First I got the Live Security Platinum malware...

[Jack]

Hi and welcome to the MalwareTips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

---

You have some left over files from a ZeroAccess rootkit infection on your system and we need to remove them.Please follow the below steps.

STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions

 
Download ComboFix from one of the following locations: 

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  -----------------------------------------------------------
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    -----------------------------------------------------------
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  -----------------------------------------------------------

How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you. 
4. Please include the C:\ComboFix.txt in your next reply.
   

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

---

What's next?

Please post in your next reply:
1.Combofix log
2.Let me know if you had any problems with the above instructions and also let me know how things are running now!

[Timmytour]

Many thanks Jack.

Computer up and running. I uninstalled Microssoft Security Essentials before running Combofix (as was apparently still operating though I understood it wasn't) and am now re-installing. Computer seems fine.

Log as follows...

ComboFix 12-08-05.02 - User1 06/08/2012 0:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1800 [GMT 1:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc10.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc11.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc14.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc14E.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc18.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc19.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc1A.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc4.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc7.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc8.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc9.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccA.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccD.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\User2\Local Settings\Temporary Internet Files\mccF.tmp
c:\documents and settings\User1\Application Data\PriceGong
c:\documents and settings\User1\Application Data\PriceGong\Data\1.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\a.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\b.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\c.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\d.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\e.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\f.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\g.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\h.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\i.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\j.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\k.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\l.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\m.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\n.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\o.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\p.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\q.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\r.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\s.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\t.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\u.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\v.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\w.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\x.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\y.xml
c:\documents and settings\User1\Application Data\PriceGong\Data\z.xml
c:\documents and settings\User1\Local Settings\Application Data\assembly\tmp
c:\documents and settings\User1\Start Menu\Programs\Live Security Platinum
c:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Live Security Platinum Support Site.url
c:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Uninstall.lnk
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\asmcf.dat
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\components\rlxh.dll
c:\program files\RelevantKnowledge\components\rlxi.dll
c:\program files\RelevantKnowledge\components\rlxj.dll
c:\program files\RelevantKnowledge\components\rlxk.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\ncncf.dat
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlcm.crx
c:\program files\RelevantKnowledge\rlcm.txt
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlxf.dll
c:\windows\Installer\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\@
c:\windows\Installer\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\U\00000001.@
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-03 08:48 . 2012-08-03 08:48 9231560 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-01 08:32 . 2012-08-01 08:32 -------- d-----w- c:\program files\ESET
2012-07-30 23:42 . 2012-07-30 23:17 883616 ----a-w- C:\FixExec.exe
2012-07-30 22:42 . 2012-07-30 22:42 -------- d-----w- c:\documents and settings\A.N. Other\Local Settings\Application Data\PCHealth
2012-07-30 22:31 . 2012-07-30 22:31 -------- d-----w- c:\documents and settings\Administrator.REINSURA-BD52A5
2012-07-30 06:35 . 2012-08-01 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\036DFF6168D59C9E61EA5A017B07D287
2012-07-22 11:50 . 2012-07-22 11:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2012-07-19 18:33 . 2012-07-19 18:33 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 08:48 . 2012-03-29 05:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 08:48 . 2011-09-10 00:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2006-02-28 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 16:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 16:35 . 2011-09-09 11:53 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 16:35 . 2011-09-10 00:11 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-02-28 11:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2009-08-06 18:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2011-09-09 11:53 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2011-09-09 11:53 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2011-09-09 11:53 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2011-09-09 11:53 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2006-02-28 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2009-08-06 18:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2011-09-09 11:53 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2011-09-09 11:53 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2011-09-10 00:11 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2011-09-10 00:11 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-02-28 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-02-28 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 11:00 385024 ------w- c:\windows\system32\html.iec
2001-11-21 08:10 . 2001-11-21 08:10 18330960 ----a-w- c:\program files\Oxpsp1.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicono​verlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoeMonitor.exe"="c:\documents and settings\User1\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2011-10-01 1315152]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BitTorrent"="c:\documents and settings\User1\My Documents\Downloads\Programs\BitTorrent-7.2.1.exe" [2012-05-18 6379888]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-02 367128]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-05-08 77616]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"coreworks"="c:\program files\HPQ\HP Connection Manager 1.1\bin\gbxapp.exe" [2008-06-12 780776]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-04-21 1090840]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-02-27 3387904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\User2\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-24 142848]
.
c:\documents and settings\User1\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-24 142848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
SonicWALL Global VPN Client.lnk - c:\windows\Installer\{40624553-811E-400E-B69B-38D8926A66BD}\_A408D8C4509665C152B13E.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2011-9-9 197904]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecu​teHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 15:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 15:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-04-21 10:48 69632 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2011-10-01 18:17 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sy​s]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorize​dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\User1\\My Documents\\Downloads\\Programs\\BitTorrent-7.2.1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [05/06/2008 17:08 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [05/06/2008 17:08 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [05/06/2008 17:08 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [05/03/2012 16:45 24064]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [14/09/2011 11:20 108448]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [25/09/2011 13:52 51976]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [21/03/2008 22:54 39712]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [05/06/2008 17:08 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 16:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 12:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 12:00 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [15/05/2008 15:11 1176824]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [10/06/2008 11:13 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [05/06/2008 17:07 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [09/09/2011 18:01 77824]
R2 mdvsrv;HP Connection Manager Service;c:\program files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe [12/06/2008 13:19 575976]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [09/09/2011 17:58 576024]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [09/06/2008 09:06 345336]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE [09/09/2011 17:15 2058776]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [01/10/2011 19:17 44880]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [15/05/2008 13:29 475520]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [09/09/2011 17:33 193840]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [09/09/2011 17:28 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [09/09/2011 18:00 44800]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [01/10/2011 19:17 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [01/10/2011 19:17 19408]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [09/09/2011 17:27 47616]
S2 crd;crd;c:\docume~1\ELLAAN~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe --> c:\docume~1\ELLAAN~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/04/2012 11:37 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 06:47 250056]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [09/09/2011 18:01 32256]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [21/04/2008 13:27 349432]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [09/09/2011 17:30 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [09/09/2011 17:30 112640]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [09/09/2011 17:30 103680]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:48]
.
2012-08-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-REINSURA-BD52A5-User2.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-07 03:44]
.
2012-08-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-REINSURA-BD52A5-User1.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-07 03:44]
.
2012-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-08-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
Toolbar-10 - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-kdx - c:\program files\Kontiki\KHost.exe
HKLM-Run-DATAMNGR - c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BitTorrent - c:\documents and settings\User1\My Documents\Downloads\Programs\BitTorrent.exe
AddRemove-Remove on Reboot Shell Extension_is1 - c:\program files\Remove on Reboot\unins000.exe
AddRemove-Searchqu 406 MediaBar - c:\program files\Windows iLivid Toolbar\uninstall.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-06 00:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*,  \OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWlnPkg.DLL
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll
c:\windows\system32\acomx.dll
c:\windows\system32\acbsi21.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\program files\Hewlett-Packard\DeviceAccessManager\0009\PTDMLiteResource.dll
c:\windows\system32\flcdlmsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
.
- - - - - - - > 'explorer.exe'(12260)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\documents and settings\User1\Local Settings\Application Data\Microsoft\Live Mesh\Bin\WLCShell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\wscntfy.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\hpq\hp connection manager 1.1\bin\gbx4log.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\System32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\windows\System32\wudfhost.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2012-08-06 00:52:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 23:52
.
Pre-Run: 18,186,305,536 bytes free
Post-Run: 19,291,430,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3BE5B06B611B59882C07A41143D99037

[Jack]

Ok, we got those left overs...
Now,can you please perform the following scans:
VERY IMPORTANT! PLEASE RUN ONLY ONE SCAN AT THE TIME! DON'T START ALL THE SCAN AT ONCE!
STEP 1: Run a HitmanPro scan

1. Download the latest official version of HitmanPro.
   HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro)
2. Start HitmanPro  by double clicking on the previously downloaded file. and then following the prompts.
   
3. Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next .
   
4. Click Activate free license to start the free 30 days trial and remove the malicious files.
   
5. HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
   

Add to your next reply, any log that HitmanPro might generate.

---

STEP 2: Run a scan with RogueKiller

1. Please download the latest official version of RogueKiller.
   ROGUEKILER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
   
3. After the scan has completed, press the Delete button to remove any malicious registry keys.
   
4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
   

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.

---

STEP 3: Run a scan with ESET Online Scanner.

1. Download ESET Online Scanner utility.
   ESET ONLINE SCANNER DOWNLOAD LINK (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push List of found threats
9. Push Export to Text file and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.
10. Push the back button.
11. Push Finish

---

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.HitmanPro log
2.RogueKiller logs
3.ESET log
4.Let me know if you had any problems with the above instructions and also let me know how things are running now!

[Timmytour]

Hi Jack

Many thanks for your continued assistance

Prior to your previous post I was a bit premature in thinking my laptop was up and running again. I was getting an increasing number of "script error messages". Then I found myself unable to get onto a microsoft site and realised that once again my google links were being re-directed. Then I noticed that Security Essentials had once again been disabled.

Having then come back here and seen your post I ran Hitmanpro as suggested. I got stuff to remove and had to reboot, but do not seem to have got a report from it. I ran Roguekiller and have attached the report

However the link to Eset comes up with the following message

"404. That’s an error.
The requested URL /us/download/utilities/ was not found on this server. That’s all we know."

I had run it before and removed it from the list of programs and tried again, but to no avail. Before that I tried to run it from the previous copy I had but it could not update and would not proceed.

[Timmytour]

Definitely still something on the computer....went to go into Facebook and after a brief look at it a screen came up to say I was banned for being a suspected spammer....but I could verify my identity by entering my credit card information!

[Timmytour]

Looked again this morning (now at work on a work computer) and I have a Live Security platinum icon on my desktop!

[Timmytour]

Well....thinking i still had problems, i started again. Went through...

1.HitmanPro
2.RogueKiller
3.ESET

Doing this from work so trying to remember what came up. Hitman found a few things I think, Roguekiller found nothing. Before i ran ESET this time I removed my Microsoft essentials via the Add Remove facility on the Control panel. Although it appeared to be disabled anyway, I'm not sure i did that first time around.

ESET located about 12 threats which I got removed.

Computer seemed fine afterwards. I reinstalled Microsoft essentials and ran a quick scan. Nothing. Then later I ran a full scan and it picked up one serious threat and one potential both of which I then got it to remove.

touch wood things seem ok now. Have turned it off and restarted a few times now and Microsoft Essentials appears to still be operational.

[Jack]

So what's the current state of your computer?What problems are you experiencing? How is running?...
Can you please run the below utilities:
STEP 1: Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.

1. Save it to your desktop.
2. Double click the setup file to run it.
3. Follow the onscreen prompts until it is installed
4. Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
   
   • System Memory
   • Hidden startup objects
   • Disk boot sectors
   • Local Disk (C: )
   • Also any other drives (Removable that you may have)
5. Then click on Actions on the left hand side
6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
7. Click on Automatic Scan
8. Now click the Start Scanning button, to run the scan
9. After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side
10. Click Detected threats on the left
11. Now click the Save button, and save it as kaslog.txt to your Desktop
12. Please attach kaslog.txt in your next reply.

---

STEP 2: Run Temp File Cleaner by OldTimer

1. You can download the TFC utility from the below link
   TFC DOWNLOAD LINK (This link will automatically download Temp File Cleaner on your computer)
2. Please double-click TFC.exe to run it. (Note: If you are running on Vista or 7, right-click on the file and choose Run As Administrator).
3. It will close all programs when run, so make sure you have saved all your work before you begin.
4. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
5. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

---

STEP 3: Download and run OTL

1. Download the OTL utility using the below link :
   OTL DOWNLOAD LINK (This link will automatically download OTL on your computer)
2. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
   
3. When the window appears, underneath Output at the top change it to Minimal Output.
4. Check the boxes beside LOP Check and Purity Check.
5. Under the Custom Scan box paste this in:
   
   
   Code:
   

   %SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
6. Click the Run Scan button.
7. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
   Please post this 2 logs in your first reply..

Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: OTL.scr, or OTL.com.

---

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.Kaspersky log
2.OTL logs
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!