Please help remove cglogs.dat, XxX.xXx, UuU.uUu

[paley]

Please help me.. I can't seem to find a solution to this virus. I looked at another thread who has a similar problem but I dont know how to solve mine

I only experienced this last night.. i was watching a program on my pc when a window suddenly popped saying something like "VLC will now format your computer"

there was option to click yes or cancel.. something like that.. i clicked cancel... then it popped again now starting to format...i panicked but soon realised. it's a virus.i don't even have vlc on my pc.. pornhub.com suddenly opened on my firefox...., then i closed it.. and it opened again... then it was zootube365.com .then windows kept popping like 25%, then 35% then 88%...

i panicked once more and turned off the pc.. when i turned it on.. firefox immediately opened to pornhub.com again.. then a pop up saying something really lewd.. then another.. then it said something that implied it can see me on my webcam... i panicked more and turned the webcam away.. i'm so afraid.. i ran avg and kaspersky but they found none... i ran malwarebytes and it found cglogs.dat, XxX.xXx, UuU.uUu...

please help me... what shld i do.. it keeps reappearing

[RPMcMurphy]

Hello paley and welcome to Malwarebytes. Please follow these guidelines while we work on your PC:

[*]Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I

[paley]

Thank you so much for your help...RPMcMurphy

now here are the information that you wanted...I Hope i did it correctly...

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Puff at 20:04:28.43 on Fri 08/20/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.979 [GMT 8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Program Files\Globe Telecom\Click Fix\bin\sprtsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Globe Telecom\Click Fix\bin\tgsrvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\Vm_sti.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\gAlwaysIdle\gidle.exe

C:\Program Files\Vtune\TBPANEL.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Puff\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Puff\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Puff\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.igoogle.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [googletalk] c:\users\Puff\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [Google Update] "c:\users\Puff\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [t0J4hMCth3] c:\users\Puff\appdata\local\temp\LLyte.exe

uRun: [sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [bigDogPath] c:\windows\VM_STI.EXE A4 Tech USB PC Camera

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [globe] c:\program files\globe telecom\click fix\bin\sprtcmd.exe /P globe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [gidle] "c:\program files\galwaysidle\gidle.exe"

mRun: [VAcg9sVUjpiNeY] c:\users\Puff\appdata\local\temp\LLyte.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: avgrsstx.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

uASetup: {BLBTN2CL-CFQH-TRYE-NAUG-RZXYLCUMZ5YA} - c:\users\Puff\appdata\local\temp\LLyte.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\Puff\appdata\roaming\mozilla\firefox\profiles\rknfoa3g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\users\Puff\appdata\roaming\mozilla\firefox\profiles\rknfoa3g.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll

FF - component: c:\users\Puff\appdata\roaming\mozilla\firefox\profiles\rknfoa3g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\users\Puff\appdata\roaming\mozilla\firefox\profiles\rknfoa3g.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\users\Puff\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\Puff\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\Puff\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-17 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-17 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-17 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-21 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]

R2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\globe telecom\click fix\bin\sprtsvc.exe [2010-7-20 204672]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-3-16 240232]

R2 tgsrvc_globe;SupportSoft Repair Service (globe);c:\program files\globe telecom\click fix\bin\tgsrvc.exe [2010-7-20 151424]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-19 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-8-18 153736]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-17 1343400]

=============== Created Last 30 ================

2010-08-19 12:32:23 0 d-----w- c:\program files\Trend Micro

2010-08-18 17:51:32 0 d-----w- c:\users\Puff\appdata\roaming\Malwarebytes

2010-08-18 17:51:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-18 17:51:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-18 17:51:25 0 d-----w- c:\programdata\Malwarebytes

2010-08-18 17:51:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-17 17:12:30 0 d-----w- c:\users\Puff\Podcasts

2010-08-17 17:10:07 0 d-----w- c:\program files\common files\Sony Shared

2010-08-17 17:09:48 0 d-----w- c:\programdata\Sony Corporation

2010-08-17 17:09:48 0 d-----w- c:\program files\Sony

2010-08-17 17:06:57 0 d-----w- c:\programdata\Sony Ericsson

2010-08-17 17:06:57 0 d-----w- c:\program files\Sony Ericsson

2010-08-16 15:24:49 1196032 ----a-w- c:\windows\system32\drivers\RemoveWAT.exe

2010-08-12 12:21:18 978432 ----a-w- c:\windows\system32\wininet.dll

2010-08-12 12:21:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-08-12 12:15:26 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-12 12:15:23 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-12 12:14:43 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-12 12:14:43 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-12 12:14:41 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-12 12:14:39 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-08-12 12:14:37 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-12 12:14:37 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-12 12:14:37 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-12 12:14:35 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 12:14:35 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 12:14:09 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-09 12:29:01 0 d-----w- c:\windows\system32\appmgmt

