I recently got one of those malware/scareware things, AV Suite. I ran rkill.com in safe mode then scanned with a fully-updated AVG and Anti-Malware in order to get rid of it, and as far as I can tell it's gone.

However, Just-In-Time Debugging is randomly popping up now, and my Google Chrome seems unable to reach the internet; Internet Explorer just freezes, but Mozilla Firefox is working fine, with the exception of the "enter" key not confirming addresses. Instead, I have to manually click the "go" arrow. Additionally, Firefox freezes for several seconds when I begin to type in an address.

I want to triplecheck that my computer is clean.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:00 PM, on 7/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Laptops, Desktop Computers, Monitors, Printers & PC Accessories | Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateI ON\solidax.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [sta] rundll32 "zdnkp.dll",,Run
O4 - HKLM\..\Run: [Jcijunuf] rundll32.exe "C:\WINDOWS\evovuqan.dll",Startup
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} (MGXCore Class) - http://www.va-sa-ra.co.jp/mgx/win/MGXPlugin.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C14C061A-6C24-43AC-97C3-B9135B4AB332} (MGX2Core Class) - http://www.va-sa-ra.co.jp/mgx2/win/MGX2Plugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - E:\Program Files\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9931 bytes




I would also like to say that my hard drive is very nearly full; I am currently in the process of cleaning it out. Could this be affecting Firefox or any such thing?

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): Malwarebytes' Anti-Malware: Malwarebytes to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.



DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-23 16:17:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Brandon\LOCALS~1\Temp\uxldypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text iokpmkgf.sys F744E000 68 Bytes JMP F748CFE1 iokpmkgf.sys
.text iokpmkgf.sys F744E061 205 Bytes [00, 60, 5E, 89, 44, 24, 18, ...]
.text iokpmkgf.sys F744E12F 219 Bytes [60, C6, 44, 24, 08, C6, 88, ...]
.text iokpmkgf.sys F744E20B 32 Bytes [08, FF, 74, 24, 04, 8D, 64, ...]
.text iokpmkgf.sys F744E22C 96 Bytes [0F, B6, F2, 89, 44, 24, 04, ...]
.text ...
? C:\WINDOWS\system32\drivers\iokpmkgf.sys A device attached to the system is not functioning.
PAGE Ntfs.sys F7329E55 4 Bytes CALL 85BD1519

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01BA000A
.text C:\WINDOWS\system32\svchost.exe[1252] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E3000A
.text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85B610A0

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat F6343D20

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] iokpmkgf <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x68 0x0E 0xE7 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x68 0x0E 0xE7 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0xA1 0xAA 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x34 0x3F 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x1E 0x07 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x68 0x0E 0xE7 0x03 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x68 0x0E 0xE7 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iokpmkgf@Ty pe 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\iokpmkgf@St art 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iokpmkgf@Er rorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iokpmkgf@Gr oup Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@ujdew 0x68 0x0E 0xE7 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0xA1 0xAA 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x34 0x3F 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x1E 0x07 0x68 ...
Reg HKLM\SYSTEM\ControlSet006\Services\iokpmkgf@Type 1
Reg HKLM\SYSTEM\ControlSet006\Services\iokpmkgf@Start 0
Reg HKLM\SYSTEM\ControlSet006\Services\iokpmkgf@ErrorC ontrol 0
Reg HKLM\SYSTEM\ControlSet006\Services\iokpmkgf@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0x68 0x0E 0xE7 0x03 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0xA1 0xAA 0x14 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC4 0x34 0x3F 0x10 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0x1E 0x07 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{B4A6F92C-A0A8-64C4-ACFD-848776C61BD5}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{F21F3D1D-4058-7E55-3FBB-54A764DABB3A}

