Google redirect virus 4-19-2012

[markcny]

I've not been able to shake this thing yet, and it seems to bounce back and forth between the chrome browser and Firefox. The redirects all go to Skype.

I've run the Malware updaytes, but still showed up today. I saw another forum for same, but expect these are individual, as I read that it was intended for poster only actions.

I've run the DDS.txt and I'm posting here:

Thanks for your assistance

MarkCNY

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30

Run by Mxxx McQxxxxx at 15:20:16 on 2012-04-19

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.996 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\FingerPrint\FingerPrintService.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

C:\WINDOWS\system32\GEARSEC.EXE

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\java.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\CPQHKey.exe

C:\M_Maestro\MBattery.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\AirPort\APAgent.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Mark McQueeney\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Mark McQueeney\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe

C:\Program Files\FingerPrint\FingerPrint.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Mark McQueeney\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark McQueeney\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark McQueeney\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://us8l.hpwis.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {31CEB1FB-BB70-499F-9E04-1568C5AC2F25} - No File

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll

BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [backupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe

uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"

uRun: [Google Update] "c:\documents and settings\mark mcqueeney\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [MusicManager] "c:\documents and settings\mark mcqueeney\local settings\application data\programs\google\musicmanager\MusicManager.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [srmclean] c:\cpqs\scom\srmclean.exe

mRun: [CPQAPP] CPQHKey.exe

mRun: [setKbd] SetKbd.exe

mRun: [bTCMBattery] c:\m_maestro\MBattery.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [<NO NAME>]

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe

StartupFolder: c:\docume~1\markmc~1\startm~1\programs\startup\codest~1.lnk - c:\program files\codestuff\starter\Starter.exe

StartupFolder: c:\docume~1\markmc~1\startm~1\programs\startup\myprog~1.lnk - c:\program files\fingerprint\FingerPrint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instan~1.lnk - c:\program files\linksys\wpc11 config utility\WPC11Cfg.exe

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: aol.com\free

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {01111C00-3E00-11D2-8470-0060089874ED} - hxxp://help.rr.com/Foundrysdccommon/download/tgctlar.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: DhcpNameServer = 10.0.1.1

TCP: Interfaces\{4DC59B03-1C71-498E-9DC9-8C4451BA9487} : NameServer = 209.18.47.61,209.18.47.62

TCP: Interfaces\{4DC59B03-1C71-498E-9DC9-8C4451BA9487} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

TCP: Interfaces\{C936EC22-7108-4B86-A4B5-1551FD957878} : DhcpNameServer = 24.29.103.10

TCP: Interfaces\{CD9E6092-F9EB-4F05-BB53-2D76290273EF} : DhcpNameServer = 10.0.1.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: byxywxy - byxywxy.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mark mcqueeney\application data\mozilla\firefox\profiles\kc9z1m6t.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://catalog.onlib.org/polaris/logon.aspx?Header=1&src=http://catalog.onlib.org/polaris/default.aspx

FF - component: c:\documents and settings\mark mcqueeney\application data\mozilla\firefox\profiles\kc9z1m6t.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll

FF - component: c:\documents and settings\mark mcqueeney\application data\mozilla\firefox\profiles\kc9z1m6t.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\mark mcqueeney\application data\mozilla\firefox\profiles\kc9z1m6t.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\documents and settings\mark mcqueeney\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\mark mcqueeney\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\mark mcqueeney\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-19 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-19 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-19 656320]

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2004-5-6 4064]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]

R2 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start --> c:\program files\fingerprint\FingerPrintService.exe -start [?]

R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2010-11-10 66944]

R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2003-8-15 68480]

S1 DVDHlp;DVDHlp Driver;c:\windows\system32\drivers\dvdhlp.sys --> c:\windows\system32\drivers\DVDHlp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 chimou2k;WHEEL MOUSE PS2 MOUSE Filter Driver;c:\windows\system32\drivers\bcm8042p.sys [2005-5-31 4428]

S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-19 366840]

S3 sdcoreservice;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-19 1145304]

S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 38272]

S3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-9-6 120152]

S3 WPC11;Instant Wireless Network PC Card V3.0 Driver;c:\windows\system32\drivers\LSWLNDS.sys [2004-5-15 54083]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-2-19 249616]

S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-2-19 70536]

.

=============== Created Last 30 ================

.

2012-04-19 16:53:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-19 16:53:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2012-03-29 16:36:10 -------- d-----w- c:\program files\iPod

2012-03-29 16:35:39 -------- d-----w- c:\program files\iTunes

2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

.

==================== Find3M ====================

.

2012-03-01 01:25:04 832512 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 01:25:03 78336 ----a-w- c:\windows\system32\ieencode.dll

2012-03-01 01:25:03 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2012-03-01 01:25:03 17408 ----a-w- c:\windows\system32\corpol.dll

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-24 21:57:08 838144 ----a-w- c:\windows\system32\chtbrkr.dll

2012-02-24 21:57:01 1677824 ----a-w- c:\windows\system32\chsbrkr.dll

2012-02-24 21:56:05 9216 ----a-w- c:\windows\system32\kbdnecAT.dll

2012-02-24 21:56:05 7680 ----a-w- c:\windows\system32\kbdnecNT.dll

2012-02-24 21:56:05 7168 ----a-w- c:\windows\system32\kbdnec95.dll

2012-02-24 21:56:05 70656 ----a-w- c:\windows\system32\korwbrkr.dll

2012-02-24 21:55:38 1875968 ----a-w- c:\windows\system32\msir3jp.lex

2012-02-24 21:55:27 98304 ----a-w- c:\windows\system32\msir3jp.dll

2012-02-24 21:54:00 6144 ----a-w- c:\windows\system32\kbd101a.dll

2012-02-24 21:52:54 6656 ----a-w- c:\windows\system32\c_is2022.dll

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 15:22:18.79 ===============

[CatByte]

Hi,

Please do the following:

Please download TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• when the window opens, click on Change Parameters
  
• under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  
• click OK
  
• Press Start Scan
  
  • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    
  • Then click Continue > Reboot now
    

  [*]Copy and paste the log in your next reply

  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    

NEXT

• Please download aswMBR.exe and save it to your desktop.
  
• Double click aswMBR.exe to start the tool.
  
• When asked if you want to download Avast's virus definitions please select Yes.
  
• Click Scan
  
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

[markcny]

Thanks, CatByte-

[markcny]

After scanning, I skip, press continue, but no option to reboot comes up, only back to menu to scan.

The log of the scan reads: Skipped by user sptd (LockedFile.Multi.Generic)

[CatByte]

ok, that's fine, please move on to aswMBR

[markcny]

from this morning:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-19 22:04:18

-----------------------------

22:04:18.296 OS Version: Windows 5.1.2600 Service Pack 3

22:04:18.296 Number of processors: 1 586 0x209

22:04:18.312 ComputerName: HP7010LAPTOP UserName:

22:04:20.000 Initialize success

22:09:59.671 AVAST engine defs: 12041901

06:48:08.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

06:48:08.718 Disk 0 Vendor: WDC_WD2500BEVE-00WZT0 01.01A01 Size: 238475MB BusType: 3

06:48:08.750 Disk 0 MBR read successfully

06:48:08.750 Disk 0 MBR scan

06:48:08.765 Disk 0 unknown MBR code

06:48:08.781 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238439 MB offset 63

06:48:08.796 Disk 0 scanning sectors +488324488

06:48:08.875 Disk 0 scanning C:\WINDOWS\system32\drivers

06:48:31.078 Service scanning

06:48:51.515 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

06:48:57.250 Modules scanning

06:49:07.546 Disk 0 trace - called modules:

06:49:07.593 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys spmm.sys >>UNKNOWN [0x8ab00938]<<

06:49:07.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa64ab8]

06:49:07.984 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> [0x8aa4fe50]

06:49:08.000 5 PCTCore.sys[ba7a1b63] -> nt!IofCallDriver -> \Device\00000081[0x8aaac150]

06:49:08.031 7 ACPI.sys[f786f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aab7d98]

06:49:09.828 AVAST engine scan C:\WINDOWS

06:49:25.546 AVAST engine scan C:\WINDOWS\system32

06:56:06.625 AVAST engine scan C:\WINDOWS\system32\drivers

06:57:02.656 AVAST engine scan C:\Documents and Settings\MM

07:07:15.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MM\Desktop\MBR.dat"

07:07:15.375 The log file has been saved successfully to "C:\Documents and Settings\MM\Desktop\aswMBR.txt"

[CatByte]

Hi,

Please do the following:

Download ComboFix from either of these locations:

Link 1

Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  

• Click on Yes, to continue scanning for malware.
  

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!