security tool virus

S

sammytheman

Member
Hy guys, I have been using my PC without any major viruses for the past 4 years but now I have this "Security Tool" virus that is really pissing me off. I have purchased Malwarebytes, did a full scan, deleted the virus, rebooted my PC and guess what? The virus is back on. I should sue Malwarebytes for false advertising. Anyhow, now I can't launch anything, except internet. I used "Rkill" to get end Security Tool but I get error saying "rkil.com is infected with virus...". I have Vista-64 and any help would be IMMENSELY appreciated. Thank you.
 
Can you post the malwarebytes log along with a hijackthis log.

Hello, please download and post a log with HiJackThis.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:07 AM, on 14/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [808443] "C:\Users\sammy\AppData\Local\808443.exe" 0 27
O4 - HKCU\..\RunOnce: [2742447307] "C:\Users\sammy\AppData\Local\2742447307.exe" 0 44
O4 - HKCU\..\RunOnce: [9779688243] "C:\Users\sammy\AppData\Local\9779688243.exe" 0 36
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10704 bytes
 
I still need to see the malwarebytes log and hijackthis needs to be ran in regular mode, not safe mode. Please post both logs.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:56 AM, on 15/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\mkv2vob\mkv2vob.exe
C:\Program Files (x86)\mkv2vob\tools\mencoder.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [808443] "C:\Users\sammy\AppData\Local\808443.exe" 0 27
O4 - HKCU\..\RunOnce: [9779688243] "C:\Users\sammy\AppData\Local\9779688243.exe" 0 36
O4 - HKCU\..\RunOnce: [2742447307] "C:\Users\sammy\AppData\Local\2742447307.exe" 0 44
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2817939442-3070413004-3664679193-1003\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SajjadSameerSawayz')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12025 bytes
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4426

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

15/08/2010 1:50:51 AM
mbam-log-2010-08-15 (01-50-51).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 367944
Time elapsed: 1 hour(s), 31 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
 
You are still infected with these entries.

O4 - HKCU\..\RunOnce: [808443] "C:\Users\sammy\AppData\Local\808443.exe" 0 27
O4 - HKCU\..\RunOnce: [9779688243] "C:\Users\sammy\AppData\Local\9779688243.exe" 0 36
O4 - HKCU\..\RunOnce: [2742447307] "C:\Users\sammy\AppData\Local\2742447307.exe" 0 44


Please download, update and run Superantispyware free edition and post the logfile from it.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Make sure its fully updated before running. To find the log, click on preferences on the main page and then click on the statistics/logs tab and then open the log and copy and paste back here.
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2010 at 00:57 AM

Application Version : 4.41.1000

Core Rules Database Version : 5361
Trace Rules Database Version: 3173

Scan type : Complete Scan
Total Scan Time : 00:54:53

Memory items scanned : 573
Memory threats detected : 0
Registry items scanned : 19323
Registry threats detected : 0
File items scanned : 41607
File threats detected : 218

Adware.Tracking Cookie
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@specificclick[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@myeztracking[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@chitika[2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@tribalfusion[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@imrworldwide[2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@networldmedia[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@adecn[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@kontera[2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@invitemedia[2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@atdmt[2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@2o7[2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@serving-sys[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@internationalsexguide[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@adcentriconline[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@yieldmanager[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@tacoda[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@doubleclick[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@revsci[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@advertising[1].txt
C:\Users\sammy\AppData\Roaming\Microsoft\Windows\Cookies\sammy@media6degrees[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atdmt[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@2o7[1].txt
.atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.a.findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.a.findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.a.findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.findarticles.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.revsci.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.revsci.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
ad1.clickhype.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
ads.lucidmedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
id.2.cqcounter.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.revenue.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\iqb3tjao.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
cloud.video.unrulymedia.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
ia.media-imdb.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
media.mtvnservices.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
media.scanscout.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
media1.break.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
objects.tremormedia.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
secure-us.imrworldwide.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
soundclick.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
vitamine.networldmedia.net [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
www.naiadsystems.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
www.pornhub.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
www.soundclick.com [ C:\Users\SajjadSameerSawayz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W6MLS4E3 ]
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@bluestreak[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@mediaplex[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@invitemedia[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@casalemedia[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@media6degrees[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@collective-media[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@atdmt[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@tribalfusion[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@pointroll[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@adbrite[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@serving-sys[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@apmebf[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@questionmarket[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@advertising[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@imrworldwide[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@yieldmanager[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@networldmedia[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@doubleclick[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@2o7[1].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@adcentriconline[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@statcounter[2].txt
C:\Users\SajjadSameerSawayz\AppData\Roaming\Microsoft\Windows\Cookies\sajjadsameersawayz@revsci[1].txt
2mdn.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
acvs.mediaonenetwork.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
alotporn.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
banners.securedataimages.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
bc.youporn.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
c2.zedo.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
cdn-small.content.adultcentro.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
cdn.eyewonder.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
cdn.insights.gravity.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
cdn4.specificclick.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
cdn5.specificclick.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
cloud.video.unrulymedia.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
ds.serving-sys.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
flvtools.spacash.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
googleads.g.doubleclick.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
gw.callingbanners.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
hzmedia.heyzap.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
i.adultswim.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
ia.media-imdb.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
input.insights.gravity.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
interclick.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
m.uk.2mdn.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
m1.2mdn.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
m1.emea.2mdn.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
macromedia.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.giantbomb.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.ign.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.jambocast.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.mtvnservices.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.onsugar.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.resulthost.org [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.scanscout.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.tattomedia.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media.thewb.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media01.kyte.tv [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media1.break.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media1.clearclips.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
media1.clubpenguin.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
mediaforgews.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
msnbcmedia.msn.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
msntest.serving-sys.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
naiadsystems.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
objects.tremormedia.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
richmedia247.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
s0.2mdn.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
secure-it.imrworldwide.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
secure-us.imrworldwide.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
securityclick.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
serving-sys.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
soundclick.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
static.plymedia.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
static.youporn.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
tc-cdn-1.porned.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
terroristmedia.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
vhss-a.oddcast.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
videomedia.ign.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
vitamine.networldmedia.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.adultswim.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.freepornofreeporn.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.freshteen.biz [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.hotxxxfeeds.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.mystatcounter.info [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.naiadsystems.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.pornhost.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.pornhub.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.pornpros.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.porntube.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.sexpornok.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.soundclick.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.terroristmedia.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.trackitdown.net [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.xxxtube.fr [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
www.zemnetmedia.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]
wwwstatic.megaporn.com [ C:\Users\sammy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4U5ZL73R ]

Trojan.Agent/Gen-Krpytik
C:\PROGRAM FILES (X86)\ELECTRONIC ARTS\RED ALERT 3\RLD-R3E1.EXE

Trojan.Agent/Gen-PWS
C:\WINDOWS\SYSWOW64\MSIPPSTH.DLL
 
I'm sorry, I should have asked you to post a fresh hijackthis log as well. Please post a fresh hijackthis log.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:39 PM, on 16/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [808443] "C:\Users\sammy\AppData\Local\808443.exe" 0 27
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files (x86)\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11145 bytes
 
Rerun hijackthis and place checks next to the following entries.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [808443] "C:\Users\sammy\AppData\Local\808443.exe" 0 27

Then click on fix checked at the bottom.

Then navigate here and delete the file 808443.exe

C:\Users\sammy\AppData

I see you have spybot installed. Reboot the system and make sure spybot is updated fully and then run a scan and post the log from it. Afterwards post a fresh hijackthis log.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:19 AM, on 17/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files (x86)\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9812 bytes
 
OK so this time spybot did not find any viruses yay!!!! I guess we are almost there. Thanks again johnb35, you are a genius. Also, this time after the reboot the "security tool" did not pop up :)
 
Let me know if you are having any more issues.

Also, I see that you don't have any active virus programs installed, I would suggest you download a free one such as AVG or AVAST or use Microsoft Security Essentials.
 
johnb35 said:
Let me know if you are having any more issues.

Also, I see that you don't have any active virus programs installed, I would suggest you download a free one such as AVG or AVAST or use Microsoft Security Essentials.
Click to expand...

When you say "active", what do you mean by that? Can't I run spybot and malwarebytes and leave it running in my taskbar? Thanks again. Also I had a bad experience with AVG before, where it really slowed my internet considerably.
 
You must log in or register to reply here.
Back
Top