Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Family Cyber Removal
Go to first new post Something is very wrong with pc it takes ...
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Tag Cloud
access acer asus bios bsod crash desktop driver drivers error ethernet excel freeze games gaming hard drive hardware hdmi internet laptop malware memory missing monitor motherboard network printer problem ram random registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Audio ads playing randomly (In Progress)

Reply  
Thread Tools
EddieG1's Avatar
Junior Member with 7 posts.
  
Join Date: Aug 2010
Experience: Intermediate
31-Aug-2010, 06:03 PM #1
Audio ads playing randomly
Hi,

Like a few others on here I have a problem with occasional adverts playing randomly on my my pc. Audio sound, no other physical appearance of an IE page or a file running through task manager. I *think* that if I browse via Chrome all is well but as soon as IE fires up for any reason that seems to trigger the ads to start running. PrimeScratchcards. com as a song is doing my head in !

So I hope you can help me get rid of the problem.

Included here are:
  • HijackThis log pasted below
  • DDS.txt file. pasted below
  • Attach.txt file. attached
  • ark.txt file pasted below
Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:25:22, on 31/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Virgin Media\Chat Extension\HsdService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Virgin Media\Digital Home Support\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Virgin Media Toolbar - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\PROGRA~1\VIRGIN~3\VIRGIN~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Virgin Media Toolbar - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\PROGRA~1\VIRGIN~3\VIRGIN~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [V Stuff Backup] "C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" /delayed
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} (SearchCD Control) - http://www.partsarena.com/baxi/Plugins/IMIESRCHie7.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} (GrafixViewControl) - http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
O16 - DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} (ViewDirector Object) - http://www.scotlandspeople.gov.uk/Viewers/ActiveXControl/viewdw32.ocx
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.ourcat.co.uk/bin/msnchat45.cab
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} (VM_1.VM_Control) - http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F13DDBD1-A104-41EC-870D-6269D93B92A9}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HsdService - Virgin Media - C:\Program Files\Virgin Media\Chat Extension\HsdService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\Digital Home Support\ServicepointService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 13802 bytes

....................................................................
DDS.txt


DDS (Ver_09-09-29.01) - FAT32x86
Run by Main at 21:20:21.18 on 31/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1503.328 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe 4
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Virgin Media\Chat Extension\HsdService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Virgin Media\Digital Home Support\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Main\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Virgin Media Toolbar: {a057a204-bacc-4d26-cfc3-3cecc9ab2eda} - c:\progra~1\virgin~3\VIRGIN~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Virgin Media Toolbar: {a057a204-bacc-4d26-cfc3-3cecc9ab2eda} - c:\progra~1\virgin~3\VIRGIN~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {A057A204-BACC-4D26-8590-3AAE8EEE749D} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {1B735B98-8010-11D5-AD0B-00500463D885} - hxxp://www.partsarena.com/baxi/Plugins/IMIESRCHie7.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} - hxxp://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} - hxxp://www.scotlandspeople.gov.uk/Viewers/ActiveXControl/viewdw32.ocx
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/53/install/gtdownls.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.ourcat.co.uk/bin/msnchat45.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
TCP: {F13DDBD1-A104-41EC-870D-6269D93B92A9} = 194.168.4.100,194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-30 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-8 29584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 HsdService;HsdService;c:\program files\virgin media\chat extension\HsdService.exe [2010-5-31 1410288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-5 304464]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\digital home support\ServicepointService.exe [2010-5-31 689392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-23 15008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-5 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\main\locals~1\temp\dmskssrh.sys --> c:\docume~1\main\locals~1\temp\DMSKSSRh.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-12-10 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2006-12-10 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2006-12-10 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2006-12-10 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-10 83344]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys --> c:\windows\system32\drivers\lgmcbus.sys [?]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys --> c:\windows\system32\drivers\lgmcmdfl.sys [?]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys --> c:\windows\system32\drivers\lgmcmdm.sys [?]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys --> c:\windows\system32\drivers\lgmcmgmt.sys [?]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys --> c:\windows\system32\drivers\lgmcobex.sys [?]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys --> c:\windows\system32\drivers\lgmcunic.sys [?]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-08-28 23:46 423,656 a------- c:\windows\system32\deployJava1.dll
2010-08-28 13:42 <DIR> --dsh--- C:\FOUND.000
2010-08-28 00:52 1,790 a------- c:\windows\system32\tmp.reg
2010-08-27 07:34 15,880 a------- c:\windows\system32\lsdelete.exe
2010-08-24 14:33 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2010-08-24 14:32 354,304 -------- c:\windows\system32\dllcache\srv.sys
2010-08-24 14:31 455,680 -------- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-24 14:31 471,552 -------- c:\windows\system32\dllcache\aclayers.dll
2010-08-24 14:31 744,448 -------- c:\windows\system32\dllcache\helpsvc.exe
2010-08-24 14:28 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2010-08-24 14:24 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2010-08-24 14:23 2,560 -------- c:\windows\system32\xpsp4res.dll
2010-08-24 14:23 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2010-08-24 14:10 <DIR> --d----- c:\windows\system32\scripting
2010-08-24 14:10 <DIR> --d----- c:\windows\system32\en
2010-08-24 14:10 <DIR> --d----- c:\windows\l2schemas
2010-08-24 14:10 <DIR> --d----- c:\windows\system32\bits
2010-08-24 14:06 1,374 a------- c:\windows\imsins.BAK
2010-08-24 14:03 <DIR> --d----- c:\windows\EHome
2010-08-24 13:22 4,274,816 -------- c:\windows\system32\nv4_disp.dll
2010-08-24 13:22 1,897,408 -------- c:\windows\system32\drivers\nv4_mini.sys
2010-08-24 13:22 1,888,992 -------- c:\windows\system32\ati3duag.dll
2010-08-24 13:22 1,737,856 -------- c:\windows\system32\mtxparhd.dll
2010-08-24 13:22 1,372,672 -------- c:\windows\system32\dllcache\msxml6.dll
2010-08-24 13:22 1,309,184 -------- c:\windows\system32\drivers\mtlstrm.sys
2010-08-24 13:22 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2010-08-24 13:22 870,784 -------- c:\windows\system32\ati3d1ag.dll
2010-08-24 13:22 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2010-08-05 17:40 664 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-08-24 14:12 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-07-30 22:45 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-07-27 07:30 8,462,336 -------- c:\windows\system32\dllcache\shell32.dll
2010-07-17 09:25 12,536 a------- c:\windows\system32\avgrsstx.dll
2010-07-17 09:24 216,400 a------- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 09:55 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2010-06-30 13:31 149,504 a------- c:\windows\system32\schannel.dll
2010-06-30 13:31 149,504 -------- c:\windows\system32\dllcache\schannel.dll
2010-06-24 17:51 11,077,120 -------- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 13:22 916,480 a------- c:\windows\system32\wininet.dll
2010-06-24 13:22 916,480 -------- c:\windows\system32\dllcache\wininet.dll
2010-06-24 13:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 13:22 5,951,488 -------- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 13:22 1,210,368 -------- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 13:22 611,840 -------- c:\windows\system32\dllcache\mstime.dll
2010-06-24 13:22 206,848 -------- c:\windows\system32\dllcache\occache.dll
2010-06-24 13:22 599,040 -------- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 13:22 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 13:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 13:21 1,986,560 -------- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 13:21 247,808 -------- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 13:21 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 13:21 743,424 -------- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 13:21 387,584 -------- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 14:44 1,851,904 a------- c:\windows\system32\win32k.sys
2010-06-23 14:44 1,851,904 -------- c:\windows\system32\dllcache\win32k.sys
2010-06-23 13:08 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-18 16:46 81 a------- C:\CTX.DAT
2010-06-18 14:36 3,558,912 a------- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:03 80,384 a------- c:\windows\system32\iccvid.dll
2010-06-14 15:31 744,448 a------- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-14 08:41 1,172,480 a------- c:\windows\system32\msxml3.dll
2010-06-14 08:41 1,172,480 a------- c:\windows\system32\dllcache\msxml3.dll
2007-11-10 19:28 87,608 a------- c:\docume~1\main\applic~1\ezpinst.exe
2007-11-10 19:28 47,360 a------- c:\docume~1\main\applic~1\pcouffin.sys
2007-01-11 12:55 24,192 a------- c:\documents and settings\main\usbsermptxp.sys
2007-01-11 12:55 22,768 a------- c:\documents and settings\main\usbsermpt.sys
2006-04-29 17:17 774,144 a------- c:\program files\RngInterstitial.dll
2006-01-26 12:24 400 a------- c:\docume~1\main\applic~1\wklnhst.dat

============= FINISH: 21:21:56.78 ===============
Ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 21:57:54
Windows 5.1.2600 Service Pack 3
Running: kjwobg08.exe; Driver: C:\DOCUME~1\Main\LOCALS~1\Temp\pgldqpow.sys

---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
Inc.) ZwAllocateVirtualMemory [0xBA210B30]
SSDT Lbd.sys (Boot Driver/Lavasoft AB)
ZwCreateKey [0xF764787E]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
Inc.) ZwCreateThread [0xBA2106F0]
SSDT sptd.sys
ZwEnumerateKey [0xF750584C]
SSDT sptd.sys
ZwEnumerateValueKey [0xF7505BEC]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
Inc.) ZwMapViewOfSection [0xBA210470]
SSDT sptd.sys
ZwOpenKey [0xF7500090]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
Inc.) ZwProtectVirtualMemory [0xBA210C50]
SSDT sptd.sys
ZwQueryKey [0xF7505CC4]
SSDT sptd.sys
ZwQueryValueKey [0xF7505B44]
SSDT Lbd.sys (Boot Driver/Lavasoft AB)
ZwSetValueKey [0xF7647BFE]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
Inc.) ZwShutdownSystem [0xBA210990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
Inc.) ZwTerminateProcess [0xBA2108D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
Inc.) ZwWriteVirtualMemory [0xBA210D60]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys
The process cannot access the file because it is being used by another process.
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS
entry point in "init" section [0xBA400900]
.text USBPORT.SYS!DllUnload
BA39A8AC 5 Bytes JMP 8A08F960
.text tcpip.sys!IPTransmit + 10FC
B6F50D3A 6 Bytes CALL BA7EBE50 Teefer.sys (Teefer Driver/Sygate Technologies,
Inc.)
.text tcpip.sys!IPTransmit + 2A52
B6F52690 6 Bytes CALL BA7EBE50 Teefer.sys (Teefer Driver/Sygate Technologies,
Inc.)
.text tcpip.sys!IPRegisterProtocol + 930
B6F68454 6 Bytes CALL BA7EBE50 Teefer.sys (Teefer Driver/Sygate Technologies,
Inc.)
.text wanarp.sys
BA1E33FD 7 Bytes CALL BA7EBFA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
? C:\WINDOWS\TEMP\pgldqpoc.sys
The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP
3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP
3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP
3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP
3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxExA
7E45085C 5 Bytes JMP 3E3E49D4
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP
3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP
3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360] USER32.dll!CallNextHookEx
7E42B3C6 5 Bytes JMP 3E2DD135
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP
3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes
JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP
3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP
3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360] USER32.dll!MessageBoxExA
7E45085C 5 Bytes JMP 3E3E49D4
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360] ole32.dll!CoCreateInstance
7750057E 5 Bytes JMP 3E2EDB80
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP
3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!DialogBoxParamW
7E4247AB 5 Bytes JMP 3E215501
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380]
USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP
3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!CallNextHookEx
7E42B3C6 5 Bytes JMP 3E2DD135
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!CreateWindowExW
7E42D0A3 5 Bytes JMP 3E2EDB24
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380]
USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes
JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380]
USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380]
USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!DialogBoxParamA
7E43B144 5 Bytes JMP 3E3E4B0C
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!MessageBoxExW
7E450838 5 Bytes JMP 3E3E4972
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!MessageBoxExA
7E45085C 5 Bytes JMP 3E3E49D4
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380]
USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380]
USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380] ole32.dll!CoCreateInstance
7750057E 5 Bytes JMP 3E2EDB80
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3380] ole32.dll!OleLoadFromStream
77529C85 5 Bytes JMP 3E3E4EF0
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + 6 7C90D0B4
4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + B 7C90D0B9
1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6
7C90D524 1 Byte [28]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6
7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + B
7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + 6 7C90D5A4
4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + B 7C90D5A9
1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + 6
7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + B
7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + 6
7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + B
7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + 6
7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + B
7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + 6
7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + B
7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + 6
7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + B
7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + 6
7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + B
7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + 6
7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + B
7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + 6
7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + B
7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + 6
7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + B
7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + 6
7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + B
7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6
7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6
7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + B
7C90DF19 1 Byte [E2]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP
3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP
3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264] USER32.dll!CallNextHookEx
7E42B3C6 5 Bytes JMP 3E2DD135
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP
3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes
JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP
3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP
3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264] USER32.dll!MessageBoxExA
7E45085C 5 Bytes JMP 3E3E49D4
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264] ole32.dll!CoCreateInstance
7750057E 5 Bytes JMP 3E2EDB80
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP
3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtCreateFile + 6 7C90D0B4
4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtCreateFile + B 7C90D0B9
1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + 6
7C90D524 1 Byte [28]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + 6
7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + B
7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenFile + 6 7C90D5A4
4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenFile + B 7C90D5A9
1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcess + 6
7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcess + B
7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessToken + 6
7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessToken + B
7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessTokenEx + 6
7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessTokenEx + B
7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThread + 6
7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThread + B
7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadToken + 6
7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadToken + B
7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadTokenEx + 6
7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadTokenEx + B
7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryAttributesFile + 6
7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryAttributesFile + B
7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryFullAttributesFile + 6
7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryFullAttributesFile + B
7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationFile + 6
7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationFile + B
7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationThread + 6
7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationThread + B
7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + 6
7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + 6
7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + B
7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + 6 7C90D0B4
4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + B 7C90D0B9
1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6
7C90D524 1 Byte [28]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6
7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + B
7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + 6 7C90D5A4
4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + B 7C90D5A9
1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + 6
7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + B
7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + 6
7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + B
7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + 6
7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + B
7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + 6
7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + B
7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + 6
7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + B
7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + 6
7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + B
7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + 6
7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + B
7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + 6
7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + B
7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + 6
7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + B
7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + 6
7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + B
7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6
7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6
7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Main\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + B
7C90DF19 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!DialogBoxParamW
7E4247AB 5 Bytes JMP 3E215501
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240]
USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP
3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!CallNextHookEx
7E42B3C6 5 Bytes JMP 3E2DD135
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!CreateWindowExW
7E42D0A3 5 Bytes JMP 3E2EDB24
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240]
USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes
JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240]
USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240]
USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!DialogBoxParamA
7E43B144 5 Bytes JMP 3E3E4B0C
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!MessageBoxExW
7E450838 5 Bytes JMP 3E3E4972
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!MessageBoxExA
7E45085C 5 Bytes JMP 3E3E49D4
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240]
USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240]
USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240] ole32.dll!CoCreateInstance
7750057E 5 Bytes JMP 3E2EDB80
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5240] ole32.dll!OleLoadFromStream
77529C85 5 Bytes JMP 3E3E4EF0
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!DialogBoxParamW
7E4247AB 5 Bytes JMP 3E215501
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!CreateWindowExW
7E42D0A3 5 Bytes JMP 3E2EDB24
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796]
USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796]
USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!DialogBoxParamA
7E43B144 5 Bytes JMP 3E3E4B0C
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxExW
7E450838 5 Bytes JMP 3E3E4972
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxExA
7E45085C 5 Bytes JMP 3E3E49D4
C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796]
USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5796]
USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs
8A19A980
Device \FileSystem\Fastfat \FatCdrom
8A5601D8
Device \Driver\Tcpip \Device\Ip
wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbohci \Device\USBPDO-0
8A08E980
Device \Driver\usbohci \Device\USBPDO-1
8A08E980
Device \Driver\usbohci \Device\USBPDO-2
8A08E980
Device \Driver\usbehci \Device\USBPDO-3
89F831D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F13DDBD1-A104-41EC-870D-6269D93B92A9}
89EB51D8
Device \Driver\Tcpip \Device\Tcp
wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp
Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\USBSTOR \Device\00000071
8A27D980
Device \Driver\Ftdisk \Device\HarddiskVolume1
8A4F41D8
Device \Driver\Ftdisk \Device\HarddiskVolume2
8A4F41D8
Device \Driver\Cdrom \Device\CdRom0
8A08B5C0
Device \Driver\USBSTOR \Device\00000072
8A27D980
Device \Driver\Ftdisk \Device\HarddiskVolume3
8A4F41D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3
[F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX,
[ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0
[F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX,
[ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1
[F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX,
[ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e
[F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX,
[ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4
8A4F41D8
Device \Driver\USBSTOR \Device\00000074
8A27D980
Device \Driver\USBSTOR \Device\00000075
8A27D980
Device \Driver\USBSTOR \Device\00000076
8A27D980
Device \Driver\NetBT \Device\NetBt_Wins_Export
89EB51D8
Device \Driver\USBSTOR \Device\00000077
8A27D980
Device \Driver\USBSTOR \Device\00000078
8A27D980
Device \Driver\USBSTOR \Device\00000079
8A27D980
Device \Driver\NetBT \Device\NetbiosSmb
89EB51D8
Device \Driver\Tcpip \Device\Udp
wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp
wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbohci \Device\USBFDO-0
8A08E980
Device \Driver\usbohci \Device\USBFDO-1
8A08E980
Device \Driver\USBSTOR \Device\0000006d
8A27D980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver
89C831D8
Device \Driver\usbohci \Device\USBFDO-2
8A08E980
Device \Driver\Tcpip \Device\IPMULTICAST
wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbehci \Device\USBFDO-3
89F831D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector
89C831D8
Device \Driver\Ftdisk \Device\FtControl
8A4F41D8
Device \FileSystem\Fastfat \Fat
8A5601D8
AttachedDevice \FileSystem\Fastfat \Fat
fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs
8A1746F0
---- Processes - GMER 1.0.15 ----
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** )
1116

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** )
3360

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )
3380
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** )
4264

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )
5240
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )
5796
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1
821321661
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2
-745569455
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0
1
Reg
HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04

Reg
HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04
@h0 0
Reg
HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04
@ujdew 0x51 0x94 0x3C 0x3B ...
Reg
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4 (not
active ControlSet)
Reg
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@h
0 0
Reg
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@uj
dew 0x51 0x94 0x3C 0x3B ...
Reg
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4 (not
active ControlSet)
Reg
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@h
0 0
Reg
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@uj
dew 0x51 0x94 0x3C 0x3B ...
---- EOF - GMER 1.0.15 ----


End of information. Do let me know if you need anything further.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Register for free to hide this ad!
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
01-Sep-2010, 08:28 AM #2
Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
__________________
Microsoft MVP - 2010, 2011
EddieG1's Avatar
Junior Member with 7 posts.
  
Join Date: Aug 2010
Experience: Intermediate
01-Sep-2010, 05:23 PM #3
Sorry, I ran combofix but it seemed to stall. It got throigh to stage 50 completed and then said delteting Windows /XXX/ Temp files (I can't recall exactly which) But then it froze. I was careful not to click anywhere.

The warning above says not to try to run again but to report back. There was a message from Combofix earlier in process saying that Master Boot Record was infected. No sign of any log file. Recommended next steps?
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
01-Sep-2010, 07:34 PM #4
please look and see if a log was generated, it will be at C:\Combofix.txt

If there is no log,

tap into safe mode and run it from safe mode. if it needs to reboot, make sure you go back into safe mode so it will produce a log.

To enter safe mode > reboot and tap F8 repeatedly until a advanced menu appears > arrow up to safe mode


(if combofix asks to update itself > allow it to do so)
__________________
Microsoft MVP - 2010, 2011
EddieG1's Avatar
Junior Member with 7 posts.
  
Join Date: Aug 2010
Experience: Intermediate
02-Sep-2010, 04:03 PM #5
Hi - Re run in Safe mode as above. Text of log pasted below. Thanks for your help.

Do let me know what the next steps are.