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_0000fc 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_0000fd 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_0000fe 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_0000ff 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000100 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000101 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000102 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000103 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000104 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000105 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000106 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000107 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000108 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000109 0 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00010a 28736 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00010b 57292 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00010c 34224 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00010d 30591 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00010e 72639 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000110 24392 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000111 18221 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000112 28763 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000113 40905 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000114 26002 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000115 31229 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000116 19612 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000117 56706 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000118 29571 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000119 40806 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00011a 26216 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00011b 62972 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00011c 49174 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00011d 71030 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00011e 36543 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00011f 16550 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000120 23358 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000121 26633 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000122 38458 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000124 18506 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000125 29164 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000126 92805 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000127 20037 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000128 25597 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000129 34224 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00012a 61550 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00012b 46547 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00012c 391270 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00012d 24151 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00012e 77791 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00012f 68708 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000130 19075 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000131 28039 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000132 38390 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000133 24151 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000134 66177 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000135 94408 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000136 80315 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000137 62972 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000138 19004 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_000139 36723 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00013a 68580 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00013b 54179 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\f_00013c 23696 bytes
File C:\Documents and Settings\Brandon\Local Settings\Application Data\Google\Chrome\User Data\Default\old_Cache_000\index 0 bytes

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4334

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

7/22/2010 4:46:27 PM
mbam-log-2010-07-22 (16-46-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 270170
Time elapsed: 2 hour(s), 17 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\6to4 (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\6to4v32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ComboFix 10-07-23.04 - Brandon 07/24/2010 19:08:55.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.331 [GMT -7:00]
Running from: c:\documents and settings\Brandon\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brandon\Application Data\inst.exe
c:\documents and settings\Brandon\Local Settings\Application Data\{61F25EC8-B268-47F0-9539-AE250C0E433A}
c:\documents and settings\Brandon\Local Settings\Application Data\{61F25EC8-B268-47F0-9539-AE250C0E433A}\chrome.manifest
c:\documents and settings\Brandon\Local Settings\Application Data\{61F25EC8-B268-47F0-9539-AE250C0E433A}\chrome\content\_cfg.js
c:\documents and settings\Brandon\Local Settings\Application Data\{61F25EC8-B268-47F0-9539-AE250C0E433A}\chrome\content\overlay.xul
c:\documents and settings\Brandon\Local Settings\Application Data\{61F25EC8-B268-47F0-9539-AE250C0E433A}\install.rdf
c:\documents and settings\Brandon\Recent\Thumbs.db
c:\program files\HyperCam Toolbar\tbHElper.dll
c:\windows\evovuqan.dll

Infected copy of c:\windows\system32\DRIVERS\rasacd.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-10-21 04:54 . 2010-10-21 04:54 -------- d-----w- c:\documents and settings\Brandon\Application Data\090CB9AF0895EE878659EC59B3E9A821
2010-07-08 05:14 . 2010-07-24 20:17 -------- d-----w- c:\documents and settings\Brandon\Application Data\skypePM
2010-07-08 05:14 . 2010-07-24 21:50 -------- d-----w- c:\documents and settings\Brandon\Application Data\Skype
2010-07-08 05:11 . 2010-07-08 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-06 07:15 . 2010-07-06 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-07-06 07:08 . 2010-07-06 07:27 -------- d-----w- c:\documents and settings\Brandon\Application Data\Sony

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-21 04:59 . 2010-10-21 04:59 2804 ----a-w- c:\windows\Ksinafugahopiran.dat
2010-07-25 02:38 . 2010-10-21 04:56 768000 ----a-w- c:\windows\system32\drivers\iokpmkgf.sys
2010-07-25 02:25 . 2010-04-21 22:46 -------- d-----w- c:\program files\HyperCam Toolbar
2010-07-24 20:33 . 2009-06-19 02:44 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-07-24 06:52 . 2010-01-21 18:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 18:33 . 2009-05-23 01:18 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 18:33 . 2010-07-15 18:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 18:24 . 2009-05-23 01:18 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 09:19 . 2009-04-20 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 05:15 . 2010-07-08 05:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-08 05:13 . 2010-07-08 05:12 -------- d-----r- c:\program files\Skype
2010-07-08 05:12 . 2010-07-08 05:12 -------- d-----w- c:\program files\Common Files\Skype
2010-07-06 07:44 . 2010-07-06 07:16 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-07-06 07:16 . 2010-07-06 07:15 -------- d-----w- c:\program files\Sony
2010-07-05 06:26 . 2007-10-24 03:42 -------- d-----w- c:\program files\Image-Line
2010-07-05 06:21 . 2007-10-24 04:11 -------- d-----w- c:\program files\ASIO4ALL v2
2010-07-05 06:21 . 2007-10-24 03:44 -------- d-----w- c:\program files\VstPlugins
2010-07-05 06:19 . 2010-07-05 06:19 -------- d-----w- c:\program files\Outsim
2010-06-28 09:25 . 2007-11-21 02:07 -------- d-----w- c:\program files\FLV Player
2010-06-23 21:07 . 2006-12-14 06:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-12 04:28 . 2010-01-26 07:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\Azureus
2010-06-12 01:59 . 2009-03-10 06:09 -------- d-----w- c:\program files\NCH Software
2010-06-04 07:43 . 2010-06-04 07:43 -------- d-----w- c:\program files\Ultra Video Splitter
2010-06-04 07:25 . 2010-06-04 07:21 -------- d-----w- c:\program files\Fx Splitter
2010-06-04 06:48 . 2010-02-06 22:59 -------- d-----w- c:\documents and settings\Brandon\Application Data\Facebook
2010-06-04 06:33 . 2010-06-04 06:33 -------- d-----w- c:\program files\Easy Video Splitter
2010-06-03 08:04 . 2010-06-03 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-06-03 08:04 . 2010-06-03 08:03 -------- d-----w- c:\program files\AIM
2010-06-03 08:03 . 2010-06-03 08:03 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-06-03 08:03 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-06-03 08:03 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-06-02 19:42 . 2007-07-19 00:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-16 01:46 . 2010-05-16 01:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-16 01:46 . 2010-05-16 01:46 47360 ----a-w- c:\documents and settings\Brandon\Application Data\pcouffin.sys
2010-05-04 17:20 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-11 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-11 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2010-07-11 09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-07-11 09:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-05-03 10:06 . 2007-02-06 04:09 163328 --sh--r- c:\windows\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-04 2937528]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"Google Update"="c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-30 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-15 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\Boot Skin.exe" [2004-04-26 270336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-22 185896]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

c:\documents and settings\Brandon\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-28 03:47 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 18:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-06-22 06:23 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Mozilla Firefox 3.5 Beta 4\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Brandon\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"14868:TCP"= 14868:TCP:BitComet 14868 TCP
"14868:UDP"= 14868:UDP:BitComet 14868 UDP
"27754:TCP"= 27754:TCP:*isabled:SolidNetworkManager
"27754:UDP"= 27754:UDP:*isabled:SolidNetworkManager
"58193:TCP"= 58193:TCP:Pando Media Booster
"58193:UDP"= 58193:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2009 6:18 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2009 6:18 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2010 11:32 AM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
R3 Neo_Yukichin;SoftEther VPN Client 2.0 Device Driver - Yukichin;c:\windows\system32\drivers\Neo_Yukichin. sys [1/10/2008 3:01 PM 15232]
S0 iaddfqlu;iaddfqlu;c:\windows\system32\drivers\keov gwq.sys --> c:\windows\system32\drivers\keovgwq.sys [?]
S0 ttxdsje;ttxdsje; [x]
S3 fmfdisk;fmfdisk;\??\c:\windows\system32\fmfdisk.sy s --> c:\windows\system32\fmfdisk.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2007 7:06 PM 722416]

--- Other Services/Drivers In Memory ---

*Deregistered* - iokpmkgf
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:05]

2010-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-05-16 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-16 23:02]

2010-05-26 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-16 23:02]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292892305-2415605640-3664216660-1006Core.job
- c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-30 22:37]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292892305-2415605640-3664216660-1006UA.job
- c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-30 22:37]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} - hxxp://www.va-sa-ra.co.jp/mgx/win/MGXPlugin.cab
DPF: {C14C061A-6C24-43AC-97C3-B9135B4AB332} - hxxp://www.va-sa-ra.co.jp/mgx2/win/MGX2Plugin.cab
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\7gp1154m.default\
FF - prefs.js: browser.startup.homepage - hxxp://hikaruforums.net/
FF - component: c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\7gp1154m.default\ext ensions\twitternotifier@naan.net\platform\WINNT\co mponents\nsTwitterFoxSign.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox 3.5 Beta 4\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brandon\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Brandon\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Brandon\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\Panda Software\ActiveScan2\npwrapper.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-sta - zdnkp.dll
HKLM-Run-Jcijunuf - c:\windows\evovuqan.dll
AddRemove-mIRC - c:\program files\mIRC\mirc.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-24 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\i okpmkgf]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292892305-2415605640-3664216660-1006\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{B4A6F92C-A0A8-64C4-ACFD-848776C61BD5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1292892305-2415605640-3664216660-1006\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{F21F3D1D-4058-7E55-3FBB-54A764DABB3A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(600)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\COMMON~1\MICROS~1\DW\DW20.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
************************************************** ************************
.
Completion time: 2010-07-24 19:54:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-25 02:54

Pre-Run: 2,781,351,936 bytes free
Post-Run: 3,693,846,528 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 1FF7530DE47DE03A35582707AB9A94DB

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\Ksinafugahopiran.dat
c:\windows\system32\drivers\iokpmkgf.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\drivers\keovgwq.sys
c:\windows\system32\fmfdisk.sys 

Folder::

Driver::
iokpmkgf
iaddfqlu
ttxdsje
fmfdisk

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>


Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet005\Services\iokpmkgf]

RegNull::
[HKEY_USERS\S-1-5-21-1292892305-2415605640-3664216660-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4A6F92C-A0A8-64C4-ACFD-848776C61BD5}*]
[HKEY_USERS\S-1-5-21-1292892305-2415605640-3664216660-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F21F3D1D-4058-7E55-3FBB-54A764DABB3A}*]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

ComboFix 10-07-23.04 - Brandon 07/25/2010 14:06:51.8.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.654 [GMT -7:00]
Running from: c:\documents and settings\Brandon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brandon\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\Ksinafugahopiran.dat"
"c:\windows\system32\drivers\iokpmkgf.sys"
"c:\windows\system32\drivers\keovgwq.sys"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\fmfdisk.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Ksinafugahopiran.dat
c:\windows\system32\drivers\iokpmkgf.sys
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FMFDISK
-------\Legacy_IOKPMKGF
-------\Service_fmfdisk
-------\Service_iaddfqlu
-------\Service_iokpmkgf
-------\Service_ttxdsje


((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-10-21 04:54 . 2010-10-21 04:54 -------- d-----w- c:\documents and settings\Brandon\Application Data\090CB9AF0895EE878659EC59B3E9A821
2010-07-08 05:14 . 2010-07-25 18:50 -------- d-----w- c:\documents and settings\Brandon\Application Data\skypePM
2010-07-08 05:14 . 2010-07-25 20:46 -------- d-----w- c:\documents and settings\Brandon\Application Data\Skype
2010-07-08 05:11 . 2010-07-08 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-06 07:15 . 2010-07-06 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-07-06 07:08 . 2010-07-06 07:27 -------- d-----w- c:\documents and settings\Brandon\Application Data\Sony

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-25 21:27 . 2010-07-25 21:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-25 03:17 . 2009-06-19 02:44 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-07-25 02:25 . 2010-04-21 22:46 -------- d-----w- c:\program files\HyperCam Toolbar
2010-07-24 06:52 . 2010-01-21 18:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 18:33 . 2009-05-23 01:18 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 18:33 . 2010-07-15 18:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 18:24 . 2009-05-23 01:18 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 09:19 . 2009-04-20 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 05:13 . 2010-07-08 05:12 -------- d-----r- c:\program files\Skype
2010-07-08 05:12 . 2010-07-08 05:12 -------- d-----w- c:\program files\Common Files\Skype
2010-07-06 07:44 . 2010-07-06 07:16 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-07-06 07:16 . 2010-07-06 07:15 -------- d-----w- c:\program files\Sony
2010-07-05 06:26 . 2007-10-24 03:42 -------- d-----w- c:\program files\Image-Line
2010-07-05 06:21 . 2007-10-24 04:11 -------- d-----w- c:\program files\ASIO4ALL v2
2010-07-05 06:21 . 2007-10-24 03:44 -------- d-----w- c:\program files\VstPlugins
2010-07-05 06:19 . 2010-07-05 06:19 -------- d-----w- c:\program files\Outsim
2010-06-28 09:25 . 2007-11-21 02:07 -------- d-----w- c:\program files\FLV Player
2010-06-23 21:07 . 2006-12-14 06:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-12 04:28 . 2010-01-26 07:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\Azureus
2010-06-12 01:59 . 2009-03-10 06:09 -------- d-----w- c:\program files\NCH Software
2010-06-04 07:43 . 2010-06-04 07:43 -------- d-----w- c:\program files\Ultra Video Splitter
2010-06-04 07:25 . 2010-06-04 07:21 -------- d-----w- c:\program files\Fx Splitter
2010-06-04 06:48 . 2010-02-06 22:59 -------- d-----w- c:\documents and settings\Brandon\Application Data\Facebook
2010-06-04 06:33 . 2010-06-04 06:33 -------- d-----w- c:\program files\Easy Video Splitter
2010-06-03 08:04 . 2010-06-03 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-06-03 08:04 . 2010-06-03 08:03 -------- d-----w- c:\program files\AIM
2010-06-03 08:03 . 2010-06-03 08:03 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-06-03 08:03 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-06-03 08:03 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-06-02 19:42 . 2007-07-19 00:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-16 01:46 . 2010-05-16 01:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-16 01:46 . 2010-05-16 01:46 47360 ----a-w- c:\documents and settings\Brandon\Application Data\pcouffin.sys
2010-05-04 17:20 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-11 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-11 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2010-07-11 09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-07-11 09:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-05-03 10:06 . 2007-02-06 04:09 163328 --sh--r- c:\windows\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-04 2937528]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"Google Update"="c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-30 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-15 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\Boot Skin.exe" [2004-04-26 270336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-22 185896]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

c:\documents and settings\Brandon\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-28 03:47 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 18:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-06-22 06:23 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Mozilla Firefox 3.5 Beta 4\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Brandon\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"14868:TCP"= 14868:TCP:BitComet 14868 TCP
"14868:UDP"= 14868:UDP:BitComet 14868 UDP
"27754:TCP"= 27754:TCP:*isabled:SolidNetworkManager
"27754:UDP"= 27754:UDP:*isabled:SolidNetworkManager
"58193:TCP"= 58193:TCP:Pando Media Booster
"58193:UDP"= 58193:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2009 6:18 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2009 6:18 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
R3 Neo_Yukichin;SoftEther VPN Client 2.0 Device Driver - Yukichin;c:\windows\system32\drivers\Neo_Yukichin. sys [1/10/2008 3:01 PM 15232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2007 7:06 PM 722416]
.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:05]

2010-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-05-16 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-16 23:02]

2010-05-26 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-16 23:02]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292892305-2415605640-3664216660-1006Core.job
- c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-30 22:37]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292892305-2415605640-3664216660-1006UA.job
- c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-30 22:37]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} - hxxp://www.va-sa-ra.co.jp/mgx/win/MGXPlugin.cab
DPF: {C14C061A-6C24-43AC-97C3-B9135B4AB332} - hxxp://www.va-sa-ra.co.jp/mgx2/win/MGX2Plugin.cab
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\7gp1154m.default\
FF - prefs.js: browser.startup.homepage - hxxp://hikaruforums.net/
FF - component: c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\7gp1154m.default\ext ensions\twitternotifier@naan.net\platform\WINNT\co mponents\nsTwitterFoxSign.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox 3.5 Beta 4\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brandon\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Brandon\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Brandon\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brandon\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\Panda Software\ActiveScan2\npwrapper.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-25 14:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\ezsidmv.dat 56 bytes

scan completed successfully
hidden files: 1

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1400)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\SearchFilterHost.exe
.
************************************************** ************************
.
Completion time: 2010-07-25 14:42:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-25 21:42
ComboFix2.txt 2010-07-25 02:54

Pre-Run: 4,657,610,752 bytes free
Post-Run: 3,634,933,760 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 89A549E686C85B64BF846D7DE3960949

How is your computer doing at the moment?

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\ezsidmv.dat

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

It seems to be doing much better; Firefox still occasionally freezes, but Chrome is now able to reach the internet again. I'll run Combofix when I go to bed, and post Combofix.txt in the morning.