Need help with removal of Trojan.Alert!

[ksmell]

Merged 4 post

Like so many others, after malwarebytes got rid of some, but not all of, Trojan.Alert, I need help with finishing the job! DDS logs to follow.

My DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421

Run by Kevin at 19:16:29 on 2012-04-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4062 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe

C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

LSP: mswsock.dll

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://proactive.pcproblems.com/inc/kaxRemote.dll

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.2.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.leagueathletics.com/XUpload.ocx

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1

TCP: Interfaces\{6E861D21-7C6D-48B4-9B99-4CAD1F2888FA} : DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

BHO-X64: AskBar BHO - No File

BHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Defender BHO - No File

BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO-X64: Windows Live Family Safety Browser Helper - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]

R3 BackupReader;BackupReader;C:\Windows\system32\DRIVERS\BackupReader.sys --> C:\Windows\system32\DRIVERS\BackupReader.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]

S2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-04-01 23:02:01 20480 ----a-w- C:\Windows\svchost.exe

2012-04-01 21:58:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-01 21:58:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-01 21:43:39 -------- d-----w- C:\Users\Kevin\AppData\Local\{6C379A22-E92A-4110-8477-95C52261456B}

2012-04-01 21:32:37 767952 ----a-w- C:\Windows\BDTSupport.dll

2012-04-01 21:32:37 70760 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys

2012-04-01 21:32:37 2250704 ----a-w- C:\Windows\PCTBDCore.dll

2012-04-01 21:32:37 1681360 ----a-w- C:\Windows\PCTBDRes.dll

2012-04-01 21:32:37 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2012-04-01 21:32:17 339608 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2012-04-01 21:32:17 145432 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2012-04-01 21:32:15 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys

2012-04-01 21:32:13 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2012-04-01 21:32:09 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-04-01 21:30:25 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2012-04-01 21:30:25 1096688 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2012-04-01 21:30:23 367912 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2012-04-01 21:30:22 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-04-01 21:30:22 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-04-01 21:29:58 -------- d-----w- C:\Users\Kevin\AppData\Roaming\TestApp

2012-04-01 21:29:58 -------- d-----w- C:\ProgramData\PC Tools

2012-04-01 20:17:52 119296 ----a-w- C:\ProgramData\4xG2Ip4t.exe

2012-04-01 20:13:07 -------- d-----we C:\Windows\system64

2012-04-01 04:32:58 -------- d--h--w- C:\Users\Kevin\AppData\Local\{F874F5B1-F8E7-4EAF-AE05-67C2DE3F3E1A}

2012-03-31 23:05:57 -------- d--h--w- C:\Users\Kevin\AppData\Local\{F23ADBEA-3DF0-4328-9549-E2257713AD53}

2012-03-31 23:01:59 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F1DA218A-A862-451D-851F-1B29E69F04B6}\mpengine.dll

2012-03-31 13:47:25 -------- d--h--w- C:\Users\Kevin\AppData\Local\{4ABBDA99-57CA-4488-97B5-6F17042ED1A2}

2012-03-30 23:45:59 -------- d-----w- C:\Program Files (x86)\Sonos

2012-03-30 23:42:27 -------- d--h--w- C:\ProgramData\Sonos

2012-03-30 22:35:51 -------- d--h--w- C:\Program Files\iPod

2012-03-30 22:35:50 -------- d--h--w- C:\Program Files\iTunes

2012-03-30 22:32:03 -------- d--h--w- C:\Users\Kevin\AppData\Local\{F0D57A2B-6B48-426C-8202-A81854CC301D}

2012-03-29 00:35:36 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\2C62.tmp

2012-03-29 00:35:36 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\2C61.tmp

2012-03-21 12:04:44 -------- d--h--w- C:\Users\Kevin\AppData\Local\{52E11D2F-AE7C-4124-9C2F-C11DEE29AF83}

2012-03-21 12:04:33 -------- d--h--w- C:\Users\Kevin\AppData\Local\{48C15C63-7989-4928-ACC3-5A009F2BEFC6}

2012-03-20 22:25:05 -------- d--h--w- C:\Users\Kevin\AppData\Local\{61113938-46DF-450D-9B24-B83FE0099FB0}

2012-03-20 01:34:51 -------- d--h--w- C:\Users\Kevin\AppData\Local\{A3B554DB-6BDB-42CF-989C-26EE7F9334D4}

2012-03-20 01:34:39 -------- d--h--w- C:\Users\Kevin\AppData\Local\{B7507273-6F8C-4D4B-AE65-8AD68DC622DB}

2012-03-14 01:33:41 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 01:33:41 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 01:33:40 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 01:24:56 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-03-14 01:24:56 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-03-14 01:24:53 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-03-14 01:24:53 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-03-13 20:56:03 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-13 20:56:00 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-13 20:56:00 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-13 20:55:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-13 20:55:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-13 20:55:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-13 20:55:28 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-13 20:55:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-13 20:55:28 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-13 20:55:28 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-13 20:54:12 -------- d--h--w- C:\Users\Kevin\AppData\Local\{8725493F-F7A8-4EBC-8770-2AC193BE7B4F}

2012-03-12 21:04:41 -------- d--h--w- C:\Users\Kevin\AppData\Local\{7B14A906-8456-4F94-A4C2-EEC9D962F589}

2012-03-11 23:55:01 -------- d--h--w- C:\Users\Kevin\AppData\Local\{1C1DA138-CF5D-4D65-8EC8-038862550949}

2012-03-10 21:26:28 -------- d--h--w- C:\Users\Kevin\AppData\Local\{EDA02FDC-5E3A-48B1-88F1-240CB6D42423}

2012-03-10 09:26:05 -------- d--h--w- C:\Users\Kevin\AppData\Local\{13F77FB5-27E1-47B5-AD64-882D0F054E0A}

2012-03-10 09:25:54 -------- d--h--w- C:\Users\Kevin\AppData\Local\{C944D723-4541-46F0-AD0D-8A656F48F860}

2012-03-09 21:25:29 -------- d--h--w- C:\Users\Kevin\AppData\Local\{E9867B44-563E-4CCB-877A-8B0F2A547A17}

2012-03-09 09:25:06 -------- d--h--w- C:\Users\Kevin\AppData\Local\{9E78CDF2-6E9D-41C0-91E4-FA0EF4829E30}

2012-03-08 21:24:42 -------- d--h--w- C:\Users\Kevin\AppData\Local\{3F5F6893-E34D-4687-A643-C39C9615B876}

2012-03-08 09:24:19 -------- d--h--w- C:\Users\Kevin\AppData\Local\{9D1985C2-3E85-4828-AEF0-6A25DCCA36E9}

2012-03-07 21:23:55 -------- d--h--w- C:\Users\Kevin\AppData\Local\{4BCE86DF-2FC5-4096-8B37-7622EFFC6BBA}

2012-03-06 20:46:39 -------- d--h--w- C:\Users\Kevin\AppData\Local\{3D0987F5-6019-4476-8B6A-80CF2CB49285}

2012-03-05 21:10:47 -------- d--h--w- C:\Users\Kevin\AppData\Local\{850A6B7C-62FD-4CDE-ABB2-BA86EDC6D516}

2012-03-04 19:12:57 -------- d--h--w- C:\Users\Kevin\AppData\Local\{3F85FDCF-F65A-41A5-9462-DA352586FB79}

2012-03-04 06:34:05 -------- d--h--w- C:\Users\Kevin\AppData\Local\{D441593D-5F88-4E73-8556-E7AB86025CE3}

2012-03-03 15:42:39 -------- d--h--w- C:\Users\Kevin\AppData\Local\{65784FD8-71B4-4E89-91CB-F3642A0C0A8B}

2012-03-03 00:51:27 -------- d--h--w- C:\Users\Kevin\AppData\Local\{FFAC3D15-B2D4-456C-9CA1-D25F1C88798D}

.

==================== Find3M ====================

.

2012-02-23 02:39:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-07 20:55:04 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2012-02-07 20:55:04 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2012-02-07 20:55:04 34688 ----a-w- C:\Windows\System32\LMIport.dll

2012-01-31 12:44:20 279656 ----a-w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 19:25:13.04 ===============

Attach.txt is attached (too long to post)

The Trojan.ZeroAccess Removal Tool from Symantec (easily found via Google) seems to have cleaned my machine from this awful thing. It put up a good fight, but I'm hopefully that I've finally vanquished it! Good luck to all and I hope this has helped some of you.

Attach.txt

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!