Find your solution!

Arctik · 01-Jul-2009, 11:44 AM #1

Heya,

I clicked on a link from a forum I frequent on, and it started acting weird, froze my pc etc.
I managed to end the browser process, but from then on I keep getting alerts from AVG about ws2_32.dll
Now, I know this dll is used by a lot of programs to run, However, I never got virus alerts from it before. I have tried fixing the issue with AVG to no avail. Each time I open a program (and it now does it with AVG as well), the virus alert comes up.

Am I able to delete this DLL and download a replacement?

Please advise

Last resort is reinstalling as there is a lot of stuff on this PC, some of it isn't mine.

Thanks!

**Cookiegal** · 01-Jul-2009, 11:48 AM #2

Where does AVG say that file is located and what is the name of the infection it says it detected?

Click here to download HJTsetup.exe.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Arctik · 01-Jul-2009, 12:17 PM #3

Hey,

AVG states that the file is located in the system32 folder.

I can't actually get HJT to run because of this virus. Each time I try to run it, as well as some other programs, I get the virus warning. Some programs manage to run, others just close.

Thanks for the rapid response!

**Cookiegal** · 01-Jul-2009, 12:26 PM #4

Try renaming the HijackThis.exe to puppy.exe and then see if it will run. I don't mean the shortcut on your desktop, you have to go into the program's folder directly then right-click on the file and select rename. Then double-click on the puppy.exe to run the program.

Arctik · 01-Jul-2009, 12:30 PM #5

You legend

That worked! Below is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:57, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\puppy.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Live Help Messenger Desktop] C:\Program Files\Stardevelop Pty Ltd\Live Help Messenger Desktop\LiveMessengerDesktop.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tescop...eUploader5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Access Connection Manager RasManWZCSVC (RasManWZCSVC) - Unknown owner - C:\WINDOWS\TEMP\27.tmp.exe (file missing)

--
End of file - 8164 bytes

**Cookiegal** · 01-Jul-2009, 12:49 PM #6

There is definitely infection showing in the log.

The following process also involves renaming the program at the time of download.

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

[b][color=blue]Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Arctik · 01-Jul-2009, 01:32 PM #7

Ok, below is the log for combofix. I've had to seperate them into two posts due to the length.

ComboFix 09-07-01.01 - Rob 01/07/2009 18:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1144 [GMT 1:00]
Running from: c:\documents and settings\Rob\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twext.exe

Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ws2_32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RASMANWZCSVC
-------\Service_RasManWZCSVC

