Good Afternoon,

Unfortunately, my PC has been infected.

Whenever I start Windows Vista, I will initially get a popup which asks if I would like this file to be added: C:\Windows\system32\szbtm.exe

I click no, but it doesn't matter because the popup reappears about every 5-10 min.

About a day after this incident, my computer kept crashing, I would get the blue screen and Windows would automatically restart.

After the restart, some program called "System Security" took over. It plastered a desktop wallpaper saying that my computer was infected and seemed to be doing a scan.

I attempted to cancel, launch antivirus, malware programs, and task manager but it prevented me from doing so.

I cold-booted the system and was able to launch Malaware which found and deleted some viruses (the System Security problem seemed to go away but I still get the initial popup and constant blue screen crashes.

In addition, I am unable to launch my MS Office programs. Whenever I try, it acts as if it is trying to install the program from scratch.

I apologize for the long winded post but I wanted to be as detailed as possible.

I am currently using Windows in safe mode and have run Hijackthis.

Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:43 PM, on 7/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5674
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5674
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5674
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5674
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\szbtm.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\mykl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 13040 bytes

Let me thank all in advance for any information or assistance you can provide in this matter.

Michael

I also forgot to mention that one other side effect is that I am unable to search using Yahoo from Firefox. Whenever I try, I am redirected to totally unrelated websites.

I am able to search using yahoo in IE and Chrome though.

Michael

Hi,

Did MalwareBytes' find anything?

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Right-click dds.scr and select Run As Administrator to run the tool.
• When done two logs should open:
  
  1. DDS.txt
  2. Attach.txt

• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Right-click gmer.exe and select Run As Administrator. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Hi JPShortstuff,

Yes. I believe MalAware found 7 viruses which were deleted. I this is what stopped the "System Security" issue from re-appearing.

I am attempting to follow your instructionjs regarding DDS. I have downloaded the file however when I right-click the icon I do not find the usual "Run as Administrator" option. I am provided with "Test", "Configure" or "Install" options.

(I don't know if this is pertinent but the file type is listed as a screensaver).

I will await your review and further instructions.

Thanks

Mike

Ah yes, sometimes the .scr extension is problematic. Please try this version instead:
http://www.forospyware.com/sUBs/dds/

Cheers.

Ok,

This one is a dds.pif file and when I right-click on this icon I am provided a "Run" option but not "Run as Administrator".

Should I continue?

Mike

Yeah, go for Run, its better than nothing at all

Per your instructions, I am posting the following results:

DDS LOG


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by mykl at 15:03:25.53 on Wed 07/01/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.2231 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mykl\Documents\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Google Update] "c:\users\mykl\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ButtonMonitor] c:\program files\ioi\ButtonMonitor.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
mRun: [cftmon] c:\windows\system32\szbtm.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mykl\appdata\roaming\mozilla\firefox\profiles\sdkka03l.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\mykl\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\mykl\appdata\roaming\mozilla\firefox\profiles\sdkka03l.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\users\mykl\appdata\roaming\mozilla\firefox\profiles\sdkka03l.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071300000040.dll
FF - plugin: c:\users\mykl\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-6 210216]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-9 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-4-6 2749224]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-15 40160]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-07-01 13:05 8,212 a------- c:\windows\mfebcdata
2009-06-30 12:53 <DIR> --d----- c:\program files\Trend Micro
2009-06-29 17:36 220 a------- c:\windows\system32\winset.ini
2009-06-29 17:36 138,752 a------- c:\windows\sreo8703.exe
2009-06-29 17:35 <DIR> --d----- c:\program files\IEToolbar
2009-06-29 17:35 889,078 a------- c:\windows\mdhhh0816.exe
2009-06-29 16:33 <DIR> --d----- c:\windows\system32\Adobe
2009-06-25 22:05 116,839 a------- c:\windows\hpqins00.dat
2009-06-22 17:49 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-06-15 17:03 <DIR> --d----- c:\users\mykl\appdata\roaming\Malwarebytes
2009-06-15 17:03 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 17:03 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-15 17:03 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-15 17:03 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 17:03 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-15 16:53 <DIR> --d----- c:\program files\Belarc
2009-06-14 01:21 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-14 01:21 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-14 01:21 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 01:21 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 01:21 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-07 08:41 <DIR> --d----- c:\program files\iPod
2009-06-07 08:41 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-06-14 10:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-14 10:07 51,200 a------- c:\windows\inf\infpub.dat
2009-06-14 10:07 86,016 a------- c:\windows\inf\infstor.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-23 06:10 157,706 a------- c:\windows\hphins27.dat
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-27 18:59 2,516 a--sh--- c:\programdata\KGyGaAvL.sys
2009-01-27 18:59 2,516 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-01-18 08:32 8 ---shr-- c:\programdata\E6E84B42E6.sys
2009-01-18 08:32 8 ---shr-- c:\progra~2\E6E84B42E6.sys
2008-06-10 21:18 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:04:48.99 ===============

GMER LOG


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by mykl at 15:03:25.53 on Wed 07/01/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.2231 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mykl\Documents\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5674
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Google Update] "c:\users\mykl\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ButtonMonitor] c:\program files\ioi\ButtonMonitor.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
mRun: [cftmon] c:\windows\system32\szbtm.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mykl\appdata\roaming\mozilla\firefox\profiles\sdkka03l.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\mykl\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\mykl\appdata\roaming\mozilla\firefox\profiles\sdkka03l.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\users\mykl\appdata\roaming\mozilla\firefox\profiles\sdkka03l.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071300000040.dll
FF - plugin: c:\users\mykl\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-6 210216]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-9 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-4-6 2749224]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-15 40160]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-07-01 13:05 8,212 a------- c:\windows\mfebcdata
2009-06-30 12:53 <DIR> --d----- c:\program files\Trend Micro
2009-06-29 17:36 220 a------- c:\windows\system32\winset.ini
2009-06-29 17:36 138,752 a------- c:\windows\sreo8703.exe
2009-06-29 17:35 <DIR> --d----- c:\program files\IEToolbar
2009-06-29 17:35 889,078 a------- c:\windows\mdhhh0816.exe
2009-06-29 16:33 <DIR> --d----- c:\windows\system32\Adobe
2009-06-25 22:05 116,839 a------- c:\windows\hpqins00.dat
2009-06-22 17:49 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-06-15 17:03 <DIR> --d----- c:\users\mykl\appdata\roaming\Malwarebytes
2009-06-15 17:03 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 17:03 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-15 17:03 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-15 17:03 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 17:03 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-15 16:53 <DIR> --d----- c:\program files\Belarc
2009-06-14 01:21 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-14 01:21 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-14 01:21 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 01:21 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 01:21 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-07 08:41 <DIR> --d----- c:\program files\iPod
2009-06-07 08:41 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-06-14 10:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-14 10:07 51,200 a------- c:\windows\inf\infpub.dat
2009-06-14 10:07 86,016 a------- c:\windows\inf\infstor.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-23 06:10 157,706 a------- c:\windows\hphins27.dat
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-27 18:59 2,516 a--sh--- c:\programdata\KGyGaAvL.sys
2009-01-27 18:59 2,516 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-01-18 08:32 8 ---shr-- c:\programdata\E6E84B42E6.sys
2009-01-18 08:32 8 ---shr-- c:\progra~2\E6E84B42E6.sys
2008-06-10 21:18 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:04:48.99 ===============

THE "ATTACH" FILE

 Attach.txt ( 12.28K ) Number of downloads: 343


Awaiting further instructions

Thanks

Mike

Hi there, it looks like you've posted the DDS log twice, rather than the GMER log

My apologies

GMER LOG

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-01 15:25:36
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code 85D002D8 ZwEnumerateKey
Code 85CF2300 ZwFlushInstructionCache
Code 858B7995 IofCallDriver
Code 85CDE336 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 81E54FE2 5 Bytes JMP 85CDE33B
.text ntkrnlpa.exe!IofCallDriver 81ED6F6F 5 Bytes JMP 858B799A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FCD30B 5 Bytes JMP 85CF2304
PAGE ntkrnlpa.exe!ZwEnumerateKey 82022BA2 5 Bytes JMP 85D002DC

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\SYSTEM32\WISPTIS.EXE[344] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 0074000A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[372] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 002E000A
.text C:\Windows\system32\winlogon.exe[484] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 000E000A
.text C:\Windows\system32\wbem\wmiprvse.exe[524] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 0026000A
.text C:\Windows\system32\lsm.exe[548] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 0082000A
.text ...
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtCreateFile + 6 76EC800E 4 Bytes [28, 00, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtCreateFile + B 76EC8013 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + 6 76EC875E 1 Byte [28]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + 6 76EC875E 4 Bytes [28, 03, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + B 76EC8763 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenFile + 6 76EC87EE 4 Bytes [68, 00, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenFile + B 76EC87F3 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcess + 6 76EC886E 4 Bytes [A8, 01, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcess + B 76EC8873 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessToken + 6 76EC887E 4 Bytes CALL 75EC8E84 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessToken + B 76EC8883 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessTokenEx + 6 76EC888E 4 Bytes [A8, 02, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessTokenEx + B 76EC8893 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThread + 6 76EC88DE 4 Bytes [68, 01, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThread + B 76EC88E3 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadToken + 6 76EC88EE 4 Bytes [68, 02, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadToken + B 76EC88F3 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadTokenEx + 6 76EC88FE 4 Bytes CALL 75EC8F05 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadTokenEx + B 76EC8903 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryAttributesFile + 6 76EC898E 4 Bytes [A8, 00, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryAttributesFile + B 76EC8993 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryFullAttributesFile + 6 76EC8A3E 4 Bytes CALL 75EC9043 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryFullAttributesFile + B 76EC8A43 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationFile + 6 76EC8F1E 4 Bytes [28, 01, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationFile + B 76EC8F23 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationThread + 6 76EC8F6E 4 Bytes [28, 02, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationThread + B 76EC8F73 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtUnmapViewOfSection + 6 76EC920E 1 Byte [68]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtUnmapViewOfSection + 6 76EC920E 4 Bytes [68, 03, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtUnmapViewOfSection + B 76EC9213 1 Byte [E2]
.text C:\Windows\system32\cscript.exe[2908] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 0039000A
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 002D000A
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtCreateFile + 6 76EC800E 4 Bytes [28, 00, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtCreateFile + B 76EC8013 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtMapViewOfSection + 6 76EC875E 1 Byte [28]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtMapViewOfSection + 6 76EC875E 4 Bytes [28, 03, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtMapViewOfSection + B 76EC8763 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenFile + 6 76EC87EE 4 Bytes [68, 00, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenFile + B 76EC87F3 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcess + 6 76EC886E 4 Bytes [A8, 01, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcess + B 76EC8873 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessToken + 6 76EC887E 4 Bytes CALL 75EC8E84 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessToken + B 76EC8883 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessTokenEx + 6 76EC888E 4 Bytes [A8, 02, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenProcessTokenEx + B 76EC8893 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThread + 6 76EC88DE 4 Bytes [68, 01, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThread + B 76EC88E3 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadToken + 6 76EC88EE 4 Bytes [68, 02, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadToken + B 76EC88F3 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadTokenEx + 6 76EC88FE 4 Bytes CALL 75EC8F05 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtOpenThreadTokenEx + B 76EC8903 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryAttributesFile + 6 76EC898E 4 Bytes [A8, 00, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryAttributesFile + B 76EC8993 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryFullAttributesFile + 6 76EC8A3E 4 Bytes CALL 75EC9043 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtQueryFullAttributesFile + B 76EC8A43 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationFile + 6 76EC8F1E 4 Bytes [28, 01, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationFile + B 76EC8F23 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationThread + 6 76EC8F6E 4 Bytes [28, 02, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtSetInformationThread + B 76EC8F73 1 Byte [E2]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtUnmapViewOfSection + 6 76EC920E 1 Byte [68]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtUnmapViewOfSection + 6 76EC920E 4 Bytes [68, 03, 06, 00]
.text C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe[2952] ntdll.dll!NtUnmapViewOfSection + B 76EC9213 1 Byte [E2]
.text C:\Windows\system32\notepad.exe[3244] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 0024000A
.text C:\Windows\System32\cmd.exe[3604] ntdll.dll!LdrLoadDll 76E97933 5 Bytes JMP 003B000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C57BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C998C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C5D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C4F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C57599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C4E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73C8B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C5D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C5012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C50095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C471F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73CDD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C775E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C4DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C4668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C466BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1224] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C51E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\SYSTEM32\WISPTIS.EXE [344] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [440] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [484] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\wbem\wmiprvse.exe [524] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [528] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\lsass.exe [540] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\lsm.exe [548] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [700] 0x01190000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [772] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [816] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [908] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [936] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [984] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\wbem\unsecapp.exe [1032] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1036] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\SYSTEM32\WISPTIS.EXE [1052] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [1060] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1080] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ c:\PROGRA~1\mcafee.com\agent\mcagent.exe [1188] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [1224] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1364] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Program Files\McAfee\MPF\MPFSrv.exe [1504] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1540] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Users\mykl\Documents\Downloads\dds.pif [1600] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Users\mykl\Desktop\gmer.exe [1724] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [1876] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\notepad.exe [2252] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe [2540] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe [2688] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\cscript.exe [2908] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Users\mykl\AppData\Local\Google\Chrome\Application\chrome.exe [2952] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\system32\notepad.exe [3244] 0x10000000
Library \\?\globalroot\systemroot\system32\SKYNETqwusvhmb.dll (*** hidden *** ) @ C:\Windows\System32\cmd.exe [3604] 0x10000000

---- EOF - GMER 1.0.15 ----

OK, looks like you've got a nasty Rootkit on board.

Please click Start >> Control Panel >> Add/Remove Programs, and then find and Remove these old versions of Java:
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
(Leave Update 13)

While you are there, I recommend you consider removing Limewire - its a great way to get yourself infected.


Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

We need to disable one or more of your security programs so that they do not interfere with ComboFix.

Check here for information on disabling your security programs. It is important that you disable Spybot TeaTimer, as this can interfere with our fixes.

Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:

1. Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
4. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

This post has been edited by jpshortstuff: Jul 1 2009, 02:14 PM

I was able to uninstall Limewire but unable to remove the three Java versions you spoke of. Whenever I attempt to uninstall, I receive the following popup message:

"The Windows Installer service could not be accessed.
This can occur of the Windows Installer is not correctly installed.
Contact your support personnel for assistance."

How should I proceed?

Mike

Hold off on that for a moment then, and continue with the ComboFix step. We will come back to them later.

The past hour has been interesting.

Ok here is what is occurring...

-I downloaded Combofix as instructed

-I disabled all security programs as instructed with the exception of Windows Defender which was partially disabled (I was able to complete the first set of instructions but was not able to find a "Security" tab or option in the Control Panel to complete the 2nd set of instructions)

-I double click the Combofix icon and it launches but soon after, I receive the following message:
"Access denied. Administrator permission are needed to use the selected options. Use an administrator command prompt to complete these tasks".

Without me doing anything a Disclaimer of Warranty on Software appears. It has wording about going to bleepingcomputer.com for a guide to using the software. A prompt asks me if I want to continue. I click "yes".

The Combofix popup adds the following message "Attempting a new restore point".

That window dissapears and the Combofix autoscan popup appears and it attempts to scan my computer. This goes on for approximately 3 minutes when the popup window is flooded with "Access Denied" error messages before the system reboots.

I tried Combofix six times, uninstalling the first link and trying the second link. Right clicking the icon and running as an admin instead of doubleclicking. All with the same results.

(I attempted to screen capture these messages with the Google snipping tool but it would not allow me to save and then froze)

I hope this info was helpful.

I await further instruction.

Thanks-Mike
Mike

Hi,

Let's try a workaround, this Rootkit has been known to block ComboFix.

Please delete your existing copy of ComboFix.

Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3





IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on Combo-Fix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.