Desktop Security 2010, constant spybot registry change pop ups, slow PC

Hey guys. I have had some trouble with Desktop Security 2010 virus, as well as spybot bringing a pop up of registry changes every time i get rid of each pop up, so one after the other constantly. My computer is mega slow also, especially loading. Hijack this log below. Also, tried to run malware bytes, and it freezes everytime.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:45, on 4/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\quicktime\propertypanels\proppanelhelpers.resources\quicktimeresourcesquicktime.exe
c:\program files\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe
c:\program files\internet explorer\windowscustsat.exe
c:\program files\canon\canoscan toolbox ver4.1\cfpapiirsdk.exe
C:\WINDOWS\explorer.exe
c:\docume~1\sharon\locals~1\temp\xiso.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P26 "EPSON Stylus CX6500 Series" /O5 "LPT1:" /M "Stylus CX6500"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Frofoyatu] rundll32.exe "C:\WINDOWS\okaxanetixivum.dll",Startup
O4 - HKLM\..\Run: [iedwIEDW] c:\program files\internet explorer\windowscustsat.exe
O4 - HKLM\..\Run: [mscorrcmscorlib3.0.50106.0] c:\program files\microsoft silverlight\3.0.50106.0\zh-hant\mscorlibmscorlib.exe
O4 - HKLM\..\RunServices: [AdobePreferences27649] c:\program files\adobe\adobe bridge\resources\hu\adobeopener.exe
O4 - HKLM\..\RunServices: [QuickTimeQuickTimeResources] c:\program files\quicktime\propertypanels\proppanelhelpers.resources\quicktimeresourcesquicktime.exe
O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe
O4 - HKLM\..\RunServices: [securitycenterJavaTM] c:\docume~1\sharon\locals~1\temp\xiso.exe
O4 - HKLM\..\RunServices: [cefpixLibrary] c:\program files\canon\canoscan toolbox ver4.1\cfpapiirsdk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Cerberus] C:\WINDOWS\system32\Cerberus\server.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 12312 bytes

Hello.

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a [color=green]Tech Officer. Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.

---

We need to do some diagnostics to get started.

1. Please download Profiles by noahdfear.

• Save it to your desktop.
• Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

• Profiles log (1)
  
• Win32kDiag log (2)
  
• Cheetah log (3)

Thanks!

Profiles:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2016992431-1215912882-2524406388-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Sharon

SystemRoot REG_SZ C:\WINDOWS

Win32:
Running from: C:\Documents and Settings\Sharon\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Sharon\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Cheetah:
Cheetah-Anti-Rogue v1.4.5
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 05/05/2010 - Time: 6:25:43 - Arch.: x86


-- Malware removal tools check --
CCleaner
Trend Micro HijackThis 2.0.2
Malwarebytes' Anti-Malware
SpywareBlaster
SUPERAntiSpyware


-- Known infection --

C:\WINDOWS\system32\dllcache\ndis.sys (HEUR:::Rtk.Agent)(!!The legit C:\WINDOWS\system32\drivers\ndis.sys may be infected!!)


Extra message: Detection only.


EOF

The link doesnt seem to work for me?

