\Roaming\twain32
2010-03-26 00:46 . 2010-03-26 00:46 -------- d-----w- c:\program files\3ivx
2010-03-26 00:46 . 2010-03-26 00:46 -------- d-----w- c:\program files\Flip Video
2010-03-26 00:45 . 2010-03-26 00:45 -------- d-----w- c:\programdata\Flip Video
2010-03-12 07:42 . 2010-03-12 07:42 8405312 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-12 07:42 . 2010-03-12 07:42 149000 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-12 07:42 . 2010-03-12 07:42 10309448 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-12 07:42 . 2010-03-12 07:42 283280 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-12 07:42 . 2010-03-12 07:42 181768 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-12 07:42 . 2010-03-12 07:42 79368 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-12 07:42 . 2010-03-12 07:42 64000 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-12 07:42 . 2010-03-12 07:42 52288 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-12 07:42 . 2010-03-12 07:42 50688 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-12 07:42 . 2010-03-12 07:42 118784 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-12 07:42 . 2010-03-12 07:42 49152 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-09 16:54 . 2010-03-31 00:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50 . 2010-03-31 00:33 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-03-31 00:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-03-31 00:33 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-03-31 00:33 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-03-31 00:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-03-31 00:33 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-04 02:19 . 2009-04-15 21:23 1356 ----a-w- c:\users\Mohna\AppData\Local\d3d9caps.dat
2010-03-03 02:43 . 2010-03-03 02:43 -------- d-----w- c:\program files\RegCure
2010-03-03 02:43 . 2010-03-03 02:43 -------- d-----w- c:\programdata\RegCure
2010-03-01 20:03 . 2008-05-07 20:21 -------- d-----w- c:\users\Naeem\AppData\Roaming\Spare Backup
2010-03-01 19:57 . 2008-05-07 20:20 104008 ----a-w- c:\users\Naeem\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 23:41 . 2009-11-24 06:17 439816 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-24 14:11 . 2008-03-03 04:08 104008 ----a-w- c:\users\Mohna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 23:54 . 2010-03-10 09:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-10 09:01 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-10 09:01 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 16:07 . 2008-03-10 20:58 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe
2010-02-16 16:07 . 2008-03-10 20:58 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-01-28 07:47 . 2010-01-28 07:47 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD3EA.tmp.exe
2010-01-25 12:58 . 2010-02-23 22:19 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-23 22:19 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-23 22:19 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-23 22:19 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-23 22:19 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-23 22:19 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-23 22:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-23 22:19 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:19 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 05:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-04-11 2321600]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"kaaojsou"="c:\users\Mohna\AppData\Local\tarhowcaa\kgqntsktssd.exe" [2010-04-24 272640]
"asam"="c:\users\Mohna\AppData\Local\asam.exe" [2010-04-24 61696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-18 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 185896]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\users\Minna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2008-3-10 106496]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-17 2342912]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2675523129-3664480364-4030225571-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080429.001\IDSvix86.sys [2008-02-13 261680]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-02-13 109616]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-18 04:59]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 06:54]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 06:54]

2010-04-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mohna.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19]

2010-04-23 c:\windows\Tasks\Norton Security Scan for Mohna.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]

2010-04-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-04-25 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-03-03 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Mohna\AppData\Roaming\Mozilla\Firefox\Profiles\rujx6o7t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\users\Mohna\Downloads\components\coFFPlgn.dll
FF - component: c:\users\Mohna\Downloads\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Mohna\AppData\Roaming\Mozilla\Firefox\Profiles\rujx6o7t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\np-mswmp.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\npCouponPrinter.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 22:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5036)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
Completion time: 2010-04-24 22:07:35
ComboFix-quarantined-files.txt 2010-04-25 03:07
ComboFix2.txt 2010-04-25 02:36

Pre-Run: 156,552,335,360 bytes free
Post-Run: 156,497,797,120 bytes free

- - End Of File - - BB59297C186526B9289F023B244F7A12

Hi mnk2595

I see you ran ComboFix twice. This log you posted is the second run. That's OK..... It's late here. I'll post a CFScript tomorrow. We are still not out of the woods yet.

Last edited by Kenny94 on 25th April 2010, 1:44 pm; edited 2 times in total (Reason for editing : Spelling it was late)

Hi mnk2595.....


When does Norton Internet Security expire?

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Run CFScript

• Close any open browsers.
  
• Open Notepad by click start
  
• Click Run
  
• Type notepad into the box and click enter
  
• Notepad will open
  
• Copy and Paste everything from the Code box into Notepad:
  

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.








This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with MBAM.


Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Next

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

In your next reply, please include these log(s):

CFScript.txt
MBAM Log

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

You still there?

Hey Kenny, sorry i haven't been on the computer in the past few days. I'll follow your instructions right now! as for the the norton internet security, im not sure when it expires.

OK mnk2595........

CFscript
ComboFix 10-04-21.01 - Mohna 04/28/2010 19:13:18.3.1 - x86
Microsoft Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.895.318 [GMT -5:00]
Running from: c:\users\Mohna\Downloads\ComboFix.exe
Command switches used :: c:\users\Mohna\Desktop\CFscript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-29 00:22 . 2010-04-29 00:36 -------- d-----w- c:\users\Mohna\AppData\Local\temp
2010-04-29 00:22 . 2010-04-29 00:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-29 00:22 . 2010-04-29 00:22 -------- d-----w- c:\users\Naeem\AppData\Local\temp
2010-04-29 00:22 . 2010-04-29 00:22 -------- d-----w- c:\users\Minna\AppData\Local\temp
2010-04-29 00:22 . 2010-04-29 00:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-25 06:21 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-24 23:12 . 2010-04-24 23:11 61696 ----a-w- c:\users\Mohna\AppData\Local\asam.exe
2010-04-24 23:11 . 2010-04-24 23:11 61696 ----a-w- c:\users\Mohna\AppData\Local\syssvc.exe
2010-04-24 23:08 . 2010-04-27 07:15 -------- d-----w- c:\users\Mohna\AppData\Local\tarhowcaa
2010-04-24 00:14 . 2010-04-24 00:14 -------- d-----w- c:\users\Mohna\AppData\Local\avG
2010-04-24 00:14 . 2010-04-24 00:14 -------- d-----w- c:\programdata\avG
2010-04-24 00:13 . 2010-04-24 00:13 -------- d-----w- c:\users\Mohna\AppData\Roaming\24174809A31F690B8A343C4C0AF43F1F
2010-04-14 02:41 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 02:41 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 02:41 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 02:41 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 02:41 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 02:41 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 02:40 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 02:40 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 02:40 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 02:40 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-14 02:40 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-04-14 02:40 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-14 00:39 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 00:18 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-02 18:24 . 2010-04-07 12:50 -------- d-----w- c:\users\Mohna\AppData\Roaming\DivX
2010-04-02 18:20 . 2010-04-02 18:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-02 18:19 . 2010-04-02 18:26 -------- d-----w- c:\program files\DivX
2010-04-02 18:18 . 2010-04-02 18:27 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 00:39 . 2008-03-03 04:08 -------- d-----w- c:\users\Mohna\AppData\Roaming\Spare Backup
2010-04-28 23:00 . 2008-12-14 00:41 -------- d-----w- c:\program files\Norton Security Scan
2010-04-28 20:57 . 2009-12-16 02:23 -------- d-----w- c:\programdata\Norton
2010-04-28 20:26 . 2008-04-15 01:16 24634 ----a-w- c:\users\Mohna\AppData\Roaming\wklnhst.dat
2010-04-28 06:25 . 2008-04-20 20:55 -------- d-----w- c:\programdata\Google Updater
2010-04-14 23:31 . 2010-01-23 18:53 -------- d-----w- c:\users\Mohna\AppData\Roaming\TuneUpMedia
2010-04-14 18:57 . 2007-11-18 01:40 -------- d-----w- c:\programdata\WildTangent
2010-04-14 08:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-13 20:13 . 2007-11-18 01:35 -------- d-----w- c:\program files\Google
2010-04-02 18:22 . 2008-11-29 02:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-26 16:47 . 2009-10-11 04:35 -------- d-sh--w- c:\users\Mohna\AppData\Roaming\twain32
2010-03-26 03:53 . 2010-03-26 03:53 -------- d-----w- c:\users\Mohna\AppData\Roaming\Leawo
2010-03-26 03:48 . 2010-03-26 03:48 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-26 03:47 . 2010-03-26 03:47 -------- d-----w- c:\program files\Leawo
2010-03-26 00:46 . 2010-03-26 00:46 -------- d-----w- c:\program files\3ivx
2010-03-26 00:46 . 2010-03-26 00:46 -------- d-----w- c:\program files\Flip Video
2010-03-26 00:45 . 2010-03-26 00:45 -------- d-----w- c:\programdata\Flip Video
2010-03-09 16:54 . 2010-03-31 00:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50 . 2010-03-31 00:33 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-03-31 00:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:48 . 2010-03-31 00:33 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-03-31 00:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-03-31 00:33 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-04 02:19 . 2009-04-15 21:23 1356 ----a-w- c:\users\Mohna\AppData\Local\d3d9caps.dat
2010-03-03 02:43 . 2010-03-03 02:43 -------- d-----w- c:\program files\RegCure
2010-03-03 02:43 . 2010-03-03 02:43 -------- d-----w- c:\programdata\RegCure
2010-03-01 20:03 . 2008-05-07 20:21 -------- d-----w- c:\users\Naeem\AppData\Roaming\Spare Backup
2010-03-01 19:57 . 2008-05-07 20:20 104008 ----a-w- c:\users\Naeem\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:11 . 2008-03-03 04:08 104008 ----a-w- c:\users\Mohna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 23:54 . 2010-03-10 09:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-10 09:01 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-10 09:01 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 05:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-04-11 2321600]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"asam"="c:\users\Mohna\AppData\Local\asam.exe" [2010-04-24 61696]
"NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2010-04-12 1808752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-18 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 185896]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\users\Minna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2008-3-10 106496]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-17 2342912]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2675523129-3664480364-4030225571-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080429.001\IDSvix86.sys [2008-02-13 261680]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-02-13 109616]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-04-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-18 04:59]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 06:54]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 06:54]