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 16:16 . 2009-07-01 16:16 -------- d-----w- c:\program files\File Shredder
2009-07-01 16:15 . 2009-07-01 16:15 -------- d-----w- c:\program files\Trend Micro
2009-07-01 12:58 . 2009-07-01 12:58 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-01 12:57 . 2009-07-01 12:58 91 --s-a-w- c:\windows\system32\1831221540.dat
2009-07-01 12:57 . 2009-07-01 12:57 51712 --sh--r- c:\windows\system32\1037a.exe
2009-06-30 10:55 . 2009-06-30 10:55 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\ArmA 2 Demo
2009-06-30 10:55 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-30 10:55 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-30 10:55 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-30 10:55 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-30 10:55 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-30 10:55 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-30 10:55 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-30 10:55 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-30 10:55 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-30 10:55 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-30 10:52 . 2009-06-30 10:52 -------- d-----w- c:\windows\Logs
2009-06-30 09:39 . 2009-06-30 09:39 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Adobe
2009-06-30 09:39 . 2009-06-30 09:39 -------- d-----w- c:\documents and settings\Rob\Application Data\AdobeUM
2009-06-29 16:49 . 2009-06-29 16:49 -------- d-sh--w- c:\documents and settings\Rob\IECompatCache
2009-06-29 14:11 . 2009-07-01 17:11 -------- d-----w- c:\documents and settings\Rob\Application Data\DNA
2009-06-29 14:11 . 2009-07-01 14:59 -------- d-----w- c:\program files\DNA
2009-06-29 14:11 . 2009-06-29 14:11 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\DNA
2009-06-29 14:11 . 2009-06-29 14:11 -------- d-----w- c:\program files\AskBarDis
2009-06-26 14:13 . 2009-06-26 14:43 -------- d-----w- c:\documents and settings\Rob\Application Data\Hamachi
2009-06-26 14:13 . 2009-06-26 14:13 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-26 13:02 . 2009-06-26 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-06-26 12:59 . 2009-06-04 15:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-26 12:59 . 2009-06-26 12:59 -------- d-----w- C:\NVIDIA
2009-06-26 12:41 . 2009-06-26 12:41 -------- d-----w- c:\program files\Microsoft Games
2009-06-26 09:31 . 2009-06-26 09:31 -------- d-----w- c:\program files\iPod
2009-06-26 09:31 . 2009-06-26 09:31 -------- d-----w- c:\program files\iTunes
2009-06-26 09:31 . 2009-06-26 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-26 09:29 . 2009-06-26 09:30 -------- d-----w- c:\program files\QuickTime
2009-06-26 09:27 . 2009-06-05 10:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-26 09:25 . 2009-06-26 09:25 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-26 09:24 . 2009-06-26 09:24 -------- d-----w- c:\program files\Bonjour
2009-06-26 09:23 . 2009-06-26 09:23 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Apple
2009-06-25 11:24 . 2009-06-25 11:24 -------- d-----w- c:\documents and settings\Rob\Application Data\Apple Computer
2009-06-25 11:23 . 2009-06-25 11:24 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Apple Computer
2009-06-24 09:03 . 2009-06-19 14:28 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-06-24 09:03 . 2009-06-19 14:29 11952 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-06-24 09:03 . 2009-06-19 14:29 486680 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-06-24 09:03 . 2009-06-19 14:29 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-06-24 09:01 . 2009-06-19 14:26 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-06-24 09:01 . 2009-06-19 14:26 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-24 09:01 . 2009-06-19 14:26 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-06-24 09:01 . 2009-06-19 14:26 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-06-22 20:08 . 2009-06-23 17:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-20 18:47 . 2009-06-22 14:17 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\stardevelop.com
2009-06-20 15:17 . 2009-06-29 18:30 -------- d-----w- c:\documents and settings\Rob\Application Data\FileZilla
2009-06-20 15:17 . 2009-06-20 15:17 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-20 14:34 . 2009-06-20 14:38 -------- d-----w- c:\documents and settings\Rob\Application Data\stardevelop.com
2009-06-19 21:58 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\Rob\Application Data\U3\temp\cleanup.exe
2009-06-19 18:33 . 2009-06-25 11:56 -------- d-----w- c:\documents and settings\Rob\Application Data\.purple
2009-06-19 18:32 . 2009-06-19 18:32 -------- d-----w- c:\program files\Common Files\GTK
2009-06-19 17:32 . 2009-06-19 17:32 -------- d-----w- c:\program files\Password Agent
2009-06-19 17:31 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\Rob\Application Data\U3\temp\Launchpad Removal.exe
2009-06-19 17:31 . 2009-06-19 17:31 -------- d-----w- c:\documents and settings\Rob\Application Data\U3
2009-06-19 17:28 . 2009-06-25 19:16 4742224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 17:23 . 2009-06-20 14:16 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-19 17:23 . 2009-06-19 17:23 -------- d-----w- c:\program files\Reference Assemblies
2009-06-19 17:22 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-19 15:26 . 2009-06-19 15:26 -------- d-----w- c:\program files\CCleaner
2009-06-19 15:25 . 2009-06-19 15:25 -------- d-----w- c:\documents and settings\Rob\Application Data\MSNInstaller
2009-06-19 15:23 . 2009-06-19 15:23 152576 ----a-w- c:\documents and settings\Rob\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-18 15:31 . 2009-06-20 14:34 76456 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 15:31 . 2009-06-18 15:31 126 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\fusioncache.dat
2009-06-18 12:42 . 2009-06-18 12:45 -------- d-----w- c:\documents and settings\Rob\Application Data\Ventrilo
2009-06-18 12:41 . 2009-06-18 12:41 -------- d-----w- c:\program files\Ventrilo
2009-06-18 12:41 . 2009-06-18 12:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 11:10 . 2009-07-01 16:10 -------- d-----w- c:\program files\Steam
2009-06-18 11:00 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-18 11:00 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 10:56 . 2009-07-01 15:00 -------- d-----w- c:\documents and settings\Rob\Tracing
2009-06-18 10:52 . 2009-06-18 10:52 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-18 10:51 . 2009-06-18 10:51 -------- d-----w- c:\windows\{1607E3B3-7E5C-42AD-86D7-83DF0ABF116E}
2009-06-18 10:48 . 2009-06-18 10:48 -------- d-----w- c:\program files\eConnect - HomePlug
2009-06-18 10:48 . 2004-04-26 17:53 94208 ----a-w- c:\windows\system32\PLCLIB.dll
2009-06-18 10:48 . 2004-04-26 17:21 17584 ----a-w- c:\windows\system32\PLCNDIS4.SYS
2009-06-18 10:48 . 2004-04-26 17:11 17280 ----a-w- c:\windows\system32\PLCNDIS5.SYS
2009-06-18 10:42 . 2009-06-18 10:42 -------- d-sh--w- c:\documents and settings\Rob\PrivacIE
2009-06-13 06:10 . 2009-06-13 06:10 -------- d-sh--w- c:\documents and settings\Ruth\IECompatCache
2009-06-10 17:33 . 2009-06-10 17:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 17:33 . 2009-06-10 17:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 17:33 . 2009-06-10 17:33 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 17:33 . 2009-06-10 17:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 07:28 . 2009-06-10 07:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 07:28 . 2009-06-10 07:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 07:28 . 2009-06-10 07:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 07:28 . 2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 07:28 . 2009-06-10 07:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 07:28 . 2009-06-10 07:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 07:28 . 2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 07:28 . 2009-06-10 07:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 16:11 . 2009-02-12 22:42 0 ----a-w- c:\documents and settings\Ruth\Local Settings\Application Data\prvlcl.dat
2009-07-01 12:56 . 2009-07-01 12:56 69120 ----a-w- c:\windows\system32\26.tmp
2009-06-26 12:52 . 2006-04-08 12:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 09:31 . 2009-01-17 13:44 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 12:05 . 2006-04-08 12:53 -------- d-----w- c:\program files\Roxio
2009-06-25 12:03 . 2006-04-08 12:46 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-24 09:03 . 2009-02-06 21:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 09:03 . 2009-01-17 10:07 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 09:03 . 2009-01-17 10:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 08:01 . 2009-01-17 13:31 -------- d-----w- c:\program files\Windows Live
2009-06-20 07:57 . 2009-01-23 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-19 17:28 . 2009-01-17 09:56 -------- d-----w- c:\program files\MSBuild
2009-06-19 15:26 . 2006-04-08 12:47 -------- d-----w- c:\program files\Microsoft Works
2009-06-19 15:24 . 2006-04-08 12:41 -------- d-----w- c:\program files\Java
2009-06-19 15:17 . 2006-04-08 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-19 15:17 . 2006-04-08 12:50 -------- d-----w- c:\program files\Common Files\AOL
2009-06-19 15:17 . 2009-06-18 10:41 -------- d-----w- c:\documents and settings\Rob\Application Data\AOL
2009-06-19 15:17 . 2009-01-17 07:36 -------- d-----w- c:\documents and settings\Ruth\Application Data\AOL
2009-06-19 15:15 . 2006-04-08 12:45 -------- d-----w- c:\program files\Dell
2009-06-19 14:40 . 2009-01-17 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-19 14:29 . 2009-06-24 09:04 325896 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-06-19 14:29 . 2009-06-24 09:04 692504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcsrvx.exe
2009-06-19 14:29 . 2009-06-24 09:04 382744 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgclitx.dll
2009-06-19 14:29 . 2009-06-24 09:04 417560 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcclix.dll
2009-06-19 14:29 . 2009-06-24 09:04 69912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcrlpx.dll
2009-06-19 14:29 . 2009-06-24 09:04 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-19 14:29 . 2009-06-24 09:04 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-06-19 14:29 . 2009-06-24 09:04 2807576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguires.dll
2009-06-19 14:29 . 2009-06-24 09:04 3401496 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-06-19 14:29 . 2009-06-24 09:04 1947928 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-06-18 10:52 . 2009-04-08 14:54 -------- d-----w- c:\program files\Belkin
2009-06-10 17:33 . 2006-04-08 12:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 17:33 . 2006-04-08 12:28 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 17:33 . 2006-04-08 12:28 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 17:33 . 2006-04-08 12:28 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 17:33 . 2006-04-08 12:28 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 17:33 . 2004-08-10 11:59 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 17:33 . 2004-08-10 11:59 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-05 10:42 . 2009-01-17 13:44 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-21 10:33 . 2009-01-23 02:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 05:15 . 2004-08-10 11:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 11:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 11:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 16:05 . 2009-04-08 16:05 152576 ----a-w- c:\documents and settings\Ruth\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 15:16 . 2009-01-17 09:52 76456 ----a-w- c:\documents and settings\Ruth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 15:00 . 2004-08-10 12:03 78635 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-12 22:44 . 2009-01-22 02:44 56 --sh--r- c:\windows\system32\B7C76F21C0.sys
2009-02-12 22:44 . 2009-01-22 02:44 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 16:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Steam"="c:\program files\steam\steam.exe" [2009-06-18 1217784]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-29 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053\Belkinwcui.exe [2007-7-2 1728512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 09:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Steam\\steamapps\\m3ntalboy\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien shooter - revisited\\AlienShooter.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien shooter 2 - reloaded\\AlienShooter.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\m3ntalboy\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\arma 2 demo\\ArmA2Demo.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/01/2009 11:07 327688]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [06/02/2009 22:24 298776]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [09/05/2007 01:03 503680]
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-07-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8232414192.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Live Help Messenger Desktop - c:\program files\Stardevelop Pty Ltd\Live Help Messenger Desktop\LiveMessengerDesktop.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 18:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-01 18:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-01 17:29

Pre-Run: 163,851,735,040 bytes free
Post-Run: 164,553,818,112 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

298 --- E O F --- 2009-06-26 16:10

Arctik · 01-Jul-2009, 01:32 PM #8

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:40, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\puppy.exe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tescop...eUploader5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7324 bytes

**Cookiegal** · 01-Jul-2009, 03:03 PM #9

Well the ws2_32.dll file was indeed infected and ComboFix has replaced it with a clean copy from the Service Pack files.

Open Notepad and copy and paste the text in the code box below into it:

Code:

File::
c:\windows\system32\26.tmp
c:\documents and settings\Ruth\Local Settings\Application Data\prvlcl.dat

Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Arctik · 01-Jul-2009, 03:33 PM **#10**

Ruth is my sister's directory. I hope it doesn't matter/affect the result in any way :P I ran them both exactly how you said. Below is combofix:

ComboFix 09-07-01.01 - Rob 01/07/2009 20:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.959 [GMT 1:00]
Running from: c:\documents and settings\Rob\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Ruth\Local Settings\Application Data\prvlcl.dat"
"c:\windows\system32\26.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ruth\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\26.tmp

.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 16:16 . 2009-07-01 16:16 -------- d-----w- c:\program files\File Shredder
2009-07-01 16:15 . 2009-07-01 16:15 -------- d-----w- c:\program files\Trend Micro
2009-07-01 12:58 . 2009-07-01 12:58 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-01 12:57 . 2009-07-01 12:58 91 --s-a-w- c:\windows\system32\1831221540.dat
2009-07-01 12:57 . 2009-07-01 12:57 51712 --sh--r- c:\windows\system32\1037a.exe
2009-06-30 10:55 . 2009-06-30 10:55 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\ArmA 2 Demo
2009-06-30 10:55 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-30 10:55 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-30 10:55 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-30 10:55 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-30 10:55 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-30 10:55 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-30 10:55 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-30 10:55 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-30 10:55 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-30 10:55 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-30 10:52 . 2009-06-30 10:52 -------- d-----w- c:\windows\Logs
2009-06-30 09:39 . 2009-06-30 09:39 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Adobe
2009-06-30 09:39 . 2009-06-30 09:39 -------- d-----w- c:\documents and settings\Rob\Application Data\AdobeUM
2009-06-29 16:49 . 2009-06-29 16:49 -------- d-sh--w- c:\documents and settings\Rob\IECompatCache
2009-06-29 14:11 . 2009-07-01 19:24 -------- d-----w- c:\documents and settings\Rob\Application Data\DNA
2009-06-29 14:11 . 2009-07-01 17:24 -------- d-----w- c:\program files\DNA
2009-06-29 14:11 . 2009-06-29 14:11 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\DNA
2009-06-29 14:11 . 2009-06-29 14:11 -------- d-----w- c:\program files\AskBarDis
2009-06-26 14:13 . 2009-06-26 14:43 -------- d-----w- c:\documents and settings\Rob\Application Data\Hamachi
2009-06-26 14:13 . 2009-06-26 14:13 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-26 13:02 . 2009-06-26 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-06-26 12:59 . 2009-06-04 15:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-26 12:59 . 2009-06-26 12:59 -------- d-----w- C:\NVIDIA
2009-06-26 12:41 . 2009-06-26 12:41 -------- d-----w- c:\program files\Microsoft Games
2009-06-26 09:31 . 2009-06-26 09:31 -------- d-----w- c:\program files\iPod
2009-06-26 09:31 . 2009-06-26 09:31 -------- d-----w- c:\program files\iTunes
2009-06-26 09:31 . 2009-06-26 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-26 09:29 . 2009-06-26 09:30 -------- d-----w- c:\program files\QuickTime
2009-06-26 09:27 . 2009-06-05 10:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-26 09:25 . 2009-06-26 09:25 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-26 09:24 . 2009-06-26 09:24 -------- d-----w- c:\program files\Bonjour
2009-06-26 09:23 . 2009-06-26 09:23 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Apple
2009-06-25 11:24 . 2009-06-25 11:24 -------- d-----w- c:\documents and settings\Rob\Application Data\Apple Computer
2009-06-25 11:23 . 2009-06-25 11:24 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Apple Computer
2009-06-24 09:03 . 2009-06-19 14:28 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-06-24 09:03 . 2009-06-19 14:29 11952 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-06-24 09:03 . 2009-06-19 14:29 486680 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-06-24 09:03 . 2009-06-19 14:29 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-06-24 09:01 . 2009-06-19 14:26 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-06-24 09:01 . 2009-06-19 14:26 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-24 09:01 . 2009-06-19 14:26 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-06-24 09:01 . 2009-06-19 14:26 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-06-22 20:08 . 2009-06-23 17:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-20 18:47 . 2009-06-22 14:17 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\stardevelop.com
2009-06-20 15:17 . 2009-06-29 18:30 -------- d-----w- c:\documents and settings\Rob\Application Data\FileZilla
2009-06-20 15:17 . 2009-06-20 15:17 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-20 14:34 . 2009-06-20 14:38 -------- d-----w- c:\documents and settings\Rob\Application Data\stardevelop.com
2009-06-19 21:58 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\Rob\Application Data\U3\temp\cleanup.exe
2009-06-19 18:33 . 2009-06-25 11:56 -------- d-----w- c:\documents and settings\Rob\Application Data\.purple
2009-06-19 18:32 . 2009-06-19 18:32 -------- d-----w- c:\program files\Common Files\GTK
2009-06-19 17:32 . 2009-06-19 17:32 -------- d-----w- c:\program files\Password Agent
2009-06-19 17:31 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\Rob\Application Data\U3\temp\Launchpad Removal.exe
2009-06-19 17:31 . 2009-06-19 17:31 -------- d-----w- c:\documents and settings\Rob\Application Data\U3
2009-06-19 17:28 . 2009-06-25 19:16 4742224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 17:23 . 2009-06-20 14:16 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-19 17:23 . 2009-06-19 17:23 -------- d-----w- c:\program files\Reference Assemblies
2009-06-19 17:22 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-19 15:26 . 2009-06-19 15:26 -------- d-----w- c:\program files\CCleaner
2009-06-19 15:25 . 2009-06-19 15:25 -------- d-----w- c:\documents and settings\Rob\Application Data\MSNInstaller
2009-06-19 15:23 . 2009-06-19 15:23 152576 ----a-w- c:\documents and settings\Rob\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-18 15:31 . 2009-06-20 14:34 76456 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 15:31 . 2009-06-18 15:31 126 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\fusioncache.dat
2009-06-18 12:42 . 2009-06-18 12:45 -------- d-----w- c:\documents and settings\Rob\Application Data\Ventrilo
2009-06-18 12:41 . 2009-06-18 12:41 -------- d-----w- c:\program files\Ventrilo
2009-06-18 12:41 . 2009-06-18 12:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 11:10 . 2009-07-01 19:05 -------- d-----w- c:\program files\Steam
2009-06-18 11:00 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-18 11:00 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 10:56 . 2009-07-01 18:08 -------- d-----w- c:\documents and settings\Rob\Tracing
2009-06-18 10:52 . 2009-06-18 10:52 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-18 10:51 . 2009-06-18 10:51 -------- d-----w- c:\windows\{1607E3B3-7E5C-42AD-86D7-83DF0ABF116E}
2009-06-18 10:48 . 2009-06-18 10:48 -------- d-----w- c:\program files\eConnect - HomePlug
2009-06-18 10:48 . 2004-04-26 17:53 94208 ----a-w- c:\windows\system32\PLCLIB.dll
2009-06-18 10:48 . 2004-04-26 17:21 17584 ----a-w- c:\windows\system32\PLCNDIS4.SYS
2009-06-18 10:48 . 2004-04-26 17:11 17280 ----a-w- c:\windows\system32\PLCNDIS5.SYS
2009-06-18 10:42 . 2009-06-18 10:42 -------- d-sh--w- c:\documents and settings\Rob\PrivacIE
2009-06-13 06:10 . 2009-06-13 06:10 -------- d-sh--w- c:\documents and settings\Ruth\IECompatCache
2009-06-10 17:33 . 2009-06-10 17:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 17:33 . 2009-06-10 17:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 17:33 . 2009-06-10 17:33 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 17:33 . 2009-06-10 17:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 07:28 . 2009-06-10 07:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 07:28 . 2009-06-10 07:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 07:28 . 2009-06-10 07:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 07:28 . 2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 07:28 . 2009-06-10 07:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 07:28 . 2009-06-10 07:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 07:28 . 2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 07:28 . 2009-06-10 07:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 12:52 . 2006-04-08 12:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 09:31 . 2009-01-17 13:44 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 12:05 . 2006-04-08 12:53 -------- d-----w- c:\program files\Roxio
2009-06-25 12:03 . 2006-04-08 12:46 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-24 09:03 . 2009-02-06 21:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 09:03 . 2009-01-17 10:07 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 09:03 . 2009-01-17 10:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 08:01 . 2009-01-17 13:31 -------- d-----w- c:\program files\Windows Live
2009-06-20 07:57 . 2009-01-23 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-19 17:28 . 2009-01-17 09:56 -------- d-----w- c:\program files\MSBuild
2009-06-19 15:26 . 2006-04-08 12:47 -------- d-----w- c:\program files\Microsoft Works
2009-06-19 15:24 . 2006-04-08 12:41 -------- d-----w- c:\program files\Java
2009-06-19 15:17 . 2006-04-08 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-19 15:17 . 2006-04-08 12:50 -------- d-----w- c:\program files\Common Files\AOL
2009-06-19 15:17 . 2009-06-18 10:41 -------- d-----w- c:\documents and settings\Rob\Application Data\AOL
2009-06-19 15:17 . 2009-01-17 07:36 -------- d-----w- c:\documents and settings\Ruth\Application Data\AOL
2009-06-19 15:15 . 2006-04-08 12:45 -------- d-----w- c:\program files\Dell
2009-06-19 14:40 . 2009-01-17 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-19 14:29 . 2009-06-24 09:04 325896 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-06-19 14:29 . 2009-06-24 09:04 692504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcsrvx.exe
2009-06-19 14:29 . 2009-06-24 09:04 382744 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgclitx.dll
2009-06-19 14:29 . 2009-06-24 09:04 417560 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcclix.dll
2009-06-19 14:29 . 2009-06-24 09:04 69912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcrlpx.dll
2009-06-19 14:29 . 2009-06-24 09:04 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-19 14:29 . 2009-06-24 09:04 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-06-19 14:29 . 2009-06-24 09:04 2807576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguires.dll
2009-06-19 14:29 . 2009-06-24 09:04 3401496 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-06-19 14:29 . 2009-06-24 09:04 1947928 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-06-18 10:52 . 2009-04-08 14:54 -------- d-----w- c:\program files\Belkin
2009-06-10 17:33 . 2006-04-08 12:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 17:33 . 2006-04-08 12:28 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 17:33 . 2006-04-08 12:28 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 17:33 . 2006-04-08 12:28 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 17:33 . 2006-04-08 12:28 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 17:33 . 2004-08-10 11:59 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 17:33 . 2004-08-10 11:59 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-05 10:42 . 2009-01-17 13:44 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-21 10:33 . 2009-01-23 02:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 05:15 . 2004-08-10 11:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 11:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 11:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 16:05 . 2009-04-08 16:05 152576 ----a-w- c:\documents and settings\Ruth\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 15:16 . 2009-01-17 09:52 76456 ----a-w- c:\documents and settings\Ruth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 15:00 . 2004-08-10 12:03 78635 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-12 22:44 . 2009-01-22 02:44 56 --sh--r- c:\windows\system32\B7C76F21C0.sys
2009-02-12 22:44 . 2009-01-22 02:44 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 16:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Steam"="c:\program files\steam\steam.exe" [2009-06-18 1217784]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-29 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053\Belkinwcui.exe [2007-7-2 1728512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 09:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Steam\\steamapps\\m3ntalboy\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien shooter - revisited\\AlienShooter.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien shooter 2 - reloaded\\AlienShooter.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\m3ntalboy\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\arma 2 demo\\ArmA2Demo.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/01/2009 11:07 327688]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [06/02/2009 22:24 298776]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [09/05/2007 01:03 503680]
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-07-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8232414192.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 20:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-01 20:31
ComboFix-quarantined-files.txt 2009-07-01 19:31
ComboFix2.txt 2009-07-01 17:29

Pre-Run: 164,483,239,936 bytes free
Post-Run: 164,479,635,456 bytes free

259 --- E O F --- 2009-06-26 16:10

Arctik · 01-Jul-2009, 03:34 PM **#11**

Below is HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:30, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Password Agent\PwAgent.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\puppy.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tescop...eUploader5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7342 bytes

I'd also like to say thanks for the time you have taken to help me, I'm sure there are plenty more things you could have been doing

. I don't know what I would have done without you lol.

**Cookiegal** · 01-Jul-2009, 03:49 PM **#12**

You're quite welcome.

I would like to check a specific file so please do this:

Go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/

c:\windows\system32\1037a.exe

Arctik · 01-Jul-2009, 03:56 PM **#13**

All of them came back as 'Found Nothing'

Does that mean I'm all good now? :P

**Cookiegal** · 01-Jul-2009, 04:02 PM **#14**

We're not finished yet.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Arctik · 01-Jul-2009, 04:10 PM **#15**

I have to go out now

I'll post the results of this tomorrow sometime. Sorry for the huge delay, but I won't be able to get to the PC for a while.
Again, thanks so much for all your help

Tag Cloud
access audio blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel excel 2003 firefox hard drive hardware hdmi hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router screen slow sound spyware tdlwsp.dll trojan upgrade video virus vista vundo windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: