Your sytem is infected - virus - ups email

aliEnRIK

Im kinda happy you did run a quick scan then a full one as there are MANY people on here believe a quick one is only needed. Your post is absolute proof that a FULL scan is indeed required

TICK these in hijack and click to FIX them ~
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - \Documents and Settings\kay\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/ra...gameloader.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://atlantis9.bigfishgames.com/Re...x.1.0.0.55.cab
O16 - DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} (CPlayFirstMythicMarblesControl Object) - http://games.bigfishgames.com/en_myt...es.1.0.0.2.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://atlantis8.bigfishgames.com/Re...2.1.0.0.48.cab
O16 - DPF: {7BB30A04-A6AC-480C-BB18-5A18D79F4455} (GenimoWebGames Control) - http://games.bigfishgames.com/en_but...mesControl.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://games.bigfishgames.com/en_zen...b.1.0.0.10.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://atlantis9.bigfishgames.com/Re...derControl.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://atlantis7.bigfishgames.com/Re...h.1.0.0.58.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://atlantis9.bigfishgames.com/Re...meLauncher.cab
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)


Jesus, that was doing my head in!
Anyways, BIGFISHGAMES ~ DO NOT USE THEM
They cause mywebsearch problems as above ~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

You have far worse problems on your computer though so next ~
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download

(***PS ~ UNINSTALL LOGITECH DESKTOP MESSENGER***)

mazza111

Don't we all wish we were as knowledgable as rik. Saved my bacon too :beer:

katiejones

thankyou will start now

katiejones

ok so now i am getting fed up - i know you techie guys must get pretty pee'd off with people like me - i'm sorry.

i cannot find where to shut down AVG - and if i try to uninstall it, it comes up with an error. please help me.

espresso

katiejones wrote: »

ok so now i am getting fed up - i know you techie guys must get pretty pee'd off with people like me - i'm sorry.

i cannot find where to shut down AVG - and if i try to uninstall it, it comes up with an error. please help me.

Open AVG, Tools, Advanced Settings, Highlight Resident shield, Uncheck the Enable Resident Shield box, Apply, OK.

aliEnRIK

katiejones wrote: »

ok so now i am getting fed up - i know you techie guys must get pretty pee'd off with people like me - i'm sorry.

i cannot find where to shut down AVG - and if i try to uninstall it, it comes up with an error. please help me.

You really shouldnt attempt to uninstall something if asked to disable it (Especially if its your main security program)

katiejones

I'm sorry

will follow instructions as stated by youselves and others.

katiejones

Am disabled now - will run the combifix

katiejones

ComboFix 10-01-20.05 - kay 21/01/2010 13:12:21.1.2 - x86
Running from: d:\documents and settings\kay\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Java\jre6\bin\jucheck.exe
c:\recycler\S-1-5-21-431109022-682574908-3512644262-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\kb913800.exe
c:\windows\system32\11458.exe
c:\windows\system32\12080.exe
c:\windows\system32\13038.exe
c:\windows\system32\134.exe
c:\windows\system32\15480.exe
c:\windows\system32\15605.exe
c:\windows\system32\18467.exe
c:\windows\system32\19550.exe
c:\windows\system32\2122.exe
c:\windows\system32\2650.exe
c:\windows\system32\28306.exe
c:\windows\system32\32195.exe
c:\windows\system32\32296.exe
c:\windows\system32\5591.exe
c:\windows\system32\9590.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\winsrc.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-20 17:41 . 2010-01-20 17:41

---

d

---

w- c:\program files\TrendMicro
2010-01-20 16:34 . 2010-01-20 16:34 54016 ----a-w- c:\windows\system32\drivers\apkvwk.sys
2010-01-20 13:25 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 13:25 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:25 . 2010-01-20 13:25

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 12:01 . 2010-01-20 12:01

---

d-sh--w- d:\documents and settings\Administrator\IETldCache
2010-01-13 07:20 . 2009-11-21 15:51 471552

---

w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 12:33 . 2009-11-30 20:18

---

d

---

w- d:\documents and settings\All Users\Application Data\avg9
2010-01-21 07:22 . 2008-12-19 13:47

---

d

---

w- c:\program files\Microsoft Silverlight
2010-01-20 17:50 . 2007-05-08 11:26

---

d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-01-20 10:46 . 2010-01-20 11:03 191162 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-01-20 09:44 . 2010-01-20 09:44 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\mvhgkr.dat
2010-01-13 12:41 . 2007-07-02 11:29

---

d

---

w- d:\documents and settings\kay\Application Data\OpenOffice.org2
2009-11-30 20:22 . 2009-06-15 16:51

---

d

---

w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-30 20:20 . 2009-06-15 16:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-30 20:20 . 2009-06-15 16:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-30 20:20 . 2007-01-14 10:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-30 20:20 . 2009-06-15 16:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-30 20:18 . 2009-06-15 16:51

---

d

---

w- c:\program files\AVG
2009-11-26 18:54 . 2009-11-26 18:54

---

d

---

w- d:\documents and settings\kay\Application Data\Keynote Systems
2009-11-21 15:51 . 2004-09-10 14:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2004-09-10 14:57 916480 ----a-w- c:\windows\system32\wininet.dll
2008-03-05 22:20 . 2008-03-05 22:20 0 -c--a-w- c:\program files\temp01
2009-11-26 18:54 . 2009-11-26 18:54 149344 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-11-26 18:54 . 2009-11-26 18:54 279392 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2006-10-11 08:04 . 2008-04-15 08:23 61036 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-15 08:23 48742 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-15 08:23 29313 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-15 08:23 41082 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-15 08:23 166510 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 68856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-03 160592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-17 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-12-16 77824]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-05-23 936960]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/06/2009 16:51 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/06/2009 16:51 360584]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [03/09/2009 17:34 58856]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/09/2009 17:34 333928]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/03/2009 19:12 55152]
.
Contents of the 'Scheduled Tasks' folder
2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2006-08-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8147730231.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.

---

Supplementary Scan

---

.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: Microsoft XML Parser for Java - [URL]file:///C:/WINDOWS/Java/classes/xmldso.cab[/URL]
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - d:\documents and settings\kay\Application Data\Mozilla\Firefox\Profiles\lfhg0ycg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 13:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-3621275639-3551950293-1788070341-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,7b,45,be,61,1a,92,b2,4f,60,3a,57,07,ab,bb,00,59,a1,dd,06,99,82,1a,
95,29,da,d0,07,c7,39,3a,83,62,db,65,ba,e7,9e,6f,da,3d,bd,16,66,5d,66,97,d0,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
[HKEY_USERS\S-1-5-21-3621275639-3551950293-1788070341-1005\Software\SecuROM\License information*]
"datasecu"=hex:9b,c5,18,89,e0,98,1a,83,a5,ee,a4,2a,23,a6,6e,25,c0,4a,98,41,87,
2a,53,32,68,06,67,21,1d,fb,94,70,93,80,2f,45,32,f4,33,74,96,df,de,99,d1,71,\
"rkeysecu"=hex:7f,bf,05,93,7c,f3,2a,23,08,dc,09,f1,a0,4f,3b,fd
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-21 14:08:50
ComboFix-quarantined-files.txt 2010-01-21 14:08
Pre-Run: 6,538,653,696 bytes free
Post-Run: 6,573,527,040 bytes free
- - End Of File - - 65614F38A30DACA512196A2C3CBE2563

aliEnRIK

Your computers a mess
Id seriously advise formatting the hard drive and starting afresh

If you wish to go on ~

Open notepad and copy/paste the text in RED below

File::
c:\windows\system32\drivers\apkvwk.sys
c:\windows\system32\config\systemprofile\Application Data\mvhgkr.dat


Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

***The word 'application' above doesnt have any spaces by the way. This site puts them in (I really dont know why), so make sure its ONE FULL WORD***