ComboFix 10-09-01.02 - Main 02/09/2010 19:27:20.3.1 - FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1503.1108 [GMT 1:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.
2010-08-28 22:46 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 12:42 . 2010-08-28 12:42 -------- d-----w- C:\FOUND.000
2010-08-27 06:34 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-25 19:40 . 2010-08-25 19:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-08-25 07:19 . 2010-08-25 07:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\qganeekov
2010-08-25 07:19 . 2010-08-25 07:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-24 13:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-08-24 13:32 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-08-24 13:31 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-24 13:31 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-24 13:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-24 13:28 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-08-24 13:24 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-08-24 13:23 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-24 13:23 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\scripting
2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\en
2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\l2schemas
2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\bits
2010-08-24 13:03 . 2010-08-24 13:03 -------- d-----w- c:\windows\EHome
2010-08-24 12:22 . 2008-04-14 00:12 4274816 ------w- c:\windows\system32\nv4_disp.dll
2010-08-24 12:22 . 2008-04-14 00:11 1888992 ------w- c:\windows\system32\ati3duag.dll
2010-08-24 12:22 . 2008-04-13 16:34 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2010-08-24 12:22 . 2008-04-14 00:12 1737856 ------w- c:\windows\system32\mtxparhd.dll
2010-08-24 12:22 . 2009-07-31 09:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-08-24 12:22 . 2008-04-13 18:23 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2010-08-24 12:22 . 2008-04-13 18:23 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-08-24 12:22 . 2008-04-14 00:11 870784 ------w- c:\windows\system32\ati3d1ag.dll
2010-08-24 12:22 . 2008-04-13 16:34 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-08-05 16:40 . 2010-08-05 16:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 13:13 . 2010-08-04 13:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-08-04 13:12 . 2010-08-04 13:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 22:47 . 2010-08-28 22:47 503808 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\msvcp71.dll
2010-08-28 22:47 . 2010-08-28 22:47 499712 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\jmc.dll
2010-08-28 22:47 . 2010-08-28 22:47 348160 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\msvcr71.dll
2010-08-28 22:47 . 2010-08-28 22:47 61440 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-487dce57-n\decora-sse.dll
2010-08-28 22:47 . 2010-08-28 22:47 12800 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-487dce57-n\decora-d3d.dll
2010-08-28 15:19 . 2010-07-29 22:03 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-28 15:18 . 2010-07-29 22:03 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-24 17:13 . 2006-01-23 21:38 111792 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-24 13:12 . 2005-04-19 10:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-22 17:04 . 2010-08-03 13:14 452104 ----a-w- c:\documents and settings\Main\Application Data\Real\Update\setup3.12\setup.exe
2010-07-30 21:45 . 2010-07-30 21:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-30 21:02 . 2010-07-30 21:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-30 21:01 . 2010-07-30 21:01 -------- d-----w- c:\program files\Lavasoft
2010-07-30 21:01 . 2010-07-30 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-29 22:03 . 2010-07-29 22:03 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-29 22:02 . 2010-07-29 22:02 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-07-29 22:02 . 2010-07-29 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 22:01 . 2010-07-29 22:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 21:48 . 2010-07-29 21:48 388096 ----a-r- c:\documents and settings\Main\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-29 21:48 . 2010-07-29 21:48 -------- d-----w- c:\program files\Trend Micro
2010-07-22 09:50 . 2010-07-22 09:50 -------- d-----w- c:\program files\iPod
2010-07-22 09:49 . 2010-07-22 09:49 -------- d-----w- c:\program files\iTunes
2010-07-22 09:32 . 2010-07-22 09:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-22 08:12 . 2010-07-22 08:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-07-22 06:25 . 2010-07-22 06:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\VIRGINMEDIATOOLBAR
