hello,
the other day i turn on the laptopna di keep getting this msg ram memory usage is critically high
than som ewindows looking scan comes up tells me i have corrupted fiels and forwars me to alink to subscribe in order to resolve. after reading on th enet i see thisis a virus an di have follwed the sintructions in the first sticky and i am attaching all the logs

Please help...Thanks in advance!

MBAM
MBAMMalwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6835

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

6/11/2011 12:55:09 PM
mbam-log-2011-06-11 (12-55-09).txt

Scan type: Quick scan
Objects scanned: 159144
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
c:\programdata\lugoqsvahb.exe (Trojan.FakeAlert) -> 2540 -> Unloaded process successfully.
c:\programdata\25026320.exe (Trojan.FakeAlert) -> 2796 -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\LUGOQsVaHb (Trojan.FakeAlert) -> Value: LUGOQsVaHb -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\lugoqsvahb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\25026320.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\Users\konstantin\AppData\Local\Temp\DFDB.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\konstantin\AppData\Local\Temp\E039.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\konstantin\AppData\Local\Temp\E5F6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\konstantin\AppData\Local\Temp\-213E8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\konstantin\AppData\Local\Temp\1363E8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\konstantin\AppData\Local\Temp\tmpDF8D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\konstantin\local settings\application data\windows server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-11.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/30/2007 1:19:51 AM
System Uptime: 6/11/2011 1247 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0TT347
Processor: Intel(R) Core(TM)2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1601/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 4.837 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.872 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
µTorrent
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Browser Defender 2.0.6.15
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Conexant HDA D330 MDC V.92 Modem
Confidence Online(tm) for Web Applications
Dell Automated PC TuneUp
Dell Driver Download Manager
Dell Getting Started Guide
Dell Network Assistant
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
DirectXInstallService
DivX Content Uploader
DivX Web Player
EMC 10 Content
Fotki Desktop
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Office (KB935869)
Hotfix for Office (KB937201)
Hotfix for Office (KB938888)
Hotfix for Office (KB938955)
iTunes
Java(TM) SE Runtime Environment 6
Juniper Networks Setup Client
Juniper Terminal Services Client
Magic ISO Maker v5.5 (build 0261)
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Security Scan Plus
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Diagnostic Tool
Mozilla Firefox 4.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.9)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OutlookAddinSetup
Picasa 3
PokerStars
Product Documentation Launcher
QuickSet
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio Easy Media Creator 10 Suite
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
SlingPlayer
SmartSound Quicktracks Plugin
Spyware Doctor 7.0
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 (KB933493)
User's Guides
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 9:20:50 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
6/9/2011 9:20:32 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
6/9/2011 9:11:32 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E4C81FADE. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/9/2011 12:32:48 PM, Error: EventLog [6008] - The previous system shutdown at 12:31:19 PM on 6/9/2011 was unexpected.
6/9/2011 1:44:55 PM, Error: netbt [4321] - The name "POLICH-PC :0" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
6/8/2011 12:16:06 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.103 for the Network Card with network address 001E4C81FADE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/8/2011 12:15:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001E4C81FADE has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
6/6/2011 8:10:40 PM, Error: netbt [4321] - The name "INSPIRON17 :0" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
6/5/2011 2:16:46 PM, Error: EventLog [6008] - The previous system shutdown at 2:14:56 PM on 6/5/2011 was unexpected.
6/5/2011 11:10:30 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2011 11:09:30 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/5/2011 1:29:01 PM, Error: Service Control Manager [7000] - The RDM+ Local Service service failed to start due to the following error: The system cannot find the path specified.
6/4/2011 11:20:12 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.147 for the Network Card with network address 001E4C81FADE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/11/2011 9:13:52 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 001E4C81FADE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/11/2011 12:09:26 PM, Error: EventLog [6008] - The previous system shutdown at 12:05:52 PM on 6/11/2011 was unexpected.
6/11/2011 11:59:57 AM, Error: EventLog [6008] - The previous system shutdown at 11:20:11 AM on 6/11/2011 was unexpected.
6/11/2011 1:19:19 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================

Welcome aboard

Please, complete all steps listed here: HERE

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

aswMBR
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-11 15:05:02
-----------------------------
15:05:02.892 OS Version: Windows 6.0.6000
15:05:02.892 Number of processors: 2 586 0xF0D
15:05:02.894 ComputerName: KONSTANTIN-PC UserName: Konstantin
15:05:04.469 Initialize success
15:05:13.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:05:13.920 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
15:05:14.332 Disk 0 MBR read successfully
15:05:14.335 Disk 0 MBR scan
15:05:14.342 Disk 0 unknown MBR code
15:05:14.753 Disk 0 scanning sectors +312578048
15:05:15.207 Disk 0 scanning C:\Windows\system32\drivers
15:06:27.165 Service scanning
15:06:28.558 Disk 0 trace - called modules:
15:06:28.672 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iastor.sys hal.dll
15:06:28.698 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85624ad8]
15:06:28.707 3 ntkrnlpa.exe[820b07e2] -> nt!IofCallDriver -> [0x85605360]
15:06:28.717 5 PCTCore.sys[81f9eeae] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84c17030]
15:06:28.727 Scan finished successfully
15:06:44.782 Disk 0 MBR has been saved successfully to "C:\Users\Konstantin\Desktop\MBR.dat"
15:06:44.792 The log file has been saved successfully to "C:\Users\Konstantin\Desktop\aswMBR.txt"

DDS.txt
.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Konstantin at 15:08:22 on 2011-06-11
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2038.854 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_Ac tiveX.exe
C:\Users\Konstantin\Desktop\aswMBR.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winxp/AXXPEE.dll
DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - hxxp://images.fotki.com/activex/FotkiUploader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn-rd03.jpmorganchase.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{22F4EF0F-E451-4423-84C2-B58058648A9D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF46B0AA-339C-45D1-8FC5-3758EC54DA15} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\konstantin\appdata\roaming\mozilla\firefo x\profiles\1opqsb97.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc72c15&v=6.010.006.004&i=29&tp=ab&iy=&ychte=u s&lng=en-US&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\users\konstantin\appdata\roaming\mozilla\firefo x\profiles\1opqsb97.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-6 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-6-11 218592]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.S YS [2007-8-18 252152]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2011-6-11 112592]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-11 366640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-6-11 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-6-11 1142224]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-30 179712]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmi rage.sys [2008-4-15 34128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-6-11 22712]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1036104]
S2 RDMPLocalService;RDM+ Local Service;"c:\program files\rdm+\rdmpserv.exe" --> c:\program files\rdm+\rdmpserv.exe [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-30 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2011-6-11 39984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
.
=============== Created Last 30 ================
.
2011-06-11 16:27:21 -------- dc-h--w- c:\users\konstantin\appdata\roaming\Malwarebytes
2011-06-11 16:27:16 39984 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 16:27:15 -------- dc-h--w- c:\programdata\Malwarebytes
2011-06-11 16:27:12 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 16:27:12 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-11 14:29:32 767952 -c--a-w- c:\windows\BDTSupport.dll
2011-06-11 14:29:32 165840 -c--a-w- c:\windows\PCTBDRes.dll
2011-06-11 14:29:32 1652688 -c--a-w- c:\windows\PCTBDCore.dll
2011-06-11 14:29:32 149456 -c--a-w- c:\windows\SGDetectionTool.dll
2011-06-11 14:17:52 -------- d-sh--w- C:\found.001
2011-06-11 14:14:11 233136 -c--a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-11 14:14:11 100136 -c--a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-06-11 14:14:09 88040 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-11 14:14:09 218592 -c--a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-11 14:14:07 63360 -c--a-w- c:\windows\system32\drivers\pctplsg.sys
2011-06-11 14:14:00 -------- dc-h--w- c:\users\konstantin\appdata\roaming\PC Tools
2011-06-11 14:14:00 -------- dc-h--w- c:\programdata\PC Tools
2011-06-11 14:14:00 -------- dc----w- c:\program files\Spyware Doctor
2011-06-11 14:14:00 -------- dc----w- c:\program files\common files\PC Tools
2011-05-14 14:26:11 781272 -c--a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-14 14:26:10 89048 -c--a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-14 14:26:10 465880 -c--a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-14 14:26:10 1874904 -c--a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-14 14:26:10 15832 -c--a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-14 14:26:09 1892184 -c--a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-14 14:26:09 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-14 14:26:08 1974616 -c--a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-06-09 01:40:01 38344 -c--a-w- c:\windows\system32\drivers\CO_Mon.sys
2011-04-13 22:40:10 4284416 -c--a-w- c:\windows\system32\GPhotos.scr
2011-04-06 20:20:16 91424 -c--a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 197920 -c--a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 -c--a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 15:09:13.95 ===============

is this all or am i missing anythign?

You did fine

I don't see any AV program running.
Please, install one of these:
- Avast! free antivirus: avast! Free Antivirus - Download Software for Virus Protection
- Avira free antivirus: Avira AntiVir Personal - Free Antivirus
Update, run full scan, report on any findings.

Originally Posted by broni

You did fine

I don't see any AV program running.
Please, install one of these:
- Avast! free antivirus: avast! Free Antivirus - Download Software for Virus Protection
- Avira free antivirus: Avira AntiVir Personal - Free Antivirus
Update, run full scan, report on any findings.

ran avast full scan took nearly 2 hours
only found one threat in an ebay shortcut
i am attaching image
Untitled.jpg

Very well.
Move it to chest.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

• Link 1 (.exe file)
  Link 2 (zipped file)
  Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Check Drivers, Stealth, and uncheck the rest.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

================================================== ================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!