Win32 patched.do. Also I cant access Windows updates.

Two Weeks ago our computer was infected with a rogue scanner called antimalware Doctor, We finally got rid of this infection, or so we thought, now our antivirus, AVG, pops up with its resident shield informing us of this Win32 patched.do. The problem it causes, is that it redirects internet explorer to where it wants you to go, usually some site selling something.
If we run AVG, even in safe mode, it dosnt find this virus. If this wasnt enough we noticed yesterday that we cant get windows updates.
Any help would be really appreciated, Thankyou. Jane.

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

• Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:
  
  Reply to this topic with the word BUMP, or
  see this topic.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ComboFix 10-05-11.05 - Jane 12/05/2010 12:59:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.602 [GMT 1:00]
Running from: d:\documents and settings\Jane\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lglvcktf.ini
c:\windows\system32\lmrjsxyb.ini
c:\windows\system32\nqXFeMoq.ini
c:\windows\system32\nqXFeMoq.ini2
c:\windows\system32\PqqsBcdd.ini
c:\windows\system32\PqqsBcdd.ini2
c:\windows\system32\ReadMe.txt
c:\windows\system32\Thumbs.db
d:\documents and settings\Jane\Application Data\9FCCD988C296F345D74A0D7A7CCEE7D5
d:\documents and settings\Jane\Application Data\9FCCD988C296F345D74A0D7A7CCEE7D5\enemies-names.txt
d:\documents and settings\Jane\Application Data\9FCCD988C296F345D74A0D7A7CCEE7D5\lsrslt.ini
d:\documents and settings\Lauren\Application Data\alot
d:\documents and settings\Lauren\Start Menu\Programs\Download programs.url
d:\documents and settings\Lauren\Start Menu\Programs\Games.url
d:\documents and settings\Lauren\Start Menu\Programs\Translator.url
d:\documents and settings\Lauren\Start Menu\Programs\Videos.url
d:\documents and settings\Robert\Application Data\alot

Infected copy of c:\windows\system32\drivers\aic78u2.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-11 09:14 . 2010-05-11 09:14 -------- d-----w- d:\documents and settings\Owner
2010-05-11 08:56 . 2010-05-11 08:56 -------- d-----w- c:\program files\Lavasoft
2010-05-09 11:08 . 2010-05-09 11:08 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE
2010-05-09 10:04 . 2010-05-09 10:05 -------- d-----w- d:\documents and settings\All Users\AdobeTemp
2010-05-05 17:00 . 2010-05-05 17:00 -------- d-----w- d:\documents and settings\Lauren\Local Settings\Application Data\Yahoo!
2010-05-05 13:50 . 2010-05-05 13:50 -------- d-----w- d:\documents and settings\Robert\Application Data\SUPERAntiSpyware.com
2010-05-03 12:54 . 2010-05-03 12:54 -------- d-----w- d:\documents and settings\Jane\Application Data\Malwarebytes
2010-05-03 12:53 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 12:53 . 2010-05-03 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 12:53 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 11:41 . 2010-05-03 11:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-03 09:29 . 2010-05-03 13:04 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ksdwvockk
2010-05-01 16:31 . 2010-05-01 16:31 -------- d-----w- c:\windows\Internet Logs
2010-04-29 18:35 . 2010-04-29 18:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2010-04-29 18:28 . 2010-04-29 18:28 -------- d-----w- c:\program files\Trend Micro
2010-04-22 14:07 . 2010-04-22 14:07 -------- d-----w- d:\documents and settings\Robert\Application Data\Malwarebytes
2010-04-22 13:50 . 2010-04-22 13:50 -------- d-----w- d:\documents and settings\Lauren\Local Settings\Application Data\avG
2010-04-22 13:27 . 2010-04-29 18:35 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-04-22 06:59 . 2010-04-22 06:59 -------- d-----w- d:\documents and settings\Robert\Application Data\CheckPoint
2010-04-21 16:12 . 2010-04-21 16:12 -------- d-----w- d:\documents and settings\Lauren\Application Data\Malwarebytes
2010-04-21 16:12 . 2010-04-21 16:12 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-21 15:18 . 2010-04-21 15:18 -------- d-----w- d:\documents and settings\Lauren\Application Data\CheckPoint
2010-04-21 14:59 . 2010-04-21 14:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-21 14:57 . 2010-04-21 14:57 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-04-21 14:54 . 2010-04-21 14:54 -------- d-----w- d:\documents and settings\Jane\Application Data\CheckPoint
2010-04-21 14:54 . 2010-05-01 16:30 -------- d-----w- c:\program files\CheckPoint
2010-04-21 14:34 . 2010-04-21 14:34 -------- d-----w- d:\documents and settings\All Users\Application Data\avG
2010-04-21 14:34 . 2010-04-21 14:34 -------- d-----w- d:\documents and settings\Jane\Local Settings\Application Data\avG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 12:07 . 2006-01-31 22:45 -------- d-----w- d:\documents and settings\Jane\Application Data\You've Got Pictures Screensaver
2010-05-11 17:58 . 2004-08-10 17:41 55168 ----a-w- c:\windows\system32\drivers\aic78u2.sys
2010-05-11 17:58 . 2004-08-10 17:41 55168 ----a-w- c:\windows\system32\drivers\aic78u2.sys.tmp
2010-05-11 09:14 . 2006-01-12 15:03 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-05-08 08:25 . 2008-07-30 16:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-05 11:31 . 2008-10-08 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-01 07:38 . 2009-11-18 14:29 -------- d-----w- d:\documents and settings\All Users\Application Data\avg9
2010-04-29 20:26 . 2009-01-11 16:29 -------- d-----w- c:\program files\Bonjour
2010-04-22 13:50 . 2006-01-31 19:55 111608 ----a-w- d:\documents and settings\Lauren\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-21 14:54 . 2007-02-03 21:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-21 14:39 . 2009-03-08 13:27 -------- d-----w- c:\program files\BitLord
2010-04-21 09:26 . 2009-03-16 09:27 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-12 09:42 . 2006-01-31 20:43 13804 ----a-w- d:\documents and settings\Robert\Application Data\wklnhst.dat
2010-03-14 11:20 . 2010-03-14 11:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 11:20 . 2008-10-13 14:54 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 11:20 . 2009-03-16 09:27 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2004-08-10 16:38 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 16:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-10 16:37 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-10 16:38 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-03 09:55 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 16:37 100864 ----a-w- c:\windows\system32\6to4svc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-08 2017280]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoCAL Startup.lnk]
backup=c:\windows\pss\PhotoCAL Startup.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-08 16:55 57344 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadbandadvisor.exe]
2007-08-07 17:49 2061552 ----a-w- c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 13:09 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 17:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-05-11 13:48 127118 ----a-w- c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 09:54 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-06-29 13:25 14720000 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2005-06-29 19:09 17605160 ----a-w- c:\apps\skype\phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 15:16 393216 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-22 17:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-03-05 17:36 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
2007-08-16 08:02 1877272 ----a-w- c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44938:TCP"= 44938:TCP:limewire2
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/03/2009 10:27 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/03/2009 10:27 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/04/2010 17:30 68168]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [14/03/2010 12:20 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14/03/2010 12:20 308064]
R2 HPFECP14;HPFECP14;c:\windows\system32\drivers\HPFecp14.sys [25/09/1998 09:54 52800]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2010 13:25 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 06:46 284016]
S3 esuflt30;USB EPSON Filter Driver;c:\windows\system32\drivers\esuflt30.sys [31/01/2006 22:36 52812]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [16/08/2008 18:06 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [16/08/2008 18:06 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [16/08/2008 18:06 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [16/08/2008 18:06 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [16/08/2008 18:06 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [16/08/2008 18:06 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [16/08/2008 18:06 110120]
.
Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 12:24]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 12:24]

2010-05-12 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 09:03]

2008-10-26 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-13 03:19]

2010-05-12 c:\windows\Tasks\User_Feed_Synchronization-{DB6F7DAF-16D6-4395-8363-1CD4E8975879}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

2010-05-12 c:\windows\Tasks\User_Feed_Synchronization-{EE56867D-4EB8-4386-83AC-40BD6EEEDF96}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab
DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-aawservice
MSConfigStartUp--FreedomNeedsReboot - c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe
AddRemove-Ad-Aware SE Plus - c:\progra~1\Norman\NORMAN~1\UNWISE.EXE
AddRemove-Aladdin - c:\progra~1\DISNEY~1\Aladdin\DeIsL1.isu
AddRemove-Disney's Master Mouse Show Time Quiz - c:\progra~1\DISNEY~1\DISNEY~1\DeIsL1.isu
AddRemove-Uninstall Presto! BizCard 4.1 Eng - c:\program files\NewSoft\BizCard 4.1 Eng\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 13:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1448)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-05-12 13:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-12 12:17

Pre-Run: 5,613,793,280 bytes free
Post-Run: 5,524,774,912 bytes free

- - End Of File - - E8C78E63CFBAABCF3F380AAB5AEB3E4E

After running this combofix, It appears that windows updates is now working, It would be great if the virus was gone as well. Thankyou.Jane :smile2:

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4095

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/05/2010 09:05:42
mbam-log-2010-05-13 (09-05-42).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 350217
Time elapsed: 1 hour(s), 13 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Jay I cant get this programme to download, I get to the yes I accept terms of use, but then it all freezes and the whole web disappears with an internet explorer error page??