Try the same type of thing on http://www.virustotal.com

File ndis.sys received on 2010.05.07 18:44:26 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.07 -
AhnLab-V3 2010.05.07.00 2010.05.06 -
AntiVir 8.2.1.236 2010.05.07 -
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.07 -
Avast 4.8.1351.0 2010.05.07 -
Avast5 5.0.332.0 2010.05.07 -
AVG 9.0.0.787 2010.05.07 -
BitDefender 7.2 2010.05.07 -
CAT-QuickHeal 10.00 2010.05.07 -
ClamAV 0.96.0.3-git 2010.05.07 -
Comodo 4788 2010.05.07 -
DrWeb 5.0.2.03300 2010.05.07 -
eSafe 7.0.17.0 2010.05.06 -
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.07 -
F-Secure 9.0.15370.0 2010.05.07 -
Fortinet 4.1.133.0 2010.05.07 -
GData 21 2010.05.07 -
Ikarus T3.1.1.84.0 2010.05.07 -
Jiangmin 13.0.900 2010.05.07 -
Kaspersky 7.0.0.125 2010.05.07 -
McAfee 5.400.0.1158 2010.05.07 -
McAfee-GW-Edition 2010.1 2010.05.07 -
Microsoft 1.5703 2010.05.07 -
NOD32 5096 2010.05.07 -
Norman 6.04.12 2010.05.07 -
nProtect 2010-05-07.01 2010.05.07 -
Panda 10.0.2.7 2010.05.07 -
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.07 -
Rising 22.46.04.04 2010.05.07 -
Sophos 4.53.0 2010.05.07 -
Sunbelt 6275 2010.05.07 -
Symantec 20091.2.0.41 2010.05.07 -
TheHacker 6.5.2.0.277 2010.05.07 -
TrendMicro 9.120.0.1004 2010.05.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.07 -
VBA32 3.12.12.4 2010.05.06 -
ViRobot 2010.5.7.2306 2010.05.07 -
VirusBuster 5.0.27.0 2010.05.07 -
Additional information
File size: 182912 bytes
MD5 : 558635d3af1c7546d26067d5d9b6959e
SHA1 : de08d6d587fe19ce3c61a1cf3773158df212dbe8
SHA256: 8c1802908df35e442575969d29f4b22019a2b3e4c309b8e193f98f75ae81f013
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x39205
timedatestamp.....: 0x41107EC3 (Wed Aug 4 08:14:27 2004)
machinetype.......: 0x14C (Intel I386)

( 16 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x56F5 0x5700 6.39 b6004a8c408b0b21e9a1c536cb85d2fb
.rdata 0x5B80 0x504 0x580 5.22 efaf608cc1de7c48ceeb626a5ec8b2ca
.data 0x6100 0xA78 0xA80 0.86 ea828843870721d869d5e7c2d84b0657
PAGENPNP 0x6B80 0xEBEA 0xEC00 6.45 a8f9836f5ef6c554ffe1fb8e25897b66
PAGENDSP 0x15780 0x362D 0x3680 6.34 75a532ac9d1ba34f90b6974b6c1f8097
PAGENDSM 0x18E00 0x5D38 0x5D80 6.45 f3f298c4e666be42c6a370b6b48aed7c
PAGENDCO 0x1EB80 0x2676 0x2680 6.34 a260fd98d0d457154a8dab4d5b2af428
PAGENDSF 0x21200 0x18DC 0x1900 6.34 5180eb7c032c602620c53f183c3e3278
PAGENDSE 0x22B00 0x12A4 0x1300 6.27 a3aeaa5c6c6eb6d0b08c83df610bcfad
PAGENDST 0x23E00 0xD7D 0xD80 6.49 630fe1c563b0501350a171c74ba16328
PAGENDSA 0x24B80 0x10C6 0x1100 6.35 3b356da77767b8b8c67a65fe1672dd16
.edata 0x25C80 0x2559 0x2580 5.53 7356411e31a166b5148cd2afd5c24cdf
PAGE 0x28200 0xF98 0x1000 5.35 56b98d3d77aa6b57e54eec9dd2bfe9f5
INIT 0x29200 0x1D14 0x1D80 6.02 8e6257471af10b6bbaad7ef277953a56
.rsrc 0x2AF80 0x3F0 0x400 3.41 d57196926d32725f42e80548c8dca4b1
.reloc 0x2B380 0x16E8 0x1700 6.77 04e5ecb8b0ac760285385494f627f9da

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=558635d3af1c7546d26067d5d9b6959e
ssdeep: 3072:dUPRp0JvUcoAwGydDXFgKHHJldqFV3zljJ1HF7WevjPlzx7Mtk70I9:hyDDX1Hpl4vnZd7YW
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: NDIS 5.1 wrapper driver
original name: NDIS.SYS
internal name: NDIS.SYS
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set

( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: NDIS.SYS, ndis.sys
( Microsoft )

Disc 2438.5: ndis.sysMSDN Disc 2428.4: ndis.sysMSDN Disc 2428.5: ndis.sysMSDN Disc 2428.8: ndis.sysMSDN Disc 2438.7: ndis.sysMSDN Disc 2438.8: ndis.sysMSDN Disc 2439.6: ndis.sysMSDN Disc 2439.7: ndis.sysMSDN Disc 2439.8: ndis.sysMSDN Disc 2440.3: ndis.sysMSDN Disc 2440.4: ndis.sysMSDN Disc 2440.5: ndis.sysMSDN Disc 2441.5: ndis.sysMSDN Disc 2441.6: ndis.sysMSDN Disc 2441.7: ndis.sysMSDN Disc 2442.4: ndis.sysMSDN Disc 2442.6: ndis.sysMSDN Disc 2443.2: ndis.sysMSDN Disc 2443.4: ndis.sysMSDN Disc 2444.3: ndis.sysMSDN Disc 2444.3: ndis.sysMSDN Disc 2444.4: ndis.sysMSDN Disc 2444.6: ndis.sysMSDN Disc 2455.6: ndis.sysMSDN Disc 2464.5: ndis.sysMSDN Disc 2465.4: ndis.sysMSDN Disc 2465.5: ndis.sysMSDN Disc 2466.2: ndis.sysMSDN Disc 2466.4: ndis.sysMSDN Disc 2476.2: ndis.sysMSDN Disc 2476.4: ndis.sysMSDN Disc 2477.2: ndis.sysOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: ndis.sysVirtual PC for Mac Windows XP Home Edition: ndis.sysVirtual PC for Mac Windows XP Professional Edition: ndis.sys

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ComboFix 10-05-09.04 - Sharon 10/05/2010 20:35:13.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.689 [GMT 10:00]
Running from: c:\documents and settings\Sharon\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Sharon\LOCALS~1\Temp\svchost.exe
c:\documents and settings\Sharon\Application Data\Desktop Security 2010
c:\documents and settings\Sharon\Application Data\Desktop Security 2010\Desktop Security 2010.exe
c:\documents and settings\Sharon\Application Data\Desktop Security 2010\mfc71.dll
c:\documents and settings\Sharon\Application Data\Desktop Security 2010\MFC71ENU.DLL
c:\documents and settings\Sharon\Application Data\Desktop Security 2010\msvcp71.dll
c:\documents and settings\Sharon\Application Data\Desktop Security 2010\msvcr71.dll
c:\documents and settings\Sharon\Application Data\Desktop Security 2010\securitycenter.exe
c:\documents and settings\Sharon\Application Data\Desktop Security 2010\securityhelper.exe
c:\documents and settings\Sharon\Application Data\Desktop Security 2010\taskmgr.dll
c:\documents and settings\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\documents and settings\Sharon\Start Menu\Programs\Desktop Security 2010
c:\documents and settings\Sharon\Start Menu\Programs\Desktop Security 2010.lnk
c:\documents and settings\Sharon\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
c:\documents and settings\Sharon\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
c:\documents and settings\Sharon\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
c:\documents and settings\Sharon\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
c:\windows\kbsadesn.dll
c:\windows\okaxanetixivum.dll
c:\windows\system32\Cerberus
c:\windows\system32\Cerberus\logs.dat
c:\windows\system32\Cerberus\plugin.dat
c:\windows\system32\Cerberus\server.exe

Infected copy of c:\windows\system32\drivers\rasacd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-03 22:44 . 2010-05-03 22:44 -------- d-----w- c:\program files\Trend Micro
2010-04-26 13:23 . 2010-04-26 13:23 -------- d-----w- c:\program files\Common Files\Motorola Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 10:53 . 2006-12-28 18:46 -------- d-----w- c:\documents and settings\Sharon\Application Data\AVG7
2010-05-10 10:53 . 2007-01-12 16:20 -------- d-----w- c:\documents and settings\Sharon\Application Data\OpenOffice.org2
2010-05-10 10:34 . 2010-02-14 01:07 120 ----a-w- c:\windows\Gpavewizutero.dat
2010-05-10 10:34 . 2010-02-14 01:07 0 ----a-w- c:\windows\Vravuwafonu.bin
2010-05-03 22:37 . 2010-02-04 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-03 21:07 . 2010-02-21 06:18 50354 ----a-w- c:\documents and settings\Sharon\Application Data\Facebook\uninstall.exe
2010-05-03 21:07 . 2010-02-21 06:17 -------- d-----w- c:\documents and settings\Sharon\Application Data\Facebook
2010-04-27 10:18 . 2007-07-23 08:09 -------- d-----w- c:\documents and settings\Sharon\Application Data\uTorrent
2010-04-26 13:06 . 2010-04-26 13:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-04-26 13:06 . 2010-04-26 13:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-03-28 09:12 . 2009-12-02 13:33 79488 ----a-w- c:\documents and settings\Sharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-13 07:55 . 2010-03-13 07:55 -------- d-----w- c:\program files\FLV Player
2010-03-11 12:38 . 2006-12-18 21:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-12-18 21:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-12-18 21:49 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-12-18 21:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Sharon\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2006-12-18 21:49 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 21:12 . 2010-02-17 21:12 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-16 13:19 . 2006-12-18 21:49 2181376 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2006-12-18 21:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2006-12-18 21:49 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-10-01 23:00 . 2006-12-28 17:38 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-12 1961984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-07 2012912]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-17 579584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888]
"EPSON Stylus CX6500 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE" [2004-03-01 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-05-30 520192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AdobePreferences27649"="c:\program files\adobe\adobe bridge\resources\hu\adobeopener.exe" [2010-05-03 153088]
"QuickTimeQuickTimeResources"="c:\program files\quicktime\propertypanels\proppanelhelpers.resources\quicktimeresourcesquicktime.exe" [2010-05-03 153088]
"QuickTimeResourcesQuickTimeResources"="c:\program files\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe" [2010-05-03 153088]
"cefpixLibrary"="c:\program files\canon\canoscan toolbox ver4.1\cfpapiirsdk.exe" [2010-05-03 153088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-29 219136]

c:\documents and settings\Sharon\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-4 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/01/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/01/2010 7:56 AM 66632]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/01/2010 7:56 AM 12872]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19/01/2010 10:14 AM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} -
FF - ProfilePath - c:\documents and settings\Sharon\Application Data\Mozilla\Firefox\Profiles\r5a8gia0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Sharon\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Sharon\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {D0B1E48E-6202-492C-B615-E507C029D47D} - c:\documents and settings\Sharon\Local Settings\Application Data\{D0B1E48E-6202-492C-B615-E507C029D47D}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Cerberus - c:\windows\system32\Cerberus\server.exe
HKLM-Run-Frofoyatu - c:\windows\okaxanetixivum.dll
HKLM-RunServices-securitycenterJavaTM - c:\docume~1\sharon\locals~1\temp\xiso.exe
ActiveSetup-{T5TBB77L-4678-0MKC-421Q-14416031DYU6} - c:\windows\system32\Cerberus\server.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 20:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86896EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75fffc3
\Driver\ACPI -> ACPI.sys @ 0xf7472cb8
\Driver\atapi -> atapi.sys @ 0xf742a7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578086
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578086
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7324bc3
PacketIndicateHandler -> NDIS.sys @ 0xf7330b21
SendHandler -> NDIS.sys @ 0xf7324d33
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Last.fm\LastFM.exe
.
**************************************************************************
.
Completion time: 2010-05-10 21:04:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 11:04
ComboFix2.txt 2010-02-02 05:42

Pre-Run: 65,096,491,008 bytes free
Post-Run: 65,122,664,448 bytes free

- - End Of File - - 72695A0707305E338F7D80BE06B6ACA2

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:



Post a log (MBR.log).

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

I am unable to run malwarebytes, as it freezes halfway through?

Hi

Download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.sys
  %systemroot%\system32\drivers\*.dll
  %systemroot%\system32\drivers\*.ini
  %systemroot%\system32\drivers\*.exe
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  disk.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  usbstor.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    

Everytime i try and reply, my browser comes up with a page cannot be found page

Can you try a different browser to reply?

Does you current browser freeze when you try to send the information?