Did The Read Me First. Posting Logs

Please attach the requested logs from TDSSKiller and MGtools.

Also tell us what malware problems you are currently having.

 

Your TDSSKiller log shows you Quarantined the below which you should not have done. These are all valid.

Also I see you ran ComboFix on 12/03/2012 before posting here. And it shows you have a missing system file:

You need find a backup on your hard disk and replace it.

You have way too many security programs installed. Didn't you notice the warnings in the READ & RUN ME?

You need to uninstall all of the below right now in an attempt to correct the problems caused by doing this:
Ad-aware 5.6
Ad-Aware Antivirus << Not recommended anyway. Even installs Blekko JUNK toolbar that is hard to get rid of.
Ad-Aware Security Add-on
SavetheChildren Reminder by We-Care.com v4.1.19.4 << not a security program but just junk!
SpeedMaxPc << not a security program but just junk!
Sygate Personal Firewall
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security

Also just to help cleanup from this, I suggest that you also uninstal Malwarebytes and SuperAntiSpyware ( even it they are just the free versions ) for now.

After uninstalling all of the above, continue with the below where I will add some redundant cleanup steps to make sure all of the left overs are removed. You still have things from Avast too.


Please download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe and select Run as administrator to run it.
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

:Services
aswSnx
aswSP
SASDIFSV
SASKUTIL
!SASCORE
aswFsBlk
ISWK
5885
SBAMSvc
SmcService
vsmon
 
:Files
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\adawarebp
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
C:\Documents and Settings\All Users\Application Data\blekko toolbars\toolbar.txt
C:\Documents and Settings\All Users\Application Data\blekko toolbars
C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
C:\Documents and Settings\Compaq_Owner\Application Data\Ad-Aware Antivirus
C:\Documents and Settings\Compaq_Owner\Application Data\adawaretb
C:\Documents and Settings\Compaq_Owner\Application Data\LavasoftStatistics
C:\Documents and Settings\Compaq_Owner\Application Data\SpeedMaxPc
C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\5885.sys
C:\WINDOWS\Temp\*.*
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\*.*
C:\aaw7boot.log
C:\Program Files\Ad-Aware Antivirus
C:\Program Files\adawaretb
C:\Program Files\ArcadeWeb
c:\program files\AVAST Software
C:\Program Files\CheckPoint
C:\Program Files\Conduit
C:\Program Files\ConduitEngine
C:\Program Files\SpeedMaxPc
C:\Program Files\SUPERAntiSpyware
C:\Program Files\Sygate
C:\Program Files\Common Files\SpeedMaxPc
C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
C:\Documents and Settings\All Users\Start Menu\Programs\avast! Antivirus
C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
C:\Documents and Settings\All Users\Start Menu\Programs\Sygate Personal Firewall
C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\SpeedMaxPc
c:\windows\system32\drivers\wg6n.sys
c:\windows\system32\drivers\wg5n.sys
c:\windows\system32\drivers\wg4n.sys
c:\windows\system32\drivers\wg3n.sys
c:\windows\system32\drivers\Teefer.sys 
c:\windows\system32\drivers\wpsdrvnt.sys
c:\windows\system32\SSSensor.dll
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswTdi.sys
c:\windows\system32\drivers\aswRdr.sys
c:\windows\system32\drivers\aswSnx.sys
c:\windows\system32\drivers\aswmon2.sys
c:\windows\system32\drivers\aswmon.sys
c:\windows\system32\drivers\aavmker4.sys
c:\windows\avastSS.scr
c:\windows\system32\aswBoot.exe
C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
C:\WINDOWS\Tasks\SpeedMaxPc.job
C:\WINDOWS\Tasks\SpeedMaxPc Update3.job
C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job
:Reg
[-HKEY_USERS\S-1-5-21-1504903751-3512302137-2254745066-1009\Software\Softonic]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\5885]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\5885]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
[-HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"=-
"SmcService"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"=-
 
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.



Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• the C:\_OTM\MovedFiles log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. We have some more left over stuff to remove from ZoneAlarm and Sygate to remove before we get to installing anything new.



Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O3 - Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (file missing)

After clicking Fix, exit HJT.

Please download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe and select Run as administrator to run it.
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

:Services
vsmon
 
:Files
C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
C:\WINDOWS\system32\drivers\gfiark.sys
C:\WINDOWS\system32\drivers\gfibto.sys
C:\WINDOWS\system32\vsdatant.sys
C:\Program Files\CheckPoint

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm_Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33013398-9228-42D7-A92A-38CA478F4D57}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{559788C7-8375-4B5E-B7BA-B5DBBD84DBB3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6749B472-63E5-49B4-964A-4B76A33BC768}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A271321-D7E2-46FE-9BF6-2CFD47556FB8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6BC900A-520A-4D95-A23F-4ED82A930609}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. Your logs are good now.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!