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\aic78u2.sys.vir Infected: Rootkit.Win32.TDSS.ap 1

C:\WINDOWS\system32\drivers\aic78u2.sys.tmp Infected: Rootkit.Win32.TDSS.ap 1

D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\31\1b6fabdf-147ae323 Infected: Exploit.Java.Agent.a 1

D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\31\1b6fabdf-147ae323 Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-5791ef40 Infected: Exploit.Java.Agent.f 1

D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\52\548f4374-36d81d59 Infected: Trojan-Downloader.Java.Agent.bu 3

D:\Documents and Settings\Lauren\My Documents\My Music(also on EHD)\can i sit next to you girl.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1

D:\Documents and Settings\Lauren\My Documents\My Received Files\LimeWire Pro 4.18.3.1.zip Infected: Trojan.Win32.Chifrax.d 1

Selected area has been scanned.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

I still cant upload ESET, i just get a blue screen, could avg be blocking it??

Probably.

Please run a full scan with AVG, then if you can, tell me the results, or take a screenshot and upload them.

Hi Jay,When about to scan on avg,I realized that the "scan hidden archives " wasnt checked. The scan then found the infections listed in the log, they were put the virus vault. This morning avg did a scheduled scan and it found more of the win32 patched. ???I can still access Windows updates and the internet seems to be behaving.
I will post the second scan on a second post as it is rather large.

Scan "Scan whole computer" was finished.
Infections;"7";"5";"2"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"16 May 2010, 16:51:34"
Scan finished:;"16 May 2010, 18:03:59 (1 hour(s) 12 minute(s) 25 second(s))"
Total object scanned:;"658407"
User who launched the scan:;"Jane"

Infections
File;"Infection";"Result"
D:\Documents and Settings\Lauren\My Documents\My Received Files\LimeWire Pro 4.18.3.1.zip:\LimeWire Pro 4.18.3.1\LimeWireWin.exe;"Trojan horse Generic11.NYH.dropper";"Infected"
D:\Documents and Settings\Lauren\My Documents\My Received Files\LimeWire Pro 4.18.3.1.zip;"Trojan horse Generic11.NYH.dropper";"Infected"
D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-5791ef40:\vmain.class;"Trojan horse Java/Downloader.N";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-5791ef40:\________vload.class;"Trojan horse Java/Downloader.O";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-5791ef40;"Trojan horse Java/Downloader.O";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\43\556445eb-528d0eeb:\vmain.class;"Trojan horse Java/Downloader.P";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Application Data\Sun\Java\Deployment\cache\6.0\43\556445eb-528d0eeb;"Trojan horse Java/Downloader.P";"Moved to Virus Vault"

The second scan..

Scan "Scheduled scan" was finished.
Infections;"12";"12";"0"
Warnings;"124";"124";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"17 May 2010, 09:00:02"
Scan finished:;"17 May 2010, 10:16:49 (1 hour(s) 16 minute(s) 47 second(s))"
Total object scanned:;"657870"
User who launched the scan:;"SYSTEM"

Infections
File;"Infection";"Result"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP809\A0215047.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP809\A0214886.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP804\A0214689.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP804\A0214638.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP804\A0214613.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP804\A0214610.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP804\A0214582.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP804\A0214519.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP799\A0213365.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP799\A0213364.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP799\A0213363.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP799\A0213327.sys;"Virus identified Win32/Patched.DO";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
D:\Documents and Settings\Robert\Cookies\robert@tradedoubler[1].txt:\tradedoubler.com.f4648305;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tradedoubler[1].txt:\tradedoubler.com.ef90aa95;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tradedoubler[1].txt:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tradedoubler[1].txt:\tradedoubler.com.dc3c9994;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tradedoubler[1].txt:\tradedoubler.com.ba12c0e9;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tradedoubler[1].txt:\tradedoubler.com.adc507fa;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tradedoubler[1].txt;"Found Tracking cookie.Tradedoubler";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@tacoda[2].txt:\tacoda.net.ed9c50d1;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tacoda[2].txt:\tacoda.net.cd7ce44f;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tacoda[2].txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tacoda[2].txt:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tacoda[2].txt:\tacoda.net.4366831a;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tacoda[2].txt:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@tacoda[2].txt;"Found Tracking cookie.Tacoda";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@statse.webtrendslive[1].txt:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@statse.webtrendslive[1].txt;"Found Tracking cookie.Webtrendslive";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@serving-sys[1].txt:\serving-sys.com.db46cecc;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@serving-sys[1].txt:\serving-sys.com.ac41fe5a;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@serving-sys[1].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@serving-sys[1].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@serving-sys[1].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@serving-sys[1].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt:\revsci.net.f0067737;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt:\revsci.net.b9b08de6;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt:\revsci.net.b8d48360;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt:\revsci.net.50e13b1b;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt:\revsci.net.1b0ad186;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt:\revsci.net.18a1d1b2;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@revsci[1].txt;"Found Tracking cookie.Revsci";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@questionmarket[2].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@questionmarket[2].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@questionmarket[2].txt;"Found Tracking cookie.Questionmarket";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@mediaplex[1].txt:\mediaplex.com.dc30fb3c;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@mediaplex[1].txt:\mediaplex.com.323e9a10;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@m.webtrends[1].txt;"Found Tracking cookie.Webtrends";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@fastclick[2].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@fastclick[2].txt:\fastclick.net.94ca190b;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@fastclick[2].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@fastclick[2].txt:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@fastclick[2].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@fastclick[2].txt;"Found Tracking cookie.Fastclick";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@bs.serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@atdmt[1].txt:\atdmt.com.9e6d7fd3;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@atdmt[1].txt:\atdmt.com.74c5668;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@adviva[2].txt:\adviva.net.85256b16;"Found Tracking cookie.Adviva";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@adviva[2].txt:\adviva.net.39ec90c;"Found Tracking cookie.Adviva";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@adviva[2].txt;"Found Tracking cookie.Adviva";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@advertising[2].txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@advertising[2].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@advertising[2].txt:\advertising.com.893d35c2;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@advertising[2].txt:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@advertising[2].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@advertising[2].txt:\advertising.com.1dfa2206;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@advertising[2].txt:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@advertising[2].txt;"Found Tracking cookie.Advertising";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@adtech[1].txt:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@adtech[1].txt;"Found Tracking cookie.Adtech";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@admarketplace[1].txt:\admarketplace.net.61a250a;"Found Tracking cookie.Admarketplace";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@admarketplace[1].txt;"Found Tracking cookie.Admarketplace";"Healed"
D:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Healed"
D:\Documents and Settings\Lauren\Cookies\lauren@mediaplex[2].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@mediaplex[2].txt:\mediaplex.com.dc30fb3c;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@mediaplex[2].txt;"Found Tracking cookie.Mediaplex";"Healed"
D:\Documents and Settings\Lauren\Cookies\lauren@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@atdmt[1].txt:\atdmt.com.9e6d7fd3;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@atdmt[1].txt:\atdmt.com.74c5668;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Healed"
D:\Documents and Settings\Lauren\Cookies\lauren@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Lauren\Cookies\lauren@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Healed"
D:\Documents and Settings\Jane\Cookies\jane@revsci[2].txt:\revsci.net.f0067737;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@revsci[2].txt:\revsci.net.50e13b1b;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@revsci[2].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@revsci[2].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@revsci[2].txt:\revsci.net.1b0ad186;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@revsci[2].txt:\revsci.net.18a1d1b2;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@revsci[2].txt;"Found Tracking cookie.Revsci";"Healed"
D:\Documents and Settings\Jane\Cookies\jane@fastclick[2].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@fastclick[2].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@fastclick[2].txt:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@fastclick[2].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@fastclick[2].txt;"Found Tracking cookie.Fastclick";"Healed"
D:\Documents and Settings\Jane\Cookies\jane@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@atdmt[1].txt:\atdmt.com.9e6d7fd3;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@atdmt[1].txt:\atdmt.com.74c5668;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Healed"
D:\Documents and Settings\Jane\Cookies\jane@advertising[1].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@advertising[1].txt:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@advertising[1].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@advertising[1].txt;"Found Tracking cookie.Advertising";"Healed"
D:\Documents and Settings\Jane\Cookies\jane@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
D:\Documents and Settings\Jane\Cookies\jane@ad.yieldmanager[2].txt;"Found Tracking cookie.Yieldmanager";"Healed"
D:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
D:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Healed"
D:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
D:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Healed"

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4111

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/05/2010 10:57:29
mbam-log-2010-05-18 (10-57-29).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 358445
Time elapsed: 1 hour(s), 16 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic