adware generic 4 problem, POP up viruses on my computer! how to remove them!!!!
my antivirus is AVG (its bad i know but better something then nothing), and i saw a thread that posted by ganghao and I did like it said there. so this is notes from SUPERAntiSpyware:

SUPERAntiSpyware Scan Log

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 07/14/2009 at 09:57 PM

Application Version : 4.26.1006

Core Rules Database Version : 3993
Trace Rules Database Version: 1933

Scan type : Quick Scan
Total Scan Time : 01:28:10

Memory items scanned : 217
Memory threats detected : 0
Registry items scanned : 452
Registry threats detected : 32
File items scanned : 53423
File threats detected : 274

Adware.SystemSearchDispatch
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\InprocServer32
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\InprocServer32#ThreadingModel
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\ProgID
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\Programmable
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\TypeLib
HKCR\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}\VersionIndependentProgID
HKCR\ExplorerBar.FunRedirector.1
HKCR\ExplorerBar.FunRedirector.1\CLSID
HKCR\ExplorerBar.FunRedirector
HKCR\ExplorerBar.FunRedirector\CLSID
HKCR\ExplorerBar.FunRedirector\CurVer
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0\0
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0\0\win32
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0\FLAGS
HKCR\TypeLib\{883DFC00-8A21-411d-956C-73A4E4B7D16F}\1.0\HELPDIR
C:\PROGRAM FILES\SYSTEM SEARCH DISPATCHER\1.2.0.750\SSD.DLL
HKU\S-1-5-21-1220945662-1425521274-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
C:\Program Files\System Search Dispatcher\1.2.0.750\Data
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe
C:\Program Files\System Search Dispatcher\1.2.0.750
C:\Program Files\System Search Dispatcher
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}\ProxyStubClsid
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}\ProxyStubClsid32
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}\TypeLib
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}\TypeLib#Version

Adware.DesktopSmileyToolbar
HKU\S-1-5-21-1220945662-1425521274-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKU\S-1-5-21-1220945662-1425521274-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

Adware.Tracking Cookie
C:\Documents and Settings\Acim\Cookies\acim@ad2.doublepimp[1].txt
C:\Documents and Settings\Acim\Cookies\acim@free.wegcash[2].txt
C:\Documents and Settings\Acim\Cookies\acim@top_players[6].txt
C:\Documents and Settings\Acim\Cookies\acim@adult-sex-games[1].txt
C:\Documents and Settings\Acim\Cookies\acim@ads.gamesbannernet[2].txt
C:\Documents and Settings\Acim\Cookies\acim@tribalfusion[2].txt
C:\Documents and Settings\Acim\Cookies\acim@top[1].txt
C:\Documents and Settings\Acim\Cookies\acim@sextronix[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.pstats[2].txt
C:\Documents and Settings\Acim\Cookies\acim@xxx-animatrix[1].txt
C:\Documents and Settings\Acim\Cookies\acim@hentaisexsites[1].txt
C:\Documents and Settings\Acim\Cookies\acim@cgm.adbureau[2].txt
C:\Documents and Settings\Acim\Cookies\acim@mediaplex[2].txt
C:\Documents and Settings\Acim\Cookies\acim@yadro[2].txt
C:\Documents and Settings\Acim\Cookies\acim@counter4.sextracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@freepornstreet[1].txt
C:\Documents and Settings\Acim\Cookies\acim@drawnsex0070_kimpossibl e[1].txt
C:\Documents and Settings\Acim\Cookies\acim@%7BBiA%7DStAlKeR[2].txt
C:\Documents and Settings\Acim\Cookies\acim@counter6.sextracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@9adultsexgames[2].txt
C:\Documents and Settings\Acim\Cookies\acim@pacificpoker[2].txt
C:\Documents and Settings\Acim\Cookies\acim@porncitadel[1].txt
C:\Documents and Settings\Acim\Cookies\acim@cbs.112.2o7[1].txt
C:\Documents and Settings\Acim\Cookies\acim@serving-sys[1].txt
C:\Documents and Settings\Acim\Cookies\acim@msnportal.112.2o7[1].txt
C:\Documents and Settings\Acim\Cookies\acim@dtr[2].txt
C:\Documents and Settings\Acim\Cookies\acim@adultadworld[2].txt
C:\Documents and Settings\Acim\Cookies\acim@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Acim\Cookies\acim@sextracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.amihorny[1].txt
C:\Documents and Settings\Acim\Cookies\acim@galleries1.adult-empire[1].txt
C:\Documents and Settings\Acim\Cookies\acim@apmebf[2].txt
C:\Documents and Settings\Acim\Cookies\acim@zedo[2].txt
C:\Documents and Settings\Acim\Cookies\acim@cgi-bin[2].txt
C:\Documents and Settings\Acim\Cookies\acim@mysexgames[2].txt
C:\Documents and Settings\Acim\Cookies\acim@choice4adults[2].txt
C:\Documents and Settings\Acim\Cookies\acim@www.myhornycartoons[2].txt
C:\Documents and Settings\Acim\Cookies\acim@tacoda[1].txt
C:\Documents and Settings\Acim\Cookies\acim@server.cpmstar[2].txt
C:\Documents and Settings\Acim\Cookies\acim@dtr[4].txt
C:\Documents and Settings\Acim\Cookies\acim@amihorny[1].txt
C:\Documents and Settings\Acim\Cookies\acim@sexyhumorgames[2].txt
C:\Documents and Settings\Acim\Cookies\acim@www.orgysexparties[2].txt
C:\Documents and Settings\Acim\Cookies\acim@www.cartoonsexsite[2].txt
C:\Documents and Settings\Acim\Cookies\acim@bs.serving-sys[1].txt
C:\Documents and Settings\Acim\Cookies\acim@dmtracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@a.www.gametracker[2].txt
C:\Documents and Settings\Acim\Cookies\acim@adserver.i3d[2].txt
C:\Documents and Settings\Acim\Cookies\acim@xxx-v[2].txt
C:\Documents and Settings\Acim\Cookies\acim@casalemedia[2].txt
C:\Documents and Settings\Acim\Cookies\acim@sexlist[1].txt
C:\Documents and Settings\Acim\Cookies\acim@myanimesex[2].txt
C:\Documents and Settings\Acim\Cookies\acim@questionmarket[2].txt
C:\Documents and Settings\Acim\Cookies\acim@collective-media[1].txt
C:\Documents and Settings\Acim\Cookies\acim@atdmt[2].txt
C:\Documents and Settings\Acim\Cookies\acim@click.superpaysys[1].txt
C:\Documents and Settings\Acim\Cookies\acim@xxxcounter[1].txt
C:\Documents and Settings\Acim\Cookies\acim@statcounter[2].txt
C:\Documents and Settings\Acim\Cookies\acim@sexy****games[2].txt
C:\Documents and Settings\Acim\Cookies\acim@ad.yieldmanager[2].txt
C:\Documents and Settings\Acim\Cookies\acim@hentaicounter[2].txt
C:\Documents and Settings\Acim\Cookies\acim@youpornmate[1].txt
C:\Documents and Settings\Acim\Cookies\acim@media.adrevolver[1].txt
C:\Documents and Settings\Acim\Cookies\acim@clicks.adengage[2].txt
C:\Documents and Settings\Acim\Cookies\acim@dtr[1].txt
C:\Documents and Settings\Acim\Cookies\acim@youporn[2].txt
C:\Documents and Settings\Acim\Cookies\acim@ads.w3box[2].txt
C:\Documents and Settings\Acim\Cookies\acim@xxx-video[1].txt
C:\Documents and Settings\Acim\Cookies\acim@cgi-bin[1].txt
C:\Documents and Settings\Acim\Cookies\acim@galleries.adult-empire[2].txt
C:\Documents and Settings\Acim\Cookies\acim@promo.8teensworld[2].txt
C:\Documents and Settings\Acim\Cookies\acim@advertising[1].txt
C:\Documents and Settings\Acim\Cookies\acim@fishsexgames[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.fishadultgames[1].txt
C:\Documents and Settings\Acim\Cookies\acim@manage[1].txt
C:\Documents and Settings\Acim\Cookies\acim@counter14.sextracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@st[2].txt
C:\Documents and Settings\Acim\Cookies\acim@hornygamer[1].txt
C:\Documents and Settings\Acim\Cookies\acim@doubleclick[1].txt
C:\Documents and Settings\Acim\Cookies\acim@AdRotator[1].txt
C:\Documents and Settings\Acim\Cookies\acim@crazyxxx3dworld[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.adultxxxgamer[1].txt
C:\Documents and Settings\Acim\Cookies\acim@revsci[2].txt
C:\Documents and Settings\Acim\Cookies\acim@ads.pointroll[1].txt
C:\Documents and Settings\Acim\Cookies\acim@counter11.sextracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@st[5].txt
C:\Documents and Settings\Acim\Cookies\acim@ad.httpool[1].txt
C:\Documents and Settings\Acim\Cookies\acim@tradedoubler[1].txt
C:\Documents and Settings\Acim\Cookies\acim@ads.crakmedia[1].txt
C:\Documents and Settings\Acim\Cookies\acim@fastclick[2].txt
C:\Documents and Settings\Acim\Cookies\acim@89.163.145[2].txt
C:\Documents and Settings\Acim\Cookies\acim@kontera[2].txt
C:\Documents and Settings\Acim\Cookies\acim@www.sexgamesfree[1].txt
C:\Documents and Settings\Acim\Cookies\acim@91.203.169[2].txt
C:\Documents and Settings\Acim\Cookies\acim@****-toons[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.hentaisexsites[1].txt
C:\Documents and Settings\Acim\Cookies\acim@stats.adbrite[2].txt
C:\Documents and Settings\Acim\Cookies\acim@www2.mystats[1].txt
C:\Documents and Settings\Acim\Cookies\acim@toplist[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.dragonball-xxx[2].txt
C:\Documents and Settings\Acim\Cookies\acim@at.atwola[1].txt
C:\Documents and Settings\Acim\Cookies\acim@vod.adultemart[2].txt
C:\Documents and Settings\Acim\Cookies\acim@2adultflashgames[1].txt
C:\Documents and Settings\Acim\Cookies\acim@specificclick[2].txt
C:\Documents and Settings\Acim\Cookies\acim@allporntoons[2].txt
C:\Documents and Settings\Acim\Cookies\acim@adultadrevenue[2].txt
C:\Documents and Settings\Acim\Cookies\acim@adtech[1].txt
C:\Documents and Settings\Acim\Cookies\acim@adultxxxgamer[2].txt
C:\Documents and Settings\Acim\Cookies\acim@st[4].txt
C:\Documents and Settings\Acim\Cookies\acim@free****vidz[2].txt
C:\Documents and Settings\Acim\Cookies\acim@smartadserver[2].txt
C:\Documents and Settings\Acim\Cookies\acim@mycartoonsexgames[2].txt
C:\Documents and Settings\Acim\Cookies\acim@arp[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.sexworldwatch[1].txt
C:\Documents and Settings\Acim\Cookies\acim@f[1].txt
C:\Documents and Settings\Acim\Cookies\acim@teen-titans_007[1].txt
C:\Documents and Settings\Acim\Cookies\acim@videoegg.adbureau[2].txt
C:\Documents and Settings\Acim\Cookies\acim@213.129.242[1].txt
C:\Documents and Settings\Acim\Cookies\acim@xfire.adbureau[2].txt
C:\Documents and Settings\Acim\Cookies\acim@hornymatches[1].txt
C:\Documents and Settings\Acim\Cookies\acim@i[2].txt
C:\Documents and Settings\Acim\Cookies\acim@www.fishsexgames[1].txt
C:\Documents and Settings\Acim\Cookies\acim@counter7.sextracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@sexgamesfree[2].txt
C:\Documents and Settings\Acim\Cookies\acim@content.yieldmanager[2].txt
C:\Documents and Settings\Acim\Cookies\acim@www.xxxgamer[2].txt
C:\Documents and Settings\Acim\Cookies\acim@www.adult-empire[2].txt
C:\Documents and Settings\Acim\Cookies\acim@gametracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@partypoker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@cgi-bin[4].txt
C:\Documents and Settings\Acim\Cookies\acim@www.2adultflashgames[2].txt
C:\Documents and Settings\Acim\Cookies\acim@fishadultgames[1].txt
C:\Documents and Settings\Acim\Cookies\acim@pussysexgames[2].txt
C:\Documents and Settings\Acim\Cookies\acim@stolenpornpasswords[1].txt
C:\Documents and Settings\Acim\Cookies\acim@counter5.sextracker[1].txt
C:\Documents and Settings\Acim\Cookies\acim@adbrite[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.9adultsexgames[1].txt
C:\Documents and Settings\Acim\Cookies\acim@rm.yieldmanager[2].txt
C:\Documents and Settings\Acim\Cookies\acim@viacom.adbureau[2].txt
C:\Documents and Settings\Acim\Cookies\acim@microsoftwlmessengermkt .112.2o7[1].txt
C:\Documents and Settings\Acim\Cookies\acim@212.200.150[2].txt
C:\Documents and Settings\Acim\Cookies\acim@myroitracking[2].txt
C:\Documents and Settings\Acim\Cookies\acim@media.photobucket[2].txt
C:\Documents and Settings\Acim\Cookies\acim@rs.search.etargetnet[2].txt
C:\Documents and Settings\Acim\Cookies\acim@cod4[1].txt
C:\Documents and Settings\Acim\Cookies\acim@cod2[1].txt
C:\Documents and Settings\Acim\Cookies\acim@porn[2].txt
C:\Documents and Settings\Acim\Cookies\acim@28[2].txt
C:\Documents and Settings\Acim\Cookies\acim@azjmp[1].txt
C:\Documents and Settings\Acim\Cookies\acim@top_players[4].txt
C:\Documents and Settings\Acim\Cookies\acim@cartoons13[1].txt
C:\Documents and Settings\Acim\Cookies\acim@21[2].txt
C:\Documents and Settings\Acim\Cookies\acim@ak[2].txt
C:\Documents and Settings\Acim\Cookies\acim@ads.gamershell[2].txt
C:\Documents and Settings\Acim\Cookies\acim@top_players[5].txt
C:\Documents and Settings\Acim\Cookies\acim@www.usenext[1].txt
C:\Documents and Settings\Acim\Cookies\acim@s1[2].txt
C:\Documents and Settings\Acim\Cookies\acim@search[2].txt
C:\Documents and Settings\Acim\Cookies\acim@top_players[2].txt
C:\Documents and Settings\Acim\Cookies\acim@xiti[1].txt
C:\Documents and Settings\Acim\Cookies\acim@media.mtvnservices[1].txt
C:\Documents and Settings\Acim\Cookies\acim@mmstat[2].txt
C:\Documents and Settings\Acim\Cookies\acim@cartoons01[1].txt
C:\Documents and Settings\Acim\Cookies\acim@79.99.24[1].txt
C:\Documents and Settings\Acim\Cookies\acim@drawnsex0018[1].txt
C:\Documents and Settings\Acim\Cookies\acim@smedia[1].txt
C:\Documents and Settings\Acim\Cookies\acim@pornhub[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.porncitadel[1].txt
C:\Documents and Settings\Acim\Cookies\acim@1036936521[1].txt
C:\Documents and Settings\Acim\Cookies\acim@Chupavi[1].txt
C:\Documents and Settings\Acim\Cookies\acim@clicksor[2].txt
C:\Documents and Settings\Acim\Cookies\acim@ads.predictad[1].txt
C:\Documents and Settings\Acim\Cookies\acim@naiadsystems[2].txt
C:\Documents and Settings\Acim\Cookies\acim@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Acim\Cookies\acim@clicktorrent[1].txt
C:\Documents and Settings\Acim\Cookies\acim@tsprotraffic[1].txt
C:\Documents and Settings\Acim\Cookies\acim@traffic[1].txt
C:\Documents and Settings\Acim\Cookies\acim@top_players[1].txt
C:\Documents and Settings\Acim\Cookies\acim@ads-dev.youporn[2].txt
C:\Documents and Settings\Acim\Cookies\acim@chitika[2].txt
C:\Documents and Settings\Acim\Cookies\acim@drawnsex0075_teenagerob ot[1].txt
C:\Documents and Settings\Acim\Cookies\acim@drawnsex0025[1].txt
C:\Documents and Settings\Acim\Cookies\acim@richmedia.yahoo[1].txt
C:\Documents and Settings\Acim\Cookies\acim@www.pornhub[2].txt
C:\Documents and Settings\Acim\Cookies\acim@adrevolver[2].txt
C:\Documents and Settings\Acim\Cookies\acim@group-sex[2].txt
C:\Documents and Settings\Acim\Cookies\acim@orgysexparties[1].txt
C:\Documents and Settings\Acim\Cookies\acim@cartoons06[1].txt
C:\Documents and Settings\Acim\Cookies\acim@adstats.cdfreaks[1].txt
C:\Documents and Settings\Acim\Cookies\acim@premiumtv.122.2o7[1].txt
C:\Documents and Settings\Acim\Cookies\acim@adultfriendfinder[1].txt
C:\Documents and Settings\Acim\Cookies\acim@213.239.219[2].txt
C:\Documents and Settings\Acim\Cookies\acim@08[1].txt
C:\Documents and Settings\arsenije\Cookies\arsenije@ad.httpool[1].txt
C:\Documents and Settings\arsenije\Cookies\arsenije@apmebf[2].txt
C:\Documents and Settings\arsenije\Cookies\arsenije@lfstmedia[2].txt
C:\Documents and Settings\Goran\Cookies\goran@accounts[2].txt
C:\Documents and Settings\Goran\Cookies\goran@adopt.specificclick[1].txt
C:\Documents and Settings\Goran\Cookies\goran@ads.addynamix[2].txt
C:\Documents and Settings\Goran\Cookies\goran@adserver[1].txt
C:\Documents and Settings\Goran\Cookies\goran@apmebf[1].txt
C:\Documents and Settings\Goran\Cookies\goran@avgtechnologies.112.2 o7[1].txt
C:\Documents and Settings\Goran\Cookies\goran@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Goran\Cookies\goran@msnbc.112.2o7[1].txt
C:\Documents and Settings\Goran\Cookies\goran@rotator.adjuggler[1].txt
C:\Documents and Settings\Goran\Cookies\goran@www.burstnet[1].txt

Adware.MediaAccessStartup
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-145956.343.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-150033.140.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-150035.046.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-150111.671.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-150138.593.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-150225.093.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-151537.562.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-152655.468.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-153056.046.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-161459.500.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-161517.765.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-162632.718.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-173441.000.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-174459.187.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-175741.812.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-211109.031.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-211439.812.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-230729.515.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-115849.984.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-132409.890.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-132543.312.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-135427.125.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-135531.375.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-141203.953.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-141452.796.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-141714.796.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-141947.828.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-143055.062.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-143748.984.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-143945.937.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-144058.828.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-145241.000.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-150327.953.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-150435.609.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-172459.343.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-172558.875.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-173157.484.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-191418.093.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-113647.500.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-115933.562.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-132904.265.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-134434.421.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-152618.390.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-152620.953.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-154352.718.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-154642.875.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-154954.640.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-155209.671.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-160812.140.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-161232.812.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-161520.718.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-164102.140.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-164225.812.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-164827.875.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-164903.375.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-165540.203.log
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup\1.3.0.790
C:\Documents and Settings\Acim\Local Settings\Application Data\Media Access Startup
HKU\S-1-5-21-1220945662-1425521274-839522115-1004\Software\Media Access Startup

Adware.JuicyAccess
HKU\S-1-5-21-1220945662-1425521274-839522115-1004\Software\DoubleD
HKLM\Software\DoubleD
HKLM\Software\DoubleD\DoubleD

Malwarebytes' Anti-Malware 1.39
Database version: 2429
Windows 5.1.2600 Service Pack 3

7/15/2009 1:10:53 PM
mbam-log-2009-07-15 (13-10-53).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 253307
Time elapsed: 1 hour(s), 33 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Acim\local settings\Temp\nsp85.tmp\NSISdl.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\Acim\local settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

GMER 1.0.15.14972 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-15 16:02:14
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

Device \Driver\a91095ar \Device\Scsi\a91095ar1 8A406568
Device \Driver\a91095ar \Device\Scsi\a91095ar1Port4Path0Target0Lun0 8A406568
Device \Driver\a91095ar \Device\Scsi\a91095ar1Port4Path0Target1Lun0 8A406568
Device \Driver\Cdrom \Device\CdRom0 8A5477A0
Device \Driver\Cdrom \Device\CdRom1 8A5477A0
Device \Driver\Cdrom \Device\CdRom2 8A5477A0
Device \Driver\dmio \Device\DmControl\DmConfig 8A7C71E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7C71E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7C71E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7C71E8
Device \Driver\Ftdisk \Device\FtControl 8A7561E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7561E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7561E8
Device \Driver\NetBT \Device\NetbiosSmb 893021E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{41E258FC-11D6-499F-80BA-8AC2CCC139B6} 893021E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4A355AC6-3171-4BF1-B31F-7B50449729B0} 893021E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 893021E8
Device \Driver\PCI_NTPNP9366 \Device\0000004a sptd.sys

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbehci \Device\USBFDO-1 8A5661E8
Device \Driver\usbehci \Device\USBPDO-1 8A5661E8
Device \Driver\usbohci \Device\USBFDO-0 8A49F1E8
Device \Driver\usbohci \Device\USBPDO-0 8A49F1E8
Device \FileSystem\Cdfs \Cdfs 8A35F378
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892FA1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 892FA1E8
Device \FileSystem\Ntfs \Ntfs 8A7541E8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9ED5ACA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EC0C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EC0AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EC0B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EC1748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EC161E] sptd.sys

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Acim\Local Settings\Temporary Internet Files\Content.IE5\0H63WXU7\private[2].htm 34059 bytes

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Xfire\xfire.exe[1728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 03061D3A C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0306291E C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 030622C2 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 03061B77 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0306240D C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!CreateWindowExW 7E42D0A3 2 Bytes JMP 030625F3 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!CreateWindowExW + 3 7E42D0A6 2 Bytes [C3, 84]
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 03062369 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 03062056 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 03061C0B C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!InvalidateRect 7E428FD5 5 Bytes JMP 03061E82 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!InvalidateRgn 7E42CDFE 5 Bytes JMP 03061F20 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!IsWindowVisible 7E429E3D 7 Bytes JMP 030626AC C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!RedrawWindow 7E429944 5 Bytes JMP 03062189 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 0306222A C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 03061C9F C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 03061FBE C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!SetFocus 7E42B112 5 Bytes JMP 03061DEA C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0306255B C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 030624B1 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03062874 C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[1728] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 030620EE C:\Program Files\Xfire\xfire_toucan_37857.dll (Xfire Toucan DLL/Xfire Inc.)

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\12c23ddb-be0d-4dd7-a8fb-9c1c665b6f08.tmp 0 bytes
File C:\WINDOWS\Temp\14e98dac-d8a8-42d4-9704-4cb858bfe8bf.tmp 0 bytes
File C:\WINDOWS\Temp\2012e8d1-850d-4f3d-b468-2ea889e50670.tmp 0 bytes
File C:\WINDOWS\Temp\2ddbe28c-813c-4d1f-a6f0-6344217b4b33.tmp 0 bytes
File C:\WINDOWS\Temp\32de31e0-d133-4b28-a37c-41734d9c8cd1.tmp 0 bytes
File C:\WINDOWS\Temp\42dd6479-2a7c-46d5-8ea2-5d3773942930.tmp 0 bytes
File C:\WINDOWS\Temp\5514c16c-0b3f-4eff-9129-29c1e1b6c84f.tmp 0 bytes
File C:\WINDOWS\Temp\5a5e38e8-5020-47f8-a7c7-8db40630057e.tmp 0 bytes
File C:\WINDOWS\Temp\72d88ab5-9a29-449e-adc4-e6beacf78677.tmp 0 bytes
File C:\WINDOWS\Temp\a778a62b-a1a1-4ae9-8d2d-96ada3824f9e.tmp 0 bytes
File C:\WINDOWS\Temp\c2915a4f-b041-44a3-9e77-81d0d07930e7.tmp 0 bytes
File C:\WINDOWS\Temp\c84f55e4-ff4c-4fc6-bf1b-dd0300abfa8c.tmp 0 bytes
File C:\WINDOWS\Temp\cbc365cd-d66a-4399-b8b6-988d0de21267.tmp 0 bytes
File C:\WINDOWS\Temp\cdc198e9-a5d4-402e-90a8-1d36b0649215.tmp 0 bytes
File C:\WINDOWS\Temp\fab308ba-04ba-4644-972b-7a5abf30f1a5.tmp 0 bytes

---- Kernel code sections - GMER 1.0.15 ----

? etcjfxk.sys The system cannot find the file specified. !

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x9B 0xFB 0xEC 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0x5D 0xCD 0xAA 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0xA5 0x73 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x2E 0x9C 0x1D 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x11 0x81 0x18 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0xA3 0x9D 0x12 0x96 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0xD6 0x57 0x48 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE1 0x5B 0xD1 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x11 0x81 0x18 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x11 0x81 0x18 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1193643228
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1532580335
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x9D 0x12 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD6 0x57 0x48 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0xE1 0x5B 0xD1 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khje h 0x11 0x81 0x18 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khje h 0x11 0x81 0x18 0xD6 ...

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9EC00D0]
SSDT sptd.sys ZwEnumerateKey [0xB9EC5E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EC61BA]
SSDT sptd.sys ZwOpenKey [0xB9EC00B0]
SSDT sptd.sys ZwQueryKey [0xB9EC6292]
SSDT sptd.sys ZwQueryValueKey [0xB9EC6112]
SSDT sptd.sys ZwSetValueKey [0xB9EC6324]

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\a91095ar.SYS The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload B97FE8AC 5 Bytes JMP 8A4AF780

---- EOF - GMER 1.0.15 ----

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

Download HijackThis:
TrendSecure | Download TrendMicro HijackThis
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

will dr. web ask me to reboot my computer, if not how do I reboot it?

Dr Web log:
keylogger.dll;c:\program files\homekeylogger;Program.FamKeylog;Incurable.De leted.;
keylogger.exe;c:\program files\homekeylogger;Program.HomeKeylog;Incurable.D eleted.;
Morcheeba - Big Calm.wma;E:\mp3\Morcheeba;Trojan.WMALoader;Cured.;
Morcheeba - Lighten Up.wma;E:\mp3\Morcheeba;Trojan.WMALoader;Cured.;
KCSTrayDownloaderEngine.exe;C:\Documents and Settings\Acim\Local Settings\Application Data\Kamuse\KCSTrayDownloader;Probably DLOADER.Trojan;Incurable.Deleted.;
Process.exe;C:\Documents and Settings\Goran\Desktop\ACIM\SmitfraudFix;Tool.Proc kill;Incurable.Deleted.;
restart.exe;C:\Documents and Settings\Goran\Desktop\ACIM\SmitfraudFix;Tool.Shut Down.14;Incurable.Deleted.;
Mv2PlayerPlus.exe;C:\Program Files\Mv2Player;Trojan.PWS.Banker.28836;Deleted.;
A0072034.exe;C:\System Volume Information\_restore{0980D054-F164-41F8-8485-C4A02928F253}\RP267;Program.HomeKeylog;Invalid path to file ;
A0072035.Dll;C:\System Volume Information\_restore{0980D054-F164-41F8-8485-C4A02928F253}\RP267;Program.FamKeylog;Invalid path to file ;
A0072045.exe;C:\System Volume Information\_restore{0980D054-F164-41F8-8485-C4A02928F253}\RP267;Trojan.PWS.Banker.28836;Delete d.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:01 PM, on 7/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GameTracker\GTLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Acim\LOCALS~1\Temp\Rar$EX00.187\Hijack This.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Acim\LOCALS~1\Temp\Rar$EX00.078\Hijack This.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Documents and Settings\Acim\AppData\LocalLow\ChameleonTom for IE\wit4ie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Chameleon Tom Toolbar - {fc00cdd1-38e2-4a90-9805-bfc987777712} - C:\Program Files\Chameleon Tom Toolbar\toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10363 bytes

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.