2010-04-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mohna.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19]

2010-04-28 c:\windows\Tasks\Norton Security Scan for Mohna.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]

2010-04-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-04-29 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-03-03 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Mohna\AppData\Roaming\Mozilla\Firefox\Profiles\rujx6o7t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\users\Mohna\Downloads\components\coFFPlgn.dll
FF - component: c:\users\Mohna\Downloads\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Mohna\AppData\Roaming\Mozilla\Firefox\Profiles\rujx6o7t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\np-mswmp.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\npCouponPrinter.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 19:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5636)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\RacAgent.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-04-28 19:50:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-29 00:49
ComboFix2.txt 2010-04-25 03:07
ComboFix3.txt 2010-04-25 02:36

Pre-Run: 147,663,335,424 bytes free
Post-Run: 147,861,331,968 bytes free

- - End Of File - - 39390AC760966ABFE3E38211DEF6B7A2



MBAM log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4049

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

4/28/2010 8:17:45 PM
mbam-log-2010-04-28 (20-17-45).txt

Scan type: Quick scan
Objects scanned: 125354
Time elapsed: 12 minute(s), 6 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Users\Mohna\AppData\Local\asam.exe (Trojan.FakeAlert) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Mohna\AppData\Local\ave.exe" /START "C:\Users\Mohna\Downloads\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Mohna\AppData\Local\asam.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Mohna\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

How are things now?

pretty good, actually! except for this pop-up i keep getting that says "xvidcore.dll not found" but im pretty sure that has nothing to with the virus haha.

You need to add the download file to your

C:\Windows\System32/folder

http://rapidshare.com/files/382658426/xvidcore.dll.html

Download free user download to your Desktop. Then copy the Dill file to your C:\Windows\System32/folder

Let me know how it goes?

i think the virus is back...........

I received your PM. You never replied back? What happen?

i thought that the whole process was over with and the virus was completely gone. i guess not! haha. expect its not as bad as last time-the computer isnt shutting down, and the pop-ups are less frequent.

Update Run Malwarebytes

• Launch Malwarebytes' Anti-Malware
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

I cant launch Malware...
when i try, this shows up, "Application cannot be executed. The file ieuser.exe is infected. Do you want to activate your antivirus software now?"

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
   
2. rkill.com
   
3. rkill.scr
   
4. rkill.pif
   
5. WiNlOgOn.exe
   
6. uSeRiNiT.exe
   

Please post the log in your next reply.


Once you've gotten one of them to run then try to immediately run the following:


If you continue having problems running rkill.com, you can download:

iExplore.exe or eXplorer.exe

which are renamed copies of rkill.com, and try them instead.

Then Update Run Malwarebytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4049

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

5/22/2010 7:23:59 PM
mbam-log-2010-05-22 (19-23-59).txt

Scan type: Quick scan
Objects scanned: 125425
Time elapsed: 10 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ihilxwdt (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Mohna\AppData\Local\jojkqmfes\emxibgrtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Users\Mohna\AppData\Local\temp\0.09560655268695362.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Mohna\AppData\Local\temp\0.46777237458080034.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  
  
  • DDS.scr
    
  • DDS.pif
    
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool.
  
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
  
• Save both reports to your desktop.
  
• The instructions here ask you to attach the Attach.txt.
  
  
  
• Instead of attaching, please copy/past both logs into your Thread
  
  
• Close the program window, and delete the program from your desktop.
  

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt