GT500

Emsisoft Employee
  • Content Count

    11482
  • Joined

  • Days Won

    331

Everything posted by GT500

  1. It looks like ComboFix cleaned up most of the infection on its own. Lets get a second opinion just to make sure. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  2. I like Linux, however UBCD4Win has so many utilities built into it that it can be an indispensable boot disk. In this case, Linux would have been easier, since it's just a free download. UBCD4Win is a version of Windows that Microsoft calls Windows PE, and the program that creates a UBCD4Win disk requires a Windows XP or Windows 2003 disk in order to create a UBCD4Win disk (it needs to be able to use the files that are on a Windows XP or Windows 2003 disk), so if you don't have a Windows XP or Windows 2003 disk then you will not be able to create a UBCD4Win disk.
  3. OK, that log looks better. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  4. OK, I have written a script that will tell ComboFix how to delete some stuff I saw in your log. Here are instructions on what to do with the script: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7831-i-have-malwarewin32amn/ KillAll:: Driver:: X6va005 Collect:: c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe c:\users\NERDXL~1\AppData\Local\Temp\0058610.tmp File:: c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk c:\programdata\Best Buy pc app\ClickOnceSetup.exe c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk Registry:: [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"=- "Setwallpaper"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" DDS:: uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html uStart Page = hxxp://search.imesh.com/ RegLock:: [HKEY_USERS\S-1-5-21-306707037-1551457355-2866716586-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] [HKEY_USERS\S-1-5-21-306707037-1551457355-2866716586-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). [*] Close Notepad and verify that the CFScript file is saved on your desktop. [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  5. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  6. I hope they know how to deal with ZeroAccess. It is possible to repair a ZeroAccess infection via boot disks, however most techs that work in stores like Office Depot don't know how to do it. I have a feeling that they will want to reinstall Windows. As for spreading the infection via the flash drive, normally they would be correct, however if you were backing up your data from a Linux boot disk then you would have to manually copy an infected file to the flash drive and then run or open that file on another computer to spread the infection.
  7. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  8. It looks like you might be able to get a 16GB USB flash drive from RadioShack for under $50, however unless you know how much data you will need to back up, then I do recommend buying an external hard drive with a high capacity. There are external hard drives that can store a significantly larger amount of data than flash drives, although they do tend to be a little larger and heavier, and they are easier to damage when they are dropped or when they receive too much shock from vibrations. Fortunately, even with their drawbacks, they also tend to be inexpensive compared to flash memory and they can store a lot more data at a much lower price.
  9. Please follow the instructions at this link and attach your logs to a reply to this topic by using the More Reply Options button to the lower-right of where you type in your reply.
  10. It looks like the issue with the Adobe Flash installer not being trusted. Try marking the file as trusted and as an installer, and let me know if that helps.
  11. We'll probably need some logs to see what the problem is. Open Online Armor, go to 'Options' in the menu on the left, click the little check box to enable debug mode (just above the "Run Safety Check Wizard", restart your computer, and then try the update again. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs) and attach it to a reply for me. Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to "Send To", and clicking on "Compressed (zipped) Folder".
  12. Could you please post a screenshot of the message? Here's a link to instructions on taking a screenshot, and you can attach it to a reply by clicking on the More Reply Options button to the lower-right of where you type in your reply.
  13. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  14. Yes, you will most likely need to create a Linux disk from another computer. It doesn't matter which version of Windows you have, so long as you have a blank CD and can burn data to it. Linux disks are downloaded as a file that needs to be burned to a disk in a special way. They call it a disk image, or an ISO image, and it usually needs to be burned in a special way. Windows 7 allows you to right-click on an ISO image and burn it to a CD. Most CD burning software also has an option to burn an ISO image to a disk.
  15. I've been talking to one of our researchers, and that file is a Windows System File. The reason scans are failing on that file could be due to filesystem damage and it could be due to physical damage to your hard drive. Follow the instructions at this link, and instead of loading Safe Mode load the Recovery Environment. Once you get into the Recovery Environment, you should see a screen like this: You'll want to click the link to load the Command Prompt. At the Command Prompt, type out chkdsk /R C: and it will check the filesystem for errors and check every sector on the hard drive for damage. Any repairs to the filesystem will be made automatically, and any bad sectors on your hard drive will be marked so that Windows won't try to write data in them.
  16. If you don't have a utility such as 7-Zip, WinZip, or WinRar then you can right-click on the file, go to Send to, and then click Compressed (zipped) folder. Windows will add the file to a ZIP archive that you can attach to a reply.
  17. Here is a download of a ZIP archive that contains a batch file. When run, this batch file will enable debug mode in Emsisoft Anti-Malware. Please extract this batch file from the ZIP archive, and make sure that you run it as an administrator. A black window will open momentarily, and it will quickly disappear once it is done (it should only take a second to make the change). After you run that batch file, please be sure to restart your computer, and then download DebugView from this link and follow these instructions: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Do whatever it is you need to in order to replicate the issue. After you have replicated the issue you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. Please attach that log file to a reply so that we may analyze it for errors.
