1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TR/ATRAPS.Gen2, TR/Sirefef.AG.35, TR/Small.FI infection.

Discussion in 'Virus & Other Malware Removal' started by axeman61, Jun 20, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. axeman61

    axeman61 Thread Starter

    Joined:
    Mar 19, 2003
    Messages:
    418
    Yesterday, I was browsing the internet when my Avira started saying it caught 2 viruses or unwanted programs:
    TR/ATRAPS.Gen2
    TR/Sirefef.AG.35

    I told avira to remove it, then the same warning popped up. Did it again. Eventually, I had to restart my computer, because of Avira's scans after removing it. Had 4 scans going that were hung. The warning popped up again post-restart. I clicked "details", switched the action to "delete" for both, and the warning still popped up again after. Now my internet seems to take a few seconds to load pages. I had Avira run a "quick" scan (took over 50 minutes) to root out this problem for real, but it was to no avail.

    I wasn't browsing any "risque" content; I was just on Digg and Cracked. I'm assuming this is because of a Java breach or something. Near the end of the Avira quick scan, this popped up:TR/Small.FI

    The scan was over, and the warnings were still popping up. The only way I can keep them at bay now is to hit "Details" and just not reply to them at all. That has to be a bad tactic. I'm hoping you guys can help me here. I'm reading of manual fixes to this on Google, but they require me to delete things from the registry, and I don't like messing with the registry.

    Computer info (in case it's important)
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 4 Stepping 1
    Processor Count: 2
    RAM: 3062 Mb
    Graphics Card: Intel(R) 82915G/GV/910GL Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 35055 MB, Free - 11819 MB; D: Total - 305242 MB, Free - 155532 MB;
    Motherboard: Dell Inc. , 0M3918, , ..CN708214B5049M.
    Antivirus: Avira Desktop, Updated: Yes, On-Demand Scanner: Enabled

    HijackThis Log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:01:10 PM, on 6/20/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Everything\Everything.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE
    C:\Program Files\Belvedere\Belvedere.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Program Files\stickies\stickies.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MYSERVER\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files\avira\antivir desktop\avscan.exe
    c:\program files\avira\antivir desktop\avscan.exe
    c:\program files\avira\antivir desktop\avscan.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Daniel Hopkins\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE
    O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
    O4 - Global Startup: Belvedere.lnk = C:\Program Files\Belvedere\Belvedere.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O4 - Global Startup: Shortcut to Main Script.ahk.lnk = D:\Shared Media\Programming\Scripts\Main Script.ahk
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278876020469
    O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe

    --
    End of file - 9638 bytes

    DDS.txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
    Run by Daniel Hopkins at 19:01:47 on 2012-06-20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.1589 [GMT -4:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Everything\Everything.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE
    C:\Program Files\Belvedere\Belvedere.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Program Files\stickies\stickies.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MYSERVER\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files\avira\antivir desktop\avscan.exe
    c:\program files\avira\antivir desktop\avscan.exe
    c:\program files\avira\antivir desktop\avscan.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Documents and Settings\Daniel Hopkins\Desktop\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.att.net
    uInternet Settings,ProxyOverride = *.local
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Microsoft Firewall 2.9] c:\documents and settings\daniel hopkins\application data\WMPRWISE.EXE
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\daniel~1\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belved~1.lnk - c:\program files\belvedere\Belvedere.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - d:\shared media\programming\scripts\Main Script.ahk
    IE: Download with GetRight - c:\program files\getright\GRdownload.htm
    IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278876020469
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{35D46BEB-D142-466D-A91E-CD77E9FC6269} : DhcpNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Notify: igfxcui - igfxdev.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\daniel hopkins\application data\mozilla\firefox\profiles\ulvsjgjp.default\
    FF - prefs.js: browser.search.selectedEngine - Amazon.com
    FF - prefs.js: browser.startup.homepage - hxxp://us.f804.mail.yahoo.com/ym/ShowFolder?rb=Inbox&reset=1&YY=15471&y5beta=yes&y5beta=yes&inc=200&order=down&sort=date&pos=0&view=a&head=b&box=%40B%40Bulk | mail.umflint.edu | https://mail.google.com/mail/?shva=1#inbox | http://www.scholarshipexperts.com/showLogin.htx
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 9050
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.zencast -
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-20 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-20 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-20 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-20 83392]
    R2 MSSQL$MYSERVER;SQL Server (MYSERVER);c:\program files\microsoft sql server\mssql10_50.myserver\mssql\binn\sqlservr.exe [2010-4-3 42884448]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-5 136176]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-8-16 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-8-16 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-5 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]
    S3 SliceDisk5;SliceDisk5;c:\program files\a-ff find and mount\slicedisk.sys [2011-8-14 26192]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
    S4 SQLAgent$MYSERVER;SQL Server Agent (MYSERVER);c:\program files\microsoft sql server\mssql10_50.myserver\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2012-06-19 23:44:55 711240 ----a-w- c:\windows\isRS-000.tmp
    2012-06-19 22:24:55 55808 ---h--w- c:\documents and settings\daniel hopkins\application data\ntuser.dat
    2012-06-19 22:20:56 -------- d-----w- c:\program files\Oracle
    2012-06-19 21:59:45 172544 ---h--w- c:\documents and settings\daniel hopkins\application data\WMPRWISE.EXE
    2012-06-18 04:58:41 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-18 04:58:41 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-06-08 01:51:09 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-06-08 01:51:09 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-06-08 01:49:20 -------- d-----w- c:\program files\iPod
    2012-06-08 01:49:16 -------- d-----w- c:\program files\iTunes
    2012-06-08 01:49:16 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-06-08 01:48:14 -------- d-----w- c:\documents and settings\daniel hopkins\local settings\application data\Apple
    2012-06-08 01:47:13 -------- d-----w- c:\program files\Bonjour
    2012-06-07 22:07:08 -------- d-----w- c:\documents and settings\daniel hopkins\application data\iPodder
    2012-06-07 22:06:55 -------- d-----w- c:\program files\Juice
    .
    ==================== Find3M ====================
    .
    2012-06-15 01:05:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-15 01:05:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 01:20:45 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-05-09 00:58:44 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-05-04 23:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-05-04 23:29:22 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll
    2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx
    2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 19:02:22.23 ===============

    Ark.txt:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-20 21:37:05
    Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD400BD-75JMA0 rev.05.01C05
    Running: 2wu1fjnu.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\ffkyyaog.sys


    ---- System - GMER 1.0.15 ----

    SSDT BA69EDDC ZwClose
    SSDT BA69ED96 ZwCreateKey
    SSDT BA69EDE6 ZwCreateSection
    SSDT BA69ED8C ZwCreateThread
    SSDT BA69ED9B ZwDeleteKey
    SSDT BA69EDA5 ZwDeleteValueKey
    SSDT BA69EDD7 ZwDuplicateObject
    SSDT spqv.sys ZwEnumerateKey [0xB9ECDDA4]
    SSDT spqv.sys ZwEnumerateValueKey [0xB9ECE132]
    SSDT BA69EDAA ZwLoadKey
    SSDT spqv.sys ZwOpenKey [0xB9EB50C0]
    SSDT BA69ED78 ZwOpenProcess
    SSDT BA69ED7D ZwOpenThread
    SSDT spqv.sys ZwQueryKey [0xB9ECE20A]
    SSDT BA69EDFF ZwQueryValueKey
    SSDT BA69EDB4 ZwReplaceKey
    SSDT BA69EDF0 ZwRequestWaitReplyPort
    SSDT BA69EDAF ZwRestoreKey
    SSDT BA69EDEB ZwSetContextThread
    SSDT BA69EDF5 ZwSetSecurityObject
    SSDT BA69EDA0 ZwSetValueKey
    SSDT BA69EDFA ZwSystemDebugControl
    SSDT BA69ED87 ZwTerminateProcess

    INT 0x62 ? 8A53ABF8
    INT 0x63 ? 8A33DBF8
    INT 0x73 ? 8A53ABF8
    INT 0x94 ? 8A33DBF8
    INT 0xA4 ? 8A33DBF8
    INT 0xB4 ? 8A33DBF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spqv.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B95708AC 5 Bytes JMP 8A33D1D8
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB92A2F80]
    .text aztp2jyp.SYS B91D1386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text aztp2jyp.SYS B91D13AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text aztp2jyp.SYS B91D13C4 3 Bytes [00, 80, 02]
    .text aztp2jyp.SYS B91D13C9 1 Byte [30]
    .text aztp2jyp.SYS B91D13C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...
    ? C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    Device 8A5391F8
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device 892FA1F8
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
    Device \Driver\usbuhci \Device\USBPDO-0 8A25F1F8
    Device \Driver\usbuhci \Device\USBPDO-1 8A25F1F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A25F1F8
    Device \Driver\PCI_PNP1582 \Device\00000046 spqv.sys
    Device \Driver\usbuhci \Device\USBPDO-3 8A25F1F8
    Device \Driver\usbehci \Device\USBPDO-4 8A3261F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4CB1F8
    Device \Driver\Cdrom \Device\CdRom0 8A0FC1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4CB1F8
    Device \Driver\atapi \Device\Ide\IdePort0 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4CB1F8
    Device \Driver\Cdrom \Device\CdRom1 8A0FC1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 8A4CB1F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 89B6C1F8
    Device \Driver\NetBT \Device\NetbiosSmb 89B6C1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{35D46BEB-D142-466D-A91E-CD77E9FC6269} 89B6C1F8
    Device \Driver\sptd \Device\2252375332 spqv.sys
    Device \Driver\usbuhci \Device\USBFDO-0 8A25F1F8
    Device \Driver\usbuhci \Device\USBFDO-1 8A25F1F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89B711F8
    Device \Driver\usbuhci \Device\USBFDO-2 8A25F1F8
    Device 89B711F8
    Device \Driver\usbuhci \Device\USBFDO-3 8A25F1F8
    Device \Driver\usbehci \Device\USBFDO-4 8A3261F8
    Device \Driver\Ftdisk \Device\FtControl 8A4CB1F8
    Device \Driver\aztp2jyp \Device\Scsi\aztp2jyp1Port2Path0Target0Lun0 8A0E51F8
    Device \Driver\aztp2jyp \Device\Scsi\aztp2jyp1 8A0E51F8

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device 89DF9500
    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
    ---- Processes - GMER 1.0.15 ----

    Library C:\Documents (*** hidden *** ) @ C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE [316] 0x10000000
    Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1040] 0x45670000
    Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1744] 0x45670000

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xAB 0x44 0xEE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x08 0x5C 0x01 0xD6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x30 0x11 0x17 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0xAB 0x44 0xEE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x08 0x5C 0x01 0xD6 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x30 0x11 0x17 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8257CEE-4AFA-676C-CCA2-74A1FE5DBFB1}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8257CEE-4AFA-676C-CCA2-74A1FE5DBFB1}@abdbekccjomigbjnjiomoejeleoodlpkpp 0x61 0x62 0x62 0x61 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8257CEE-4AFA-676C-CCA2-74A1FE5DBFB1}@bbdbekccjomigbjnjinmnljeaoogbeangdej 0x61 0x62 0x6B 0x70 ...

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    What is "Digg" and "Cracked"?

    Can you be more specific?

    ---------------------------------------------------------
     
  3. axeman61

    axeman61 Thread Starter

    Joined:
    Mar 19, 2003
    Messages:
    418
    Digg is the famous news aggregator where people vote up stories, and cracked is a comedy site famous for its lists. You never know when either will be nsfw, so I didn't put actual web suffixes at the end of them.

    I'm going to lay back on this topic. I posted for help somewhere else, and things are starting to pick up there. Don't want to waste anybody's time here unless things don't work out. I'll just keep this topic dormant until I need to come back to it.
     
  4. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    If you've posted for help in another forum and am making progress there, there's no sense in a gold/blue shield removal specialist assisting you here at this time.

    Your current HiJackThis and DDS.txt and Attach.txt logs also are no longer valid because of whatever is being done in the other forum.

    -----------------------------------------------------------
     
  5. axeman61

    axeman61 Thread Starter

    Joined:
    Mar 19, 2003
    Messages:
    418
    Oh. OK. I'm really sorry about that. I thought of it as simply covering all my bases, but can now see how it makes things harder. Can someone close this? I'd do it myself, but for some reason I can't edit my first post now.
     
  6. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    Unless a Moderator decides otherwise, let's keep the thread open for now until you're done at the other forum.

    After you're done there, come back here and advise us of the outcome.

    ---------------------------------------------------------
     
  7. axeman61

    axeman61 Thread Starter

    Joined:
    Mar 19, 2003
    Messages:
    418
    Things are going well now. The trojans stepped off, and I'm waiting for the prognosis on my latest scan logs I posted to the forum. This can definitely be closed. Thanks for your initial reviewing of my logs though.
     
  8. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,592
    Click the "Mark Solved" button at the top or bottom of this page.

    -----------------------------------------------------
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1057922