0

I was using AVG and Avast simultaneously until I was advised that it was a no-no. I uninstalled AVG and kept Avast.
Google searches are redirected to Searchlight and others. Some webpages won't display showing a MGINX error page. I'm blessed with Audio of Obama playing randomly. And Outlook opens on it's own displaying ad-type emails. I don't use nor have I ever used outlook.

Here are the requested logs and encountered issues while doing the initial cleaning;
per the "Read this before posting" instructions. Any help would be appreciated.
thank you:)

GMER crashed twice. The second time showing a blue screen error - warning that a program had been detected as harmful, and that I should restart.

MBA-M didn't report finding anything.

LOGS
DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Val at 12:26:25.04 on Thu 08/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.495 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
svchost.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\DOCUME~1\Val\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Val\Desktop\dds.pif
C:\WINDOWS\system32\igfxsrvc.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://charter.net/index.php
uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Mirar: {c4712e66-86d2-4023-8b86-cc9d3cd37d14} - c:\windows\system32\0578.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SfKg6wIPuS] c:\documents and settings\val\application data\microsoft\windows\oulwsv.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\val\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\bopujadu.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-10 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-10 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 40384]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

=============== Created Last 30 ================

2010-12-14 17:07:30 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-08-11 01:40:20 38848 ----a-w- c:\windows\avastSS.scr
2010-08-11 01:38:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-10 10:05:19 0 d-sh--w- c:\docume~1\val\applic~1\SystemProc
2010-08-04 19:18:03 0 d-----w- c:\program files\iPod
2010-08-04 19:17:55 0 d-----w- c:\program files\iTunes
2010-07-14 22:54:26 0 d-----w- c:\program files\Bonjour
2010-07-13 22:02:14 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-17 19:54:17 6686 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-05-02 13:22:31 88 --sh--r- c:\windows\system32\57099E6ECA.sys
2010-02-27 14:40:09 56 --sh--r- c:\windows\system32\CA6E9E0957.sys

============= FINISH: 12:28:12.89 ===============


DDS Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/18/2008 9:29:30 AM
System Uptime: 8/12/2010 12:24:11 PM (0 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 107 GiB total, 73.248 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 37.163 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP552: 5/14/2010 10:16:29 AM - System Checkpoint
RP553: 5/15/2010 10:34:36 AM - System Checkpoint
RP554: 5/16/2010 8:50:01 PM - Software Distribution Service 3.0
RP555: 5/17/2010 5:22:26 PM - Software Distribution Service 3.0
RP556: 5/18/2010 3:00:22 AM - Software Distribution Service 3.0
RP557: 5/19/2010 3:13:25 AM - System Checkpoint
RP558: 5/20/2010 3:49:17 AM - System Checkpoint
RP559: 5/21/2010 1:52:27 AM - Software Distribution Service 3.0
RP560: 5/22/2010 4:28:54 AM - System Checkpoint
RP561: 5/23/2010 3:00:16 AM - Software Distribution Service 3.0
RP562: 5/24/2010 3:14:43 AM - System Checkpoint
RP563: 5/24/2010 4:14:20 PM - Software Distribution Service 3.0
RP564: 5/25/2010 1:32:58 PM - Software Distribution Service 3.0
RP565: 5/26/2010 3:09:47 PM - Software Distribution Service 3.0
RP566: 5/27/2010 3:55:42 PM - Software Distribution Service 3.0
RP567: 5/28/2010 2:21:55 PM - Software Distribution Service 3.0
RP568: 5/29/2010 2:30:13 PM - Software Distribution Service 3.0
RP569: 5/30/2010 8:52:20 AM - Software Distribution Service 3.0
RP570: 5/31/2010 9:13:18 AM - System Checkpoint
RP571: 6/1/2010 8:47:55 AM - Software Distribution Service 3.0
RP572: 6/2/2010 3:00:18 AM - Software Distribution Service 3.0
RP573: 6/2/2010 7:15:52 AM - Installed Windows XP Wdf01005.
RP574: 6/3/2010 7:24:24 AM - Software Distribution Service 3.0
RP575: 6/3/2010 8:29:37 AM - Avg Update
RP576: 6/4/2010 8:07:27 AM - Software Distribution Service 3.0
RP577: 6/5/2010 11:57:39 AM - System Checkpoint
RP578: 6/6/2010 1:23:39 PM - System Checkpoint
RP579: 6/7/2010 3:00:16 AM - Software Distribution Service 3.0
RP580: 6/8/2010 3:52:57 AM - System Checkpoint
RP581: 6/10/2010 12:16:19 AM - System Checkpoint
RP582: 6/11/2010 1:22:06 AM - System Checkpoint
RP583: 6/11/2010 3:00:30 AM - Software Distribution Service 3.0
RP584: 6/11/2010 3:02:38 PM - Software Distribution Service 3.0
RP585: 6/13/2010 9:23:46 AM - System Checkpoint
RP586: 6/14/2010 9:37:50 AM - System Checkpoint
RP587: 6/15/2010 3:02:40 PM - System Checkpoint
RP588: 6/16/2010 3:55:55 PM - System Checkpoint
RP589: 6/17/2010 4:51:53 PM - System Checkpoint
RP590: 6/18/2010 4:52:49 PM - System Checkpoint
RP591: 6/19/2010 5:23:31 PM - System Checkpoint
RP592: 6/20/2010 9:05:55 AM - Software Distribution Service 3.0
RP593: 6/21/2010 3:13:30 PM - System Checkpoint
RP594: 6/22/2010 4:36:41 PM - System Checkpoint
RP595: 6/23/2010 3:00:16 AM - Software Distribution Service 3.0
RP596: 6/23/2010 6:09:07 AM - Software Distribution Service 3.0
RP597: 6/23/2010 4:45:25 PM - Software Distribution Service 3.0
RP598: 6/24/2010 3:00:16 AM - Software Distribution Service 3.0
RP599: 6/24/2010 4:17:09 PM - Avg Update
RP600: 6/25/2010 3:00:23 AM - Software Distribution Service 3.0
RP601: 6/26/2010 3:12:23 AM - System Checkpoint
RP602: 6/26/2010 8:36:49 AM - Advanced Registry Optimizer 2010 - Before Installation
RP603: 6/26/2010 8:37:44 AM - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
RP604: 6/26/2010 12:47:11 PM - Software Distribution Service 3.0
RP605: 6/26/2010 4:32:05 PM - Software Distribution Service 3.0
RP606: 6/27/2010 3:00:16 AM - Software Distribution Service 3.0
RP607: 6/28/2010 3:00:49 AM - System Checkpoint
RP608: 6/29/2010 4:00:51 AM - System Checkpoint
RP609: 6/30/2010 4:36:30 PM - System Checkpoint
RP610: 7/1/2010 6:09:43 PM - System Checkpoint
RP611: 7/2/2010 6:17:38 PM - System Checkpoint
RP612: 7/3/2010 7:50:12 AM - Software Distribution Service 3.0
RP613: 7/4/2010 9:09:07 AM - System Checkpoint
RP614: 7/5/2010 9:49:09 AM - System Checkpoint
RP615: 7/6/2010 9:52:37 AM - System Checkpoint
RP616: 7/7/2010 1:13:30 PM - System Checkpoint
RP617: 7/7/2010 4:22:54 PM - Software Distribution Service 3.0
RP618: 7/8/2010 3:00:20 AM - Software Distribution Service 3.0
RP619: 7/9/2010 7:54:33 AM - Software Distribution Service 3.0
RP620: 7/10/2010 7:56:52 AM - System Checkpoint
RP621: 7/10/2010 7:57:39 AM - Software Distribution Service 3.0
RP622: 7/11/2010 11:12:30 AM - System Checkpoint
RP623: 7/12/2010 11:27:02 AM - System Checkpoint
RP624: 7/13/2010 4:28:46 PM - System Checkpoint
RP625: 7/14/2010 3:00:30 AM - Software Distribution Service 3.0
RP626: 7/15/2010 3:43:25 AM - System Checkpoint
RP627: 7/15/2010 9:49:08 AM - Avg Update
RP628: 7/15/2010 9:50:36 AM - Avg Update
RP629: 7/15/2010 9:58:56 PM - Software Distribution Service 3.0
RP630: 7/16/2010 10:12:25 PM - System Checkpoint
RP631: 7/17/2010 11:38:24 PM - System Checkpoint
RP632: 7/19/2010 12:12:25 AM - System Checkpoint
RP633: 7/20/2010 4:44:49 AM - System Checkpoint
RP634: 7/21/2010 5:49:20 AM - Software Distribution Service 3.0
RP635: 7/21/2010 9:18:30 AM - Avg Update
RP636: 7/22/2010 9:45:08 AM - System Checkpoint
RP637: 7/23/2010 1:48:32 PM - System Checkpoint
RP638: 7/24/2010 3:11:12 PM - System Checkpoint
RP639: 7/25/2010 3:17:45 PM - System Checkpoint
RP640: 7/26/2010 7:12:25 AM - Software Distribution Service 3.0
RP641: 7/26/2010 1:21:38 PM - Software Distribution Service 3.0
RP642: 7/26/2010 4:31:22 PM - Software Distribution Service 3.0
RP643: 7/27/2010 5:54:46 PM - System Checkpoint
RP644: 7/28/2010 6:11:22 PM - System Checkpoint
RP645: 7/28/2010 8:56:36 PM - Software Distribution Service 3.0
RP646: 7/29/2010 9:02:39 PM - System Checkpoint
RP647: 7/30/2010 9:09:53 PM - System Checkpoint
RP648: 7/31/2010 10:06:40 PM - System Checkpoint
RP649: 8/1/2010 3:00:16 AM - Software Distribution Service 3.0
RP650: 8/2/2010 3:40:20 AM - System Checkpoint
RP651: 8/2/2010 5:59:03 AM - Software Distribution Service 3.0
RP652: 8/3/2010 6:42:38 AM - System Checkpoint
RP653: 8/3/2010 7:29:25 PM - Software Distribution Service 3.0
RP654: 8/3/2010 8:47:08 PM - Software Distribution Service 3.0
RP655: 8/4/2010 9:11:24 PM - System Checkpoint
RP656: 8/5/2010 9:14:53 PM - System Checkpoint
RP657: 8/6/2010 3:00:16 AM - Software Distribution Service 3.0
RP658: 8/7/2010 5:41:56 PM - System Checkpoint
RP659: 8/7/2010 7:02:10 PM - Software Distribution Service 3.0
RP660: 8/8/2010 7:45:42 PM - System Checkpoint
RP661: 8/9/2010 10:10:03 PM - Software Distribution Service 3.0
RP662: 8/10/2010 9:38:51 PM - avast! Free Antivirus Setup
RP663: 8/11/2010 1:45:13 PM - Removed AVG Free 9.0
RP664: 8/11/2010 1:47:08 PM - Installed AVG Free 9.0
RP665: 8/11/2010 4:11:06 PM - Software Distribution Service 3.0
RP666: 8/11/2010 8:54:34 PM - Removed U3Launcher

==== Installed Programs ======================

2007 Microsoft Office system
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
America Online (Choose which version to remove)
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
AutoUpdate
avast! Free Antivirus
Bonjour
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell ResourceCD
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
Kagaya Screen Saver
LAME v3.98.2 for Audacity
Learn2 Player (Uninstall Only)
Lexmark 1200 Series
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mirar
MKV Splitter
MobileMe Control Panel
Modem Helper
MSXML 4.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 8.0 CRT (x86) WinSXS MSM
WebCyberCoach 3.2 Dell
WebFldrs XP
WhereSphere
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WordPerfect Office 12

==== End Of File ===========================

Malware Bytes Anti Malware Log

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 3

8/12/2010 2:29:16 PM
mbam-log-2010-08-12 (14-29-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 179007
Time elapsed: 26 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Noting again that GMER did not provide a log as it crashed twice.

Thanks again for your help.

4
Contributors
19
Replies
20
Views
7 Years
Discussion Span
Last Post by crunchie
0

GMER just crashed for the third time.... this is a nasty bug I have. Please someone help me.... Im dependent on my computer for work, and I have tried everything.
Doing a boot scan with Avast right now....
When I restarted I got a few "Program Not Responding" messages for the following:

msmsgs.exe
MSASCui.exe
GoogleToolbarNo
and a very long file name "A7E495BF-9589-4a6e-8479-DDA2 ......... "

0

Welcome to Daniweb, please be patient as we are short on volunteers due to summer activities Thank You. Later---

0

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
0

Thank you Crunchie. Im posting Boot Kit Remover output below. Also, in a seperate post I am posting a log from Malware Bytes after I uninstalled and reinstalled; as I was unable to update it.
Thanks for helping me :)


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

0

MBAM Log after reinstalling

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4424

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/13/2010 9:09:30 AM
mbam-log-2010-08-13 (09-09-30).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 228037
Time elapsed: 32 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 12
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipus (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Val\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\radar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\radar-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\satellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\satellite-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Application Data\WhereSphere\config.cfg (Adware.WhereSphere) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.

0

Open Notepad
Copy and paste following text into Notepad:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.

Run fix.bat by double clicking.
You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

0

Looks like the same result. After running the fix.bat file.

Heres the boot kit remover output.


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

0

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

0

computer shut down on it's own.... now it says "No boot device availble - Strike F1 to reboot F2 for setup utility.

This was prior to any additional scans or downloads.

:(

0

Boot Sequence Shows:

1. Onboard or USB CD-ROM Drive
2. Onboard SATA Hard Drive
3. Onboard or USB Floppy Drive (not present)
4. Onboard IDE Hard Drive (not present)
5. USB Device (not present)

Under the drive info it shows:
Diskette Drive - Off
Drive 0: SATA 0 - On
Drive 1: SATA 2 - Off
Drive 2: PATA 0 - Off
Drive 3: PATA 1 - Off

SATA Operation is set at RAID Autodetect/ATA

0

Do you have RAID set up? If not, you need to change it to Native IDE. Not sure where you are going with this. A little more information about why you posted that would come in handy.

0

I haven't changed anything, I was just posting the details of what the SETUP System Info screen was telling me. Thought it would give you more insight.

How do I know if RAID is set up... The SATA Operation screen just says RAID is set to AUTODETECT.

Nothing has changed, just a black screen saying No boot device available.

0

And.... the computer won't boot up. That's all the info I have. Unfortunately. Not sure where to go from here.

0

Thanks for the info. I did the fixmbr at the command prompt as the instructions noted. Response said it wrote new MBR to harddisk but still won't boot.

0

wont boot at all.... I think I need to reinstall windows unfortunately.

0

If you have access to another pc you should be able to slave the hard drive to it in order to recover any data you need.
Sorry that it has come to a re-install. These virus' are getting nasty these days.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.