  18. Your logs don't look bad, and according to this information the file that was detected is a Conexant modem driver. It looks like Ikarus detected it, so my first instinct is that this is a false positive. Would it be possible for you to ZIP a copy of the file and attach it to a reply? You'll need to click the More Reply Options button to the lower-right of where you type in your reply.
  19. If you have an external hard drive, and a bootable disk (Fedora Linux or Ubuntu for instance) then you should be able to recover your data. A BartPE or UBCD4Win disk will work as well, however they require a Windows XP CD to create. If you want to try the Linux disks, you can get one of the editions of Fedora from this link (I recommend either the KDE or the Xfce versions, as they will most likely be easier for you to use), and you can get Ubuntu from this link. When you start your computer up off of these disks, you will be able to browse the files on your hard drive and copy them to your flash drive or external hard drive.
  20. The Windows XP recovery disk is a bit different, and probably won't be able to access the System Restore from an installation of Windows 7. Do you have access to a Windows 7 computer with a CD burner where you have administrative rights?
  21. Do you have a Windows 7 disk?
  22. There are a few reasons why your computer's fans would be making a lot of noise. One could be bearing damage that causes noise when the fans spins faster, another could be too much dust in the fans, and there's also the possibility of an electrical issue. A bearing issue cannot be fixed, however if you have a good silicon based lubricant then many fans have a way to add lubricant in order to extend the lifespan of the fans. If it's just dust, then that can be removed with a can of compressed air. A power issue can usually be solved by plugging your computer in through a UPS (Uninterruptible Power Supply). Most UPS units will filter power, and this can help with a lot of issues (I've seen computers perform better when connected to a UPS, speakers emit less static when the volume was turned up, and various other small improvements when plugged in to a UPS). Of course, even if any of those suggestions resolve the issue you are experiencing, I'm sure you'll still be wondering why the update process causes the fans to make noise. It's possible that some extra processing power is required for the updates, and this can cause the processor to heat up a little bit, which causes the fans to spin faster. How much your processor heats up depends on what processor your computer has and how good the heatsink and airflow inside the computer are.
  23. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please copy the contents of the following CODE box, and in OTL under the Custom Scans/Fixes box at the bottom, paste in what you just copied from the following CODE box: :OTL SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (PermissionResearch) -- C:\Program Files\PermissionResearch\prservice.exe (TMRG, Inc.) SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.link180.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 1A 52 E4 CA 1E CC 01 [binary data] IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173 FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Swag Bucks Customized Web Search" FF - prefs.js..extensions.enabledItems: [email protected]:1.2 FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.8.1.0 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.3 FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\PermissionResearch [2012/04/04 21:49:28 | 000,000,000 | ---D | M] [2012/03/09 20:30:48 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012/03/07 16:32:11 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} [2011/02/15 05:34:11 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\[email protected] [2011/10/06 01:03:52 | 000,000,923 | ---- | M] () -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\searchplugins\conduit.xml [2012/04/04 23:11:01 | 000,001,540 | ---- | M] () -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\searchplugins\swagbuckscom.xml [2012/04/04 21:49:28 | 000,000,000 | ---D | M] (PermissionResearch) -- C:\PROGRAM FILES\PERMISSIONRESEARCH [2011/06/04 21:09:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2011/06/04 21:09:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll [2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll CHR - default_search_provider: search_url = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173 CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - Extension: Entanglement = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\ CHR - Extension: Poppit = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: PermissionResearch = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.331.4_0\ O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.) O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com) O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com) O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com) O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O4 - HKLM..\Run: [selectRebates] C:\Program Files\SelectRebates\SelectRebates.exe () O4 - HKCU..\Run: [{4669E75E-65D5-159C-A4BC-C1109D1D8AD6}] C:\Users\BPV\AppData\Roaming\Tiloap\firisi.exe (TLN Team) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Ygvum [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Qyux [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Budilu @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:07C99568 @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:63CD0333 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471 :Commands [EMPTYTEMP] [RESETHOSTS] Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  24. That's OK, I don't want you to reinstall Windows. There's a special disk you can make called Ultimate Boot CD 4 Windows (UBCD4Win), and all you need to make it is a Windows XP disk, a blank CD, and a CD burner. You should be able to run a System Restore from this disk. Although, now that I think about it, Windows 7 should have an option when starting up to load the Recovery Environment, which you should be able to run a System Restore from as well. That will allow you to restore your computer back to a time before the infection happened, which should repair your system's networking services. You can load the Recovery Environment by following the instructions at this link and select to load the Recovery Environment instead of Safe Mode.