I have spyware and it's pissing me off

[Tyche]

So I fdisked a few weeks ago and never put spybot S&D back on. Now I have spyware taht is blocking me from going to their site. It's also 404ing me on lavasoft's site for adaware. I grabbed spybot S&D from the download.com link in the sticky, but when installing, it won't let me update, get the message...

"Error sending request."

"A connection with the server could not be established"

Rebooted into safe mode with networking and still no dice. God dammit. Halp.

[Cephius]

Sounds like the new variation of the Vundo virus. Get combofix and malware bytes from alternative download locations that it doesn't block. If you can't find one, PM me and I'll give you access to my FTP that has them.

1) Reboot into safemode
2) Run Combofix (ignore messages about trial expiring or windows restore being disabled). This should remove most of the virus
3) Run Malware Bytes quick scan in safe mode to clean up the rest of it. It'll flag shit to be removed on reboot. Reboot once it's done.
4) Go into normal windows, run a full scan with malware bytes to make sure the infection is gone. If it picks up nothing, you should be good.

[Correction]

Try visiting the sites via their IP addresses. If this works you can safely assume they're fucking with your DNS cache or HOSTS file, both are pretty easy to repair.

lavasoft.com = Ad-Aware @ Lavasoft - The Original Anti-Spyware Company - Lavasoft

your hosts file lives in system32\drivers\etc\

check it for suspicious entries.

If you can still access download.com try running

Trend Micro HijackThis - Free software downloads and reviews - CNET Download.com

There's a little video showing you how to use it. Post the log here and I'm sure someone will spot your problem and tell you what to delete.

[Cephius]

Try visiting the sites via their IP addresses. If this works you can safely assume they're fucking with your DNS cache or HOSTS file, both are pretty easy to repair.

lavasoft.com = Ad-Aware @ Lavasoft - The Original Anti-Spyware Company - Lavasoft

your hosts file lives in system32\drivers\etc\

check it for suspicious entries.

If you can still access download.com try running

Trend Micro HijackThis - Free software downloads and reviews - CNET Download.com

There's a little video showing you how to use it. Post the log here and I'm sure someone will spot your problem and tell you what to delete.

If this is the virus I think it is, and it sounds like it is, it doesn't change the DNS settings or modify the host file. Not in anyway that I could figure out anyway. The process tree can't be killed with normal programs (nod32, symantec, etc) and killbox doesn't work on the dlls. Its a stubborn fucker. The only way I've found to get rid of it is to safe mode -> combofix -> malware bytes -> reboot -> full scan.

This virus blocks the IPs and hostnames from resolving to most security related websites. It disables auto-protect on common anti-virus apps, then spams links for Antivirus 2009 downloads and locks up the computer if you try to force-close the popups. I've seen it at work a few times already, seems pretty new.

[Tyche]

no dice on trendmicro.com or the malwarebytes site. What a shitty virus

[Cephius]

Yeah. It blocks every antivirus/antispyware/security website I could think of. Symantec has no definition update for it yet, so the Symantec Corporate Edition we use at work is pretty much useless. The first time I had to work on this fucker it took me like 2 hours to get rid of, pain the arse!

[Tyche]

it takes me to strikingoffers.com when i fucking search for security software.

[Tyche]

I can't download a single damned program. No malwarebytes, no hijackthis, no combofix, nothing. beyond annoying.

[Tyche]

So I managed to grab copies of combofix and malwarebytes from bittorrent, but, shockingly, they wouldn't open. They will be active in the task manager but no window will pop up. I rebooted into safe mode to reattempt and I still get nothing but showing the program active in task manager with no window. When I google search, i get redirected to sites like "strikingoffer.com" I'm beyong my fucking witts with this and patience is growing quite thin. I'm ready to toss this motherfucking PC out the god damned window. Anyone have anything that may be of any help?

[Plow]

Do you have an extra hard drive sitting around? Or even another bootable partition on the one you're using?

Probably going to need to attack it from outside.

[Tyche]

OK, so I need to first off thank Cephius. Combofix did the trick (and it wasn't even the newest version). Here's the story.

I was grabbing the programs via bittorrent because I couldn't download from any of the websites. So I grabbed them off bittorrent and oddly enough, they wouldn't open. They'd show up in my process tree, but not physically open. I went to safe mode and tried again. Still nothing. I got this quirky idea to rename the host program of the security software to some arbitrary name. I think I used sand.exe of something random. Program actually physically opened. I started off with malwarebytes full scan. Found 2 trojans and didn't fix the issue. I had to grab combofix and rename it. Amazing program, fixed the issue in 10 minutes. None of the security software would update (i guess they tried to update from their host site and the virus was blocking). Luckily the combofix version I had took care of the rootkit. I'll post the log just in case you are curious. The bolded section "TDSSxxxx" files are the ones that were removed.

ComboFix 09-01-05.05 - Admin 2009-01-06 20:42:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.314 [GMT -6:00]
Running from: c:\documents and settings\Admin\Desktop\Sandd7.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\inst.exe
c:\windows\system32\drivers\TDSSpxwe.sys
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSSdxgp.dll
c:\windows\system32\TDSSkkao.log
c:\windows\system32\TDSSmtpe.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnpur.dll
c:\windows\system32\TDSSoitu.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSshyf.log
c:\windows\system32\TDSSyoqm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 19:26 . 2009-01-06 19:26 <DIR> d-------- c:\documents and settings\Admin\Application Data\Malwarebytes
2009-01-06 19:24 . 2009-01-06 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 19:24 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 19:24 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 19:16 . 2009-01-06 19:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-06 19:16 . 2009-01-06 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 18:06 . 2009-01-06 18:08 <DIR> d-------- c:\program files\Yahoo!
2009-01-06 18:06 . 2009-01-06 18:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-06 17:47 . 2008-10-08 16:29 28,672 --a------ c:\windows\system32\drivers\RKHit.sys
2009-01-06 17:39 . 2009-01-06 19:25 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 21:01 . 2009-01-05 21:01 <DIR> d-------- c:\program files\River Past
2009-01-05 21:01 . 2009-01-05 21:01 <DIR> d-------- c:\program files\Common Files\River Past
2009-01-05 21:01 . 2009-01-05 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G5
2009-01-05 21:01 . 2009-01-05 21:01 <DIR> d-------- c:\documents and settings\Admin\Application Data\River Past G5
2009-01-05 21:01 . 2009-01-05 21:01 165,013 --a------ c:\windows\Audio Converter Pro Uninstaller.exe
2008-12-29 06:58 . 2008-12-29 06:58 268 --ah----- C:\sqmdata02.sqm
2008-12-29 06:58 . 2008-12-29 06:58 244 --ah----- C:\sqmnoopt02.sqm
2008-12-28 13:53 . 2008-12-28 13:53 244 --ah----- C:\sqmnoopt01.sqm
2008-12-28 13:53 . 2008-12-28 13:53 232 --ah----- C:\sqmdata01.sqm
2008-12-27 11:02 . 2008-12-27 11:02 <DIR> d-------- c:\program files\Winamp
2008-12-27 11:02 . 2008-12-27 11:05 <DIR> d-------- c:\documents and settings\Admin\Application Data\Winamp
2008-12-21 13:14 . 2008-12-21 13:14 <DIR> d-------- c:\program files\TVAnts
2008-12-16 01:46 . 2008-12-16 01:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-12-14 21:28 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-14 21:28 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-14 21:28 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-14 21:28 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-14 21:28 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-14 21:28 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-14 21:28 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-14 21:28 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-13 23:34 . 2008-12-13 23:34 <DIR> d-------- c:\program files\mkv2vob
2008-12-13 23:33 . 2008-12-13 23:33 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-13 22:15 . 2008-12-13 22:15 244 --ah----- C:\sqmnoopt00.sqm
2008-12-13 22:15 . 2008-12-13 22:15 232 --ah----- C:\sqmdata00.sqm
2008-12-10 20:05 . 2008-12-10 20:05 <DIR> d-------- c:\documents and settings\Admin\Application Data\MSNInstaller
2008-12-07 22:57 . 2008-12-07 22:57 192,512 --a------ c:\windows\system32\txmlutil.dll
2008-12-07 22:41 . 2008-12-07 22:41 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-12-07 22:41 . 2008-12-07 22:41 385 --a------ c:\windows\system32\user_gensett.xml
2008-12-07 22:35 . 2008-12-07 22:35 <DIR> d-------- c:\windows\system32\logs
2008-12-07 22:34 . 2008-12-07 23:09 <DIR> d-------- c:\program files\BitDefender
2008-12-07 22:30 . 2008-12-07 22:30 <DIR> d-------- c:\windows\system32\URTTEMP
2008-12-07 22:29 . 2008-12-07 23:09 <DIR> d-------- c:\program files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-07 02:40 --------- d-----w c:\documents and settings\Admin\Application Data\uTorrent
2009-01-07 01:10 --------- d-----w c:\program files\PeerGuardian2
2009-01-01 07:54 --------- d-----w c:\documents and settings\Admin\Application Data\Vso
2008-12-07 06:08 --------- d-----w c:\program files\Common Files\Adobe
2008-12-06 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone
2008-12-06 06:24 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-12-06 06:24 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-06 06:19 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-06 06:19 --------- d-----w c:\documents and settings\Admin\Application Data\DAEMON Tools
2008-12-06 05:07 --------- d-----w c:\program files\Rosetta Stone
2008-12-02 05:55 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-02 05:23 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-02 01:45 --------- d-----w c:\program files\Adobe Media Player
2008-12-02 01:39 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 23:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-01 23:07 --------- d---a-w c:\program files\Stardock
2008-12-01 23:04 --------- d-----w c:\program files\Common Files\Stardock
2008-12-01 22:58 --------- d-----w c:\program files\MSBuild
2008-12-01 22:58 --------- d-----w c:\program files\Microsoft Works
2008-11-30 19:55 --------- d-----w c:\program files\RocketDock
2008-11-28 18:32 --------- d-----w c:\program files\MSN Messenger
2008-11-28 02:37 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-28 02:37 47,360 ----a-w c:\documents and settings\Admin\Application Data\pcouffin.sys
2008-11-28 02:36 --------- d-----w c:\program files\VSO
2008-11-28 02:17 --------- d-----w c:\program files\TVersity Codec Pack
2008-11-28 02:13 --------- d-----w c:\program files\TVersity
2008-11-27 05:37 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-11-27 05:37 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-11-27 05:37 361,600 ----a-w c:\windows\system32\dllcache\TCPIP.SYS
2008-11-27 04:06 --------- d--ha-w c:\documents and settings\All Users\Application Data\GTek
2008-11-27 04:05 --------- d--h--w c:\documents and settings\Admin\Application Data\GTek
2008-11-27 04:05 --------- d-----w c:\program files\Linksys EasyLink Advisor
2008-11-27 02:52 --------- d-----w c:\documents and settings\Admin\Application Data\Media Player Classic
2008-11-27 02:02 --------- d-----w c:\program files\uTorrent
2008-11-27 01:56 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-27 01:56 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-27 01:23 --------- d-----w c:\program files\Styler
2008-11-27 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-27 01:23 --------- d-----w c:\documents and settings\Admin\Application Data\Styler
2008-11-27 01:15 5,473,792 ----a-w c:\windows\system32\logonuiX.exe
2008-11-27 01:15 --------- d-----w c:\program files\WinCustomize
2008-11-27 01:13 --------- d-----w c:\documents and settings\Admin\Application Data\Nero
2008-11-27 01:12 --------- d-----w c:\program files\Common Files\Nero
2008-11-27 01:11 --------- d-----w c:\program files\Nero
2008-11-27 01:11 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-27 01:07 --------- d-----w c:\program files\System
2008-11-27 01:06 --------- d-----w c:\program files\AutoPlay Media Studio 7.0
2008-11-27 01:06 --------- d-----w c:\documents and settings\All Users\Application Data\IndigoRose
2008-11-27 01:06 --------- d-----w c:\documents and settings\Admin\Application Data\Downloaded Installations
2008-11-27 00:59 --------- d-----w c:\program files\Windows Sidebar
2008-11-27 00:59 --------- d-----w c:\program files\Alky for Applications
2008-11-27 00:56 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-27 00:51 --------- d-----w c:\program files\VistaExperience.org
2008-11-27 00:49 --------- d-----w c:\program files\Babylon
2008-01-07 18:42 1,052 ----a-w c:\documents and settings\Admin\Nero8280.reg
.

------- Sigcheck -------

2008-11-26 23:37 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\dllcache\TCPIP.SYS
2008-11-26 23:37 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\TCPIP.SYS

2008-08-14 03:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\SoftwareDistribution\Download\e76b316b6 389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
2008-08-14 03:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\SoftwareDistribution\Download\e76b316b6 389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
2008-08-14 03:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\SoftwareDistribution\Download\e76b316b6 389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
2008-08-14 17:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\SoftwareDistribution\Download\e76b316b6 389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
2008-09-08 15:00 2227072 72806374884b26de594c2e5ffbb2b285 c:\windows\system32\ntkrnlpa.exe

2008-08-14 04:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SoftwareDistribution\Download\e76b316b6 389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
2008-08-14 03:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\SoftwareDistribution\Download\e76b316b6 389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
2008-08-14 04:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\SoftwareDistribution\Download\e76b316b6 389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
2008-08-14 18:11 2189184 31914172342bff330063f343ac6958fe c:\windows\SoftwareDistribution\Download\e76b316b6 389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
2008-09-08 14:56 2350208 af263738fad02e11d21f2c8f18054c80 c:\windows\system32\ntoskrnl.exe

2008-04-11 08:00 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-10-14 863688]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-10-14 863688]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-24 7626752]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-09-24 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-09-24 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-09-08 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 00:57 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe "=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"<NO NAME>"=

S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2009-01-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-DivXOP - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webjam.com/hot_spring_mommies_of_2007/discussions__community
uInternet Connection Wizard,ShellNext = hxxp://www.dslreports.com/speedtest
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8c6ywczx.default\
FF - prefs.js: browser.startup.homepage - hxxp://insightbb.com/
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 20:45:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Completion time: 2009-01-06 20:49:42
ComboFix-quarantined-files.txt 2009-01-07 02:48:29

Pre-Run: 11,745,501,184 bytes free
Post-Run: 11,820,572,672 bytes free

241

[Mansin]

I had this problem on someone's PC I was fixing.
Use an alternate PC to download Malwarebytes and any other security software you want to a USB flash drive, and drag and drop them onto your Desktop.
Rename Malwarebytes whatever you want BEFORE opening it on the infected computer. Name it One Million Dicks or something, doesn't matter. After the rename, the setup should run. After the install, you can try to update but chances are you won't be able to. Run a Quick Scan and delete whatever it finds, restart and you should be able to update. After an update run a complete scan, which should get rid of most of the leftovers.


Edit: well dicks, I should have read you last post in better detail, I thought it was just a log. Disregard all of this, I suck cocks.

[Fira]

Had something similar to that on a pc a while back. Spyware Guard 2008 or something, had to rename malwarebites and superantispyware to get rid of it.