0

Hi, thanks in advance to whoever can help me out here. I guess the issues with my computer are currently.

1. ping.exe using up a large chunk of the CPU, very erratic but sometimes going near 100%
2. When I open Firefox or Internet Explorer, another tab or window automatically opens for internetpayday.co, and when I try to close that i just get more pop-ups. Also if I do a Google search and then click on a result I get redirected to some other search site or more pop-ups (9newstoday.net is another one).
3. When I try to connect to my wireless network, it continues to say "acquiring network address" but the internet itself is working ok. Sometimes it eventually officially connects.

When I first opened GMER Rootkit Scanner it didn't do a quick-scan so that log ended up being empty. Also I don't know if it matters, but I did a MBA-M scan a day earlier than the other things before I found this site and followed the instructions of the readme, and that earlier scan did detect and clean 5 items. I did another full scan today but it didn't detect anything so I'll withhold that one unless it is useful and instead provide the MBA-M log from the scan performed before GMER and the other things. However the issue with the automatic and difficult to close pop-ups is still happening even when MBA-M comes up blank, and ping.exe is still pretty erratic. The Microsoft Malicious Removal Tool didn't find anything. GMER did find some things so maybe that log will be informative. Also when I ran the DDS, my internet and antivirus were disabled. Anyway here are the logs (MBA-M, then GMER Two, then DDS, then Attach.)

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ross :: ROSSDESKTOP [administrator]

1/21/2012 4:12:03 PM
mbam-log-2012-01-21 (16-12-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185128
Time elapsed: 23 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Ross\Local Settings\Temp\fka0.38390525430625055.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ross\Local Settings\Temp\mos0.12154232053690583.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mos0.44537994246301293.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl5852269922588412307.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fka0.5686061745054946.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-22 15:57:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HD160JJ/P rev.ZM100-34
Running: xxrb25ok.exe; Driver: C:\DOCUME~1\Ross\LOCALS~1\Temp\agtoypod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF760E87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF760EBFE]

---- Devices - GMER 1.0.15 ----

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A8E9BD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) F67AD000-F67C9000 (114688 bytes)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB51245$\133943254 0 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\bckfg.tmp 846 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\cfg.ini 198 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\keywords 164 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\L 0 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\L\gnilnfgt 57600 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\U 0 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB51245$\133943254\U\80000032.@ 77312 bytes
File C:\WINDOWS\$NtUninstallKB51245$\861728094 0 bytes

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Ross at 4:59:18 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.160 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Documents and Settings\Ross\Desktop\xxrb25ok.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
uRun: [CPN Notifier] c:\program files\cake poker 2.0\PokerNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ross\application data\mozilla\firefox\profiles\p24dx0ru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com
FF - component: c:\documents and settings\ross\application data\mozilla\firefox\profiles\p24dx0ru.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.5.dll
FF - component: c:\documents and settings\ross\application data\mozilla\firefox\profiles\p24dx0ru.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.6.dll
FF - component: c:\documents and settings\ross\application data\mozilla\firefox\profiles\p24dx0ru.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.7.dll
FF - component: c:\documents and settings\ross\application data\mozilla\firefox\profiles\p24dx0ru.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.8.dll
FF - component: c:\documents and settings\ross\application data\mozilla\firefox\profiles\p24dx0ru.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-23 64288]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2012-1-8 25248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsledb160f6;MpKsledb160f6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3f66426-dadb-43ee-81ef-c36be3c2d074}\MpKsledb160f6.sys [2012-1-22 29904]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-3-21 61529]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-9-11 194304]
RUnknown MpKsl5e4b04ec;MpKsl5e4b04ec; [x]
RUnknown MpKslcbdb6df1;MpKslcbdb6df1; [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== Created Last 30 ================
.
2012-01-22 17:37:35 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3f66426-dadb-43ee-81ef-c36be3c2d074}\MpKsledb160f6.sys
2012-01-22 06:29:11 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3f66426-dadb-43ee-81ef-c36be3c2d074}\offreg.dll
2012-01-22 06:14:24 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-22 06:11:36 -------- d-----w- C:\b98dde3254b0edd7a8cb
2012-01-21 23:41:19 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3f66426-dadb-43ee-81ef-c36be3c2d074}\MpKsl5e4b04ec.sys
2012-01-21 22:01:37 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3f66426-dadb-43ee-81ef-c36be3c2d074}\mpengine.dll
2012-01-18 18:35:54 -------- d-----w- c:\program files\Cake Poker 2.0
2012-01-10 04:30:28 -------- d-----w- c:\documents and settings\ross\local settings\application data\CPN
2012-01-09 21:07:40 -------- d-----w- c:\program files\iPod
2012-01-09 04:24:12 59888 ------w- c:\windows\system32\pxwma.dll
2012-01-08 17:56:49 25248 ----a-w- c:\windows\system32\drivers\AmgHips.sys
2012-01-08 17:56:39 -------- d-----w- c:\documents and settings\ross\local settings\application data\360Amigo
2012-01-08 17:56:35 -------- d-----w- c:\program files\360Amigo
2012-01-06 21:30:10 -------- d-----w- c:\documents and settings\ross\application data\Malwarebytes
2012-01-06 21:30:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-06 21:29:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 21:29:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-06 19:51:44 -------- d-----w- c:\program files\Pidgin
2012-01-06 19:06:01 -------- d-----w- c:\documents and settings\ross\local settings\application data\Secunia PSI
2012-01-06 19:05:20 -------- d-----w- c:\program files\Secunia
2012-01-04 01:43:15 -------- d-sh--w- c:\documents and settings\ross\IECompatCache
2012-01-03 13:22:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-06 19:38:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 5:01:12.93 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/21/2009 2:43:41 PM
System Uptime: 1/22/2012 12:15:45 PM (17 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 6.39 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP708: 10/25/2011 7:49:07 PM - System Checkpoint
RP709: 10/26/2011 8:37:07 PM - System Checkpoint
RP710: 10/27/2011 9:37:03 PM - System Checkpoint
RP711: 10/28/2011 10:07:50 PM - System Checkpoint
RP712: 10/29/2011 10:36:59 PM - System Checkpoint
RP713: 10/31/2011 12:58:31 AM - System Checkpoint
RP714: 11/1/2011 2:54:01 AM - System Checkpoint
RP715: 11/2/2011 3:37:02 AM - System Checkpoint
RP716: 11/3/2011 3:00:35 PM - System Checkpoint
RP717: 11/5/2011 3:40:11 AM - System Checkpoint
RP718: 11/6/2011 3:05:40 AM - System Checkpoint
RP719: 11/6/2011 4:53:15 PM - Software Distribution Service 3.0
RP720: 11/7/2011 3:00:15 AM - Software Distribution Service 3.0
RP721: 11/8/2011 3:34:48 AM - System Checkpoint
RP722: 11/9/2011 4:34:48 AM - System Checkpoint
RP723: 11/10/2011 5:34:48 AM - System Checkpoint
RP724: 11/11/2011 6:34:48 AM - System Checkpoint
RP725: 11/12/2011 3:00:29 AM - Software Distribution Service 3.0
RP726: 11/13/2011 3:24:02 AM - System Checkpoint
RP727: 11/14/2011 4:24:08 AM - System Checkpoint
RP728: 11/15/2011 5:24:00 AM - System Checkpoint
RP729: 11/16/2011 6:23:58 AM - System Checkpoint
RP730: 11/17/2011 12:28:52 AM - Software Distribution Service 3.0
RP731: 11/17/2011 10:26:57 AM - Software Distribution Service 3.0
RP732: 11/18/2011 12:28:17 AM - Software Distribution Service 3.0
RP733: 11/18/2011 3:00:22 AM - Software Distribution Service 3.0
RP734: 11/19/2011 3:12:37 AM - Software Distribution Service 3.0
RP735: 11/20/2011 3:08:35 AM - Software Distribution Service 3.0
RP736: 11/21/2011 1:33:19 AM - Software Distribution Service 3.0
RP737: 11/22/2011 2:49:32 AM - System Checkpoint
RP738: 11/22/2011 3:09:29 AM - Software Distribution Service 3.0
RP739: 11/23/2011 3:08:40 AM - Software Distribution Service 3.0
RP740: 11/24/2011 3:45:28 AM - System Checkpoint
RP741: 11/25/2011 3:10:20 AM - Software Distribution Service 3.0
RP742: 11/26/2011 3:14:45 AM - Software Distribution Service 3.0