2010-08-08 20:12:48 0 d-----w- C:\Games

2010-08-03 16:57:46 0 d-----w- c:\program files\gAlwaysIdle

2010-08-01 02:56:10 0 d-----w- c:\programdata\ALM

2010-08-01 02:45:15 0 d-----w- c:\programdata\NOS

2010-07-31 13:39:15 921624 ----a-w- c:\windows\00000000.STI

2010-07-31 10:43:25 0 d-----w- c:\users\Puff\Tracing

2010-07-31 10:37:35 0 d-----w- c:\program files\Microsoft

2010-07-31 10:37:21 0 d-----w- c:\program files\Windows Live SkyDrive

2010-07-31 10:36:47 0 d-----w- c:\windows\PCHEALTH

2010-07-31 10:07:28 0 d-----w- c:\program files\common files\Windows Live

2010-07-29 22:15:31 0 d-----w- c:\programdata\LightScribe

2010-07-25 15:15:47 0 d-----w- c:\program files\AtomixMP3

2010-07-25 14:50:11 0 d--h--w- C:\$AVG

2010-07-25 14:34:55 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2010-07-24 01:11:50 0 d-----w- c:\programdata\regid.1986-12.com.adobe

==================== Find3M ====================

2010-08-20 12:04:02 5475 ---ha-w- c:\users\Puff\appdata\roaming\cglogs.dat

2010-08-16 15:25:30 409088 ----a-w- c:\windows\system32\systemcpl.dll

2010-08-16 15:25:30 13824 ----a-w- c:\windows\system32\slwga.dll

2010-07-17 05:15:11 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-17 04:55:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 04:55:05 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 04:55:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-17 02:29:35 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-07-17 01:48:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-07-14 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-06-08 16:10:50 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-06-08 16:10:50 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:04:53.54 ===============

GMER Log

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-20 20:18:39

Windows 6.1.7600

Running: mifgedwf.exe; Driver: C:\Users\Puff\AppData\Local\Temp\kwrcruow.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83048AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83048104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830483F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830312D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830481DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83048958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830486F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83048F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830491A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C61599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C85F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text peauth.sys 9926AC9D 28 Bytes [1E, BA, 55, B4, 28, 52, 4A, ...]

.text peauth.sys 9926ACC1 28 Bytes [1E, BA, 55, B4, 28, 52, 4A, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B1451000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B1451123 32 Bytes [C5, 44, B1, FE, 05, 34, C5, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50D4 B1451144 596 Bytes [44, B1, A0, 34, C5, 44, B1, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 B1451399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F B14513FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3208] USER32.dll!TrackPopupMenu 77294B3B 5 Bytes JMP 6D27721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Users\Puff\AppData\Roaming\Google\Google Talk\googletalk.exe[3712] USER32.dll!GetLastInputInfo + 13 77276D67 4 Bytes [78, 0A, 60, 02]

.text C:\Program Files\Mozilla Firefox\firefox.exe[4212] ntdll.dll!LdrLoadDll 77B8F625 5 Bytes JMP 008113F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!CharToOemA + 3A 7726B1DE 7 Bytes JMP 0039FB50 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!PostMessageW + 2CE 772764F3 7 Bytes JMP 0039FA00 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!SetDlgItemTextA + 25 77288FF6 7 Bytes JMP 0039FB30 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!MessageBoxIndirectA + F5 772BE9BE 7 Bytes JMP 0039FBA0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!MessageBoxIndirectW + 61 772BEA24 7 Bytes JMP 0039FC70 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!MessageBoxExA + 1F 772BEA48 7 Bytes JMP 0039FC20 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Attach.zip

[RPMcMurphy]

paley:

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  
• When finished, it will produce a report for you.
  

.

Please include the following in your next post:

• ComboFix log
  

[paley]

Hello Again!

Here is the Combofix log...

ComboFix 10-08-19.02 - Puff 08/21/2010 8:33.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.993 [GMT 8:00]

Running from: c:\users\Puff\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\users\Puff\AppData\Roaming\cglogs.dat

----- BITS: Possible infected sites -----

hxxp://globebroadbandclickfix.com.ph

.

((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))

.

2010-08-21 00:38 . 2010-08-21 00:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-19 12:32 . 2010-08-19 12:32 388096 ----a-r- c:\users\Puff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-19 12:32 . 2010-08-19 12:32 -------- d-----w- c:\program files\Trend Micro

2010-08-18 17:51 . 2010-08-18 17:51 -------- d-----w- c:\users\Puff\AppData\Roaming\Malwarebytes

2010-08-18 17:51 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-18 17:51 . 2010-08-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-18 17:51 . 2010-08-18 17:51 -------- d-----w- c:\programdata\Malwarebytes

2010-08-18 17:51 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-17 17:13 . 2010-08-17 17:21 -------- d-----w- c:\users\Puff\AppData\Local\Sony

2010-08-17 17:12 . 2010-08-17 17:12 -------- d-----w- c:\users\Puff\Podcasts

2010-08-17 17:10 . 2010-08-17 17:10 -------- d-----w- c:\program files\Common Files\Sony Shared

2010-08-17 17:09 . 2010-08-17 17:09 10134 ----a-r- c:\users\Puff\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe

2010-08-17 17:09 . 2010-08-17 17:09 -------- d-----w- c:\users\Puff\AppData\Local\Downloaded Installations

2010-08-17 17:09 . 2010-08-17 17:10 -------- d-----w- c:\program files\Sony

2010-08-17 17:09 . 2010-08-17 17:09 -------- d-----w- c:\programdata\Sony Corporation

2010-08-17 17:08 . 2010-08-17 17:12 -------- d-----w- c:\users\Puff\AppData\Roaming\Sony

2010-08-17 17:06 . 2010-08-17 17:06 -------- d-----w- c:\programdata\Sony Ericsson

2010-08-17 17:06 . 2010-08-17 17:06 -------- d-----w- c:\program files\Sony Ericsson

2010-08-16 15:24 . 2010-08-16 15:24 1196032 ----a-w- c:\windows\system32\drivers\RemoveWAT.exe

2010-08-12 21:24 . 2010-08-12 21:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2010-08-12 21:22 . 2010-08-12 21:22 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2010-08-12 21:21 . 2010-08-12 21:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2010-08-12 12:21 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll

2010-08-12 12:15 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-12 12:15 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-12 12:14 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-12 12:14 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-12 12:14 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-12 12:14 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-08-12 12:14 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-12 12:14 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-12 12:14 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-12 12:14 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 12:14 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 12:14 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-08 20:12 . 2010-08-09 12:29 -------- d-----w- C:\Games

2010-08-08 19:58 . 2010-08-08 19:58 -------- d-----w- c:\users\Puff\AppData\Local\DOSBox

2010-08-03 16:57 . 2010-08-03 16:57 -------- d-----w- c:\program files\gAlwaysIdle

2010-08-01 18:28 . 2010-08-01 18:28 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-08-01 03:20 . 2010-08-01 03:20 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe

2010-08-01 02:56 . 2010-08-01 02:56 -------- d-----w- c:\programdata\ALM

2010-08-01 02:54 . 2010-08-01 02:54 -------- d-----w- c:\program files\Adobe Media Player

2010-08-01 02:45 . 2010-08-15 09:59 -------- d-----w- c:\programdata\NOS

2010-07-31 10:43 . 2010-08-20 14:20 -------- d-----w- c:\users\Puff\Tracing

2010-07-31 10:37 . 2010-08-02 12:34 -------- d-----w- c:\program files\Microsoft Silverlight

2010-07-31 10:37 . 2010-07-31 10:37 -------- d-----w- c:\program files\Microsoft

2010-07-31 10:37 . 2010-07-31 10:37 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-07-31 10:37 . 2010-07-31 10:37 -------- d-----w- c:\program files\Windows Live

2010-07-31 10:36 . 2010-07-31 10:36 -------- d-----w- c:\windows\PCHEALTH

2010-07-31 10:07 . 2010-07-31 10:07 -------- d-----w- c:\program files\Common Files\Windows Live

2010-07-29 22:15 . 2010-07-29 22:15 -------- d-----w- c:\programdata\LightScribe

2010-07-25 15:15 . 2010-07-25 15:15 -------- d-----w- c:\program files\AtomixMP3

2010-07-25 14:50 . 2010-07-25 14:50 -------- d-----w- C:\$AVG

2010-07-25 14:37 . 2010-07-25 14:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2010-07-25 14:36 . 2010-07-25 14:36 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2010-07-25 14:35 . 2010-07-25 14:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2010-07-25 14:35 . 2010-07-25 15:16 -------- d-----w- c:\users\Puff\AppData\Roaming\Audacity

2010-07-25 14:34 . 2010-07-25 14:34 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-07-25 14:34 . 2010-07-25 14:34 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2010-07-24 01:35 . 2010-08-18 16:03 188152 ----a-w- c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\FlashGot.exe

2010-07-24 01:11 . 2010-08-01 03:06 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2010-07-24 01:06 . 2010-08-01 03:32 -------- d-----w- c:\program files\Common Files\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-21 00:38 . 2010-07-17 02:27 -------- d-----w- c:\users\Puff\AppData\Roaming\Skype

2010-08-21 00:29 . 2010-07-17 03:21 -------- d-----w- c:\users\Puff\AppData\Roaming\BitTorrent

2010-08-21 00:28 . 2010-07-20 15:57 0 ----a-w- c:\users\Puff\AppData\Local\prvlcl.dat

2010-08-21 00:19 . 2010-07-17 02:29 -------- d-----w- c:\users\Puff\AppData\Roaming\skypePM

2010-08-20 16:04 . 2010-07-17 11:36 -------- d-----w- c:\users\Puff\AppData\Roaming\Media Player Classic

2010-08-20 14:20 . 2010-07-16 10:43 -------- d-----w- c:\programdata\NVIDIA

2010-08-17 17:06 . 2010-07-16 10:32 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-16 15:25 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll

2010-08-16 15:25 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll

2010-08-15 00:44 . 2010-07-19 17:19 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-15 00:43 . 2010-07-19 17:19 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-14 23:18 . 2010-07-17 11:57 -------- d-----w- c:\program files\iTunes

2010-07-26 11:36 . 2010-07-17 11:57 -------- d-----w- c:\users\Puff\AppData\Roaming\Apple Computer

2010-07-24 07:23 . 2010-07-17 02:27 -------- d-----w- c:\program files\Google

2010-07-24 01:11 . 2010-07-16 11:23 57560 ----a-w- c:\users\Puff\AppData\Local\GDIPFONTCACHEV1.DAT

2010-07-20 14:10 . 2010-07-20 14:10 -------- d-----w- c:\program files\Common Files\SupportSoft

2010-07-20 14:10 . 2010-07-20 14:10 -------- d-----w- c:\programdata\SupportSoft

2010-07-20 14:10 . 2010-07-20 14:10 -------- d-----w- c:\program files\Globe Telecom

2010-07-19 17:19 . 2010-07-19 17:19 -------- d-----w- c:\users\Puff\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

2010-07-19 17:19 . 2010-07-19 17:19 -------- d-----w- c:\program files\TweetDeck

2010-07-19 17:14 . 2010-07-19 17:19 53632 ----a-w- c:\users\Puff\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-07-18 13:04 . 2010-07-18 13:03 -------- d-----w- c:\programdata\WinZip

2010-07-18 13:04 . 2010-07-18 13:04 -------- d-----w- c:\users\Puff\AppData\Roaming\IrfanView

2010-07-18 13:04 . 2010-07-18 13:04 -------- d-----w- c:\program files\IrfanView

2010-07-17 13:34 . 2010-07-17 13:34 -------- d-----w- c:\programdata\Soulseek

2010-07-17 13:33 . 2010-07-17 13:33 -------- d-----w- c:\program files\SoulseekNS

2010-07-17 13:21 . 2010-07-17 13:20 108 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat

2010-07-17 13:20 . 2010-07-17 13:21 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe

2010-07-17 13:20 . 2010-07-17 13:20 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe

2010-07-17 13:20 . 2010-07-17 13:20 -------- d-----w- c:\programdata\Last.fm

2010-07-17 13:19 . 2010-07-17 13:19 -------- d-----w- c:\program files\Last.fm

2010-07-17 11:57 . 2010-07-17 11:57 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-07-17 11:57 . 2010-07-17 11:57 -------- d-----w- c:\program files\iPod

2010-07-17 11:57 . 2010-07-17 11:52 -------- d-----w- c:\programdata\Apple Computer

2010-07-17 11:57 . 2010-07-17 11:52 -------- d-----w- c:\program files\Common Files\Apple

2010-07-17 11:52 . 2010-07-17 11:52 -------- d-----w- c:\program files\QuickTime

2010-07-17 11:52 . 2010-07-17 11:52 -------- d-----w- c:\program files\Apple Software Update

2010-07-17 11:52 . 2010-07-17 11:52 -------- d-----w- c:\program files\Bonjour

2010-07-17 11:52 . 2010-07-17 11:52 -------- d-----w- c:\programdata\Apple

2010-07-17 06:23 . 2010-07-16 10:33 -------- d-----w- c:\programdata\Norton

2010-07-17 06:05 . 2010-07-17 06:05 -------- d-----w- c:\program files\7-Zip

2010-07-17 05:52 . 2010-07-17 05:52 -------- d-----w- c:\program files\CCleaner

2010-07-17 05:16 . 2010-07-17 05:16 -------- d-----w- c:\program files\Common Files\Java

2010-07-17 05:15 . 2010-07-17 05:15 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-17 05:15 . 2010-07-17 05:15 -------- d-----w- c:\program files\Java

2010-07-17 04:55 . 2010-07-17 04:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 04:55 . 2010-07-17 04:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 04:55 . 2010-07-17 04:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-17 04:54 . 2010-07-17 04:54 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-07-17 04:53 . 2010-07-17 04:53 -------- d-----w- c:\program files\AVG

2010-07-17 04:53 . 2010-07-17 04:52 -------- d-----w- c:\programdata\avg9

2010-07-17 04:11 . 2010-07-17 04:11 -------- d-----w- c:\program files\MSXML 4.0

2010-07-17 03:48 . 2010-07-17 03:48 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-07-17 03:19 . 2010-07-17 03:19 -------- d-----w- c:\program files\BitTorrent

2010-07-17 02:50 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

2010-07-17 02:29 . 2010-07-17 02:29 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----r- c:\program files\Skype

2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\program files\Common Files\Skype

2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\programdata\Skype

2010-07-17 02:02 . 2010-07-17 02:02 79367 ----a-w- c:\users\Puff\AppData\Roaming\Google\Google Talk\uninstall.exe

2010-07-17 01:48 . 2010-07-17 01:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-07-17 01:47 . 2010-07-17 01:47 -------- d-----w- c:\program files\Smart Bro

2010-07-16 11:11 . 2010-07-16 11:11 -------- d-----w- c:\program files\Vimicro

2010-07-16 11:07 . 2010-07-16 11:07 -------- d-----w- c:\users\Puff\AppData\Roaming\Nero

2010-07-16 11:00 . 2010-07-16 11:00 -------- d-----w- c:\program files\Common Files\LightScribe

2010-07-16 10:57 . 2010-07-16 10:55 -------- d-----w- c:\program files\Common Files\Nero

2010-07-16 10:55 . 2010-07-16 10:55 -------- d-----w- c:\programdata\Nero

2010-07-16 10:55 . 2010-07-16 10:55 -------- d-----w- c:\program files\Nero

2010-07-16 10:43 . 2010-07-16 10:42 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-16 10:40 . 2010-07-16 10:40 -------- d-----w- c:\program files\Vtune

2010-07-16 10:33 . 2010-07-16 10:33 -------- d-----w- c:\programdata\NortonInstaller

2010-07-16 10:32 . 2010-07-16 10:32 -------- d--h--w- c:\program files\Temp

2010-07-16 10:32 . 2010-07-16 10:32 -------- d-----w- c:\program files\Realtek

2010-07-16 10:32 . 2010-07-16 10:32 -------- d-----w- c:\program files\Common Files\InstallShield

2010-07-16 10:31 . 2010-07-16 10:31 -------- d-----w- c:\program files\Intel

2010-07-14 08:00 . 2010-07-17 03:48 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-06-11 08:51 . 2010-06-11 08:51 3055600 ----a-w- c:\users\Puff\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

2010-06-11 08:36 . 2010-06-11 08:36 275952 ----a-w- c:\users\Puff\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

2010-06-08 16:10 . 2010-07-17 03:48 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-06-08 16:10 . 2010-07-17 03:48 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-05-27 07:24 . 2010-07-17 02:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49 . 2010-07-17 02:13 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-05-23 09:50 . 2010-07-17 04:28 73216 ----a-w- c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-03-17 2158592]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

"googletalk"="c:\users\Puff\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Google Update"="c:\users\Puff\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-02-09 654648]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-04-19 405712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]

"BigDogPath"="c:\windows\VM_STI.EXE" [2004-02-24 49152]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"globe"="c:\program files\Globe Telecom\Click Fix\bin\sprtcmd.exe" [2009-07-06 204672]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"gidle"="c:\program files\gAlwaysIdle\gidle.exe" [2008-01-07 49152]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 136176]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-17 1343400]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-17 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-17 243024]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

S2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\Globe Telecom\Click Fix\bin\sprtsvc.exe [2009-07-06 204672]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-15 240232]

S2 tgsrvc_globe;SupportSoft Repair Service (globe);c:\program files\Globe Telecom\Click Fix\bin\tgsrvc.exe [2009-07-06 151424]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-03-11 153736]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 05:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:03]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:03]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088781879-4145325823-710361088-1000Core.job

- c:\users\Puff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 02:04]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088781879-4145325823-710361088-1000UA.job

- c:\users\Puff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 02:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.igoogle.com/

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Flickr Tags

FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: c:\program files\Sony\Media Go\npmediago.dll

FF - plugin: c:\users\Puff\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\Puff\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\Puff\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

ActiveSetup-{BLBTN2CL-CFQH-TRYE-NAUG-RZXYLCUMZ5YA} - c:\users\Puff\AppData\Local\Temp\LLyte.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-08-21 08:39:41

ComboFix-quarantined-files.txt 2010-08-21 00:39

Pre-Run: 226,535,587,840 bytes free

Post-Run: 226,445,881,344 bytes free

- - End Of File - - DB41067F521D75F6C6B3523C77703FEF

[RPMcMurphy]

Hi paley:

Is it running better now? Please run these next:

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
  
• Click Check for Updates
  
• If an update is found, it will download and install the latest version.
  
• The program will close to update and reopen.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
  

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • 
    
  • Spyware, adware, dialers, and other riskware
    
  • Archives
    
  • E-mail databases
    

  [*]Click on My Computer under the green Scan bar to the left to start the scan.

  [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

  [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  [*]Click View report... at the bottom.

  [*] Click the Save report... button.

  [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

• MBAM log
  
• Kaspersky log
  

[paley]

Hello! Yes ... the pop ups have gone away now! I have a question though.. do you think like my initial problem... that my webcam was really controlled or it was just to scare me? because if it was... it's terrifying.

oh here is the MBAM Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4455

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

8/21/2010 9:11:49 AM

mbam-log-2010-08-21 (09-11-49).txt

Scan type: Quick scan

Objects scanned: 131605

Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the Kaspersky Log

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, August 21, 2010

Operating system: Microsoft Professional (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, August 20, 2010 21:22:39

Records in database: 4130136

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

G:\

Scan statistics:

Objects scanned: 156444

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 02:15:29

No threats found. Scanned area is clean.

Selected area has been scanned.

Yay!... am I clear now??

[RPMcMurphy]

paley:

Anything is possible, but it was most likely just trying to dupe you into purchasing a rogue security program. Your logs look good, but we have some important cleanup to take care of:

Uninstall ComboFix

• Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
  Combofix /Uninstall
  

Delete the following tools along with any other logs you saved from our work:

• DDS
  
• GMER
  

Download TFC to your desktop

• Close any open windows.
  
• Double click the TFC icon to run the program
  
• TFC will close all open programs itself in order to run,
  
• Click the Start button to begin the process.
  
• Allow TFC to run uninterrupted.
  
• The program should not take long to finish it's job
  
• Once its finished it should automatically reboot your machine,
  
• if it doesn't, manually reboot to ensure a complete clean
  

Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

• Restart any anti-malware programs that we disabled while we were cleaning your machine.
  
• Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
  
• Avoid using P2P programs. See this post for more information.
  
• Please visit our General Computer Security Forum and review this post for some helpful information.
  

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

[paley]

RPMcMurphy!

you are heaven sent! Thank you ever so much! I just ran MBAM and it does seem I am all clean now! Thank you for your patience and assistance... and quick response!

I feel a bit rude running away now that youre done helping me...

You're excellent!

and I shall heed your advice... I've learned my lesson now. I don't even know how I got it.

[RPMcMurphy]

You're welcome, paley. Take care.