RP743: 11/27/2011 3:26:37 AM - Software Distribution Service 3.0
RP744: 11/28/2011 2:29:45 AM - Software Distribution Service 3.0
RP745: 11/29/2011 2:39:07 AM - System Checkpoint
RP746: 11/29/2011 11:42:01 AM - Software Distribution Service 3.0
RP747: 11/30/2011 11:44:32 AM - System Checkpoint
RP748: 11/30/2011 11:46:31 AM - Software Distribution Service 3.0
RP749: 12/1/2011 11:42:23 AM - Software Distribution Service 3.0
RP750: 12/2/2011 11:42:42 AM - Software Distribution Service 3.0
RP751: 12/3/2011 11:42:13 AM - Software Distribution Service 3.0
RP752: 12/4/2011 11:42:26 AM - Software Distribution Service 3.0
RP753: 12/5/2011 2:04:20 AM - Software Distribution Service 3.0
RP754: 12/5/2011 12:11:43 PM - Software Distribution Service 3.0
RP755: 12/6/2011 12:07:22 PM - Software Distribution Service 3.0
RP756: 12/7/2011 12:11:20 PM - Software Distribution Service 3.0
RP757: 12/8/2011 12:45:32 PM - System Checkpoint
RP758: 12/8/2011 3:49:08 PM - Software Distribution Service 3.0
RP759: 12/9/2011 5:16:19 PM - System Checkpoint
RP760: 12/9/2011 8:48:15 PM - Software Distribution Service 3.0
RP761: 12/10/2011 8:49:47 PM - System Checkpoint
RP762: 12/10/2011 8:52:34 PM - Software Distribution Service 3.0
RP763: 12/11/2011 8:48:31 PM - Software Distribution Service 3.0
RP764: 12/12/2011 2:03:34 AM - Software Distribution Service 3.0
RP765: 12/12/2011 8:49:42 PM - Software Distribution Service 3.0
RP766: 12/13/2011 8:56:58 PM - System Checkpoint
RP767: 12/14/2011 2:03:58 AM - Software Distribution Service 3.0
RP768: 12/14/2011 3:00:35 AM - Software Distribution Service 3.0
RP769: 12/15/2011 3:30:50 AM - System Checkpoint
RP770: 12/15/2011 3:34:22 AM - Software Distribution Service 3.0
RP771: 12/16/2011 3:33:44 AM - Software Distribution Service 3.0
RP772: 12/17/2011 3:33:34 AM - Software Distribution Service 3.0
RP773: 12/18/2011 3:34:40 AM - Software Distribution Service 3.0
RP774: 12/19/2011 2:27:37 AM - Software Distribution Service 3.0
RP775: 12/20/2011 2:30:46 AM - System Checkpoint
RP776: 12/20/2011 1:43:53 PM - Software Distribution Service 3.0
RP777: 12/21/2011 2:35:48 PM - Software Distribution Service 3.0
RP778: 12/22/2011 2:31:06 PM - Software Distribution Service 3.0
RP779: 12/30/2011 7:16:08 PM - Software Distribution Service 3.0
RP780: 1/1/2012 9:13:17 PM - Software Distribution Service 3.0
RP781: 1/2/2012 2:08:43 AM - Software Distribution Service 3.0
RP782: 1/2/2012 9:07:10 PM - Software Distribution Service 3.0
RP783: 1/3/2012 9:08:10 PM - Software Distribution Service 3.0
RP784: 1/4/2012 9:09:11 PM - Software Distribution Service 3.0
RP785: 1/5/2012 9:09:56 PM - Software Distribution Service 3.0
RP786: 1/6/2012 3:54:41 PM - Installed Adobe Shockwave Player 11.6.
RP787: 1/7/2012 4:14:59 PM - System Checkpoint
RP788: 1/7/2012 4:21:33 PM - Software Distribution Service 3.0
RP789: 1/8/2012 12:56:35 PM - 360Amigo System Speedup Free(1.2.1.7700)
RP790: 1/8/2012 2:24:39 PM - 360Amigo System Speedup(Privacy Cleaner)
RP791: 1/8/2012 4:21:11 PM - Software Distribution Service 3.0
RP792: 1/8/2012 9:52:07 PM - Software Distribution Service 3.0
RP793: 1/9/2012 2:15:00 AM - Software Distribution Service 3.0
RP794: 1/9/2012 8:39:54 PM - Software Distribution Service 3.0
RP795: 1/10/2012 8:51:25 PM - System Checkpoint
RP796: 1/11/2012 12:48:35 PM - Software Distribution Service 3.0
RP797: 1/12/2012 3:00:28 AM - Software Distribution Service 3.0
RP798: 1/13/2012 3:30:37 AM - System Checkpoint
RP799: 1/13/2012 3:33:50 AM - Software Distribution Service 3.0
RP800: 1/14/2012 3:35:57 AM - System Checkpoint
RP801: 1/14/2012 7:40:53 PM - Software Distribution Service 3.0
RP802: 1/15/2012 8:02:28 PM - System Checkpoint
RP803: 1/16/2012 2:00:57 AM - Software Distribution Service 3.0
RP804: 1/16/2012 2:31:56 PM - 360Amigo System Speedup(Privacy Cleaner)
RP805: 1/17/2012 10:42:27 AM - Software Distribution Service 3.0
RP806: 1/18/2012 11:21:25 AM - Software Distribution Service 3.0
RP807: 1/19/2012 2:50:37 AM - Software Distribution Service 3.0
RP808: 1/19/2012 12:29:35 PM - Software Distribution Service 3.0
RP809: 1/20/2012 1:33:18 PM - Microsoft Antimalware Checkpoint
RP810: 1/20/2012 2:37:46 PM - Software Distribution Service 3.0
RP811: 1/21/2012 3:21:38 PM - System Checkpoint
RP812: 1/21/2012 3:35:22 PM - Microsoft Antimalware Checkpoint
RP813: 1/21/2012 5:01:33 PM - Software Distribution Service 3.0
RP814: 1/22/2012 4:54:22 PM - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
360Amigo System Speedup Free
7-Zip 4.65
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Acrobat.com
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
Amazon Kindle For PC v1.1
Amazon MP3 Downloader 1.0.15
Amazon Unbox Video
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
Bonjour
BS.Player FREE
Cake Poker 2.0
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Photo AIO Printer 924
ESPN Java Check
FoxyTunes for Firefox
GNU Aspell 0.50-3
GTK+ Runtime 2.14.7 rev a (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB939209)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes Anti-Malware version 1.60.0.1800
MATLAB R2010a
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.25)
NETGEAR WG111v2 wireless USB 2.0 adapter
Pidgin
QuickTime
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
Spybot - Search & Destroy
Starcraft
StarCraft II
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB 2.0 Wireless LAN Card Utility
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
World Community Grid - BOINC for Windows
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
1/21/2012 4:40:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
1/20/2012 2:27:41 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/18/2012 6:17:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
1/17/2012 7:56:50 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/17/2012 6:09:41 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0024B23E8397 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Thanks!

2
Contributors
5
Replies
12
Views
5 Years
Discussion Span
Last Post by PhilliePhan
0

Hi Ossray2000,

You have contracted a popular and nasty malware. It is usually accompanied by a backdoor trojan that harvests passwords and other sensitive data. If you use this machine for financial transactions or other important business you should change your passwords via an uninfected machine.

-- Generally, in cases such as this, I recommend wiping the hard drive and reinstalling Windows.

If that is not a feasible option for you, we can try to clean it.

-- You will need a flash drive to transfer programs and scanlogs from the ill computer to one that you can use to post with.

-- Is the internet still disabled? If not, it will be during the cleaning process due to some registry changes and an infected driver tied to DHCP.

Anyhoo, let me know how you want to proceed. At any rate, I suggest you back up any important data, music, pix, documents etc...

Cheers :)
PP

0

Hi PhilliePhan, thanks for the quick reply. By "disabled" I meant that I manually disabled the internet during the DDS because I didn't want anything interfering with it. The internet is functional but the issues remain. Since posting the thread, I also downloaded AVG and did an initial scan, which removed a couple items. I also used ccleaner to clear out cookies, especially since AVG kept notifying me of tracking cookies related to ping.exe, but they still seem to be popping up.

This is probably a dumb question, but is there any way I can directly transfer the bulk of my files to a laptop in order to back them up? I have access to a laptop with enough free space to do so, but if that is not possible then I guess I will need to get an external hard drive. I suppose having one will come in handy eventually anyway.

What are the steps for wiping the hard drive and reinstalling windows? The computer is over 5 years old so I don't really know what sort of install discs and things I would need for the process, but hopefully I can dig them up in my apartment.

0

You can backup to another computer on your network. See --> http://windows.microsoft.com/en-US/windows-vista/Copy-files-to-another-computer
I don't recommend this with an ill machine. I much prefer an external drive for backups.

-- Wiping the hard drive and reinstalling Windows is fairly easy, providing that you have a valid license key and a Windows disk.
-- Your machine may have only a "recovery partition" with which to work. That actually makes things much easier, but, with some of the rootkits today, I wonder if it is 100% safe and effective. 'Course, for a lot of people these days, that's all they have....

If we try to clean this, you'll likely temporarily lose the internet connection - we ought to be able to deal with that.

-- What was the effect of the AVG run? Usually, it will pinpoint the infected driver but fail to remove it because of its critical nature. AVG should tell you that.
No worries - we'll find it soon enough.

Cheers :)
PP

Edited by PhilliePhan: n/a

0

AVG found "Trojan horse Crypt.ANVH", which was actually detected twice more later that day, and had a warning of "Found registry key with reference to infected file C:\WINDOWS\system32\DRIVERS\redbook.sys"

I think I will give the wipe/reinstall a try since my computer could use a clean slate anyway even if I could clean it successfully. The main issues I described in my first post actually seem to be ok now, but I am still receiving virus notifications from Microsoft Security Essentials and AVG, so I think I will play it safe.

Thank you very much for your help! I'll probably close the thread following a successful reinstall.

0

so I think I will play it safe.

Thank you very much for your help! I'll probably close the thread following a successful reinstall.

You're welcome :)

It's always a good idea to play it safe - especially with backdoors and rootkits. You can't take the lack of further symptoms or issues to mean you have nothing to worry about.
Even cleaning these malware will not return your machine to a 100% trustworthy state - though, some people can live with that if they don't use the machine for sensitive issues such as work or financial transactions.

Best Luck :)
PP

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.