2010-07-21 17:03 . 2010-07-21 17:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\VIRGINMEDIATOOLBAR
2010-07-21 12:50 . 2010-07-21 12:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VIRGINMEDIATOOLBAR
2010-07-17 08:25 . 2010-07-17 08:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 08:24 . 2010-04-08 21:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 08:56 . 2010-07-30 21:02 2979280 ----a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-07-30 21:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-01 22:47 . 2010-03-09 17:08 439816 ----a-w- c:\documents and settings\Main\Application Data\Real\Update\setup3.10\setup.exe
2010-07-01 09:17 . 2010-07-01 09:17 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-30 12:31 . 2005-04-19 10:28 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-04-19 10:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2005-04-19 10:28 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 11:42 . 2010-06-23 11:42 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb86A.tmp.exe
2010-06-21 15:27 . 2005-04-19 10:28 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:46 . 2010-06-18 15:46 81 ----a-w- C:\CTX.DAT
2010-06-17 14:03 . 2005-04-19 10:28 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-04-19 10:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-14 07:41 . 2005-04-19 10:28 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-04-29 16:17 . 2006-04-29 16:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-10-02 22:07 . 2007-07-27 20:37 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-10-02 22:07 . 2007-07-27 20:37 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-10-02 22:07 . 2007-07-27 20:37 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-10-02 22:07 . 2007-07-27 20:37 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-10-02 22:07 . 2007-07-27 20:37 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2010-01-19 8262928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2005-03-17 106496]
"SoundMan"="SOUNDMAN.EXE" [2005-03-17 67584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-08 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_Active X.exe" [2010-07-03 231888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 08:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 11:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 12:49 136176 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 06:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 04:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2008-07-08 17:53 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-07-15 00:07 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-09-13 12:31 22880040 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-24 09:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-07-08 17:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"kdx"=c:\program files\Kontiki\KHost.exe -all
"Google Update"="c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"HsdClient.exe"="c:\program files\Virgin Media\Chat Extension\HsdClient.exe" /AUTORUN
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DigitalHomeSupport.exe"="c:\program files\Virgin Media\Digital Home Support\DigitalHomeSupport.exe" /AUTORUN
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Main\\Desktop\\Music & DVD\\utorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Virgin Media\\Digital Home Support\\ServicepointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"7338:TCP"= 7338:TCPpLive
"3915:UDP"= 3915:UDPpLive
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/07/2010 22:46 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 09:55 1355416]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/04/2010 22:20 216400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 09:25 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2010 23:36 135664]
S2 HsdService;HsdService;c:\program files\Virgin Media\Chat Extension\HsdService.exe [31/05/2010 13:59 1410288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/06/2010 17:06 304464]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Digital Home Support\ServicepointService.exe [31/05/2010 13:58 689392]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:05 1021256]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\Main\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\Main\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [10/12/2006 18:09 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [10/12/2006 18:09 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [10/12/2006 18:09 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [10/12/2006 18:09 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [10/12/2006 18:09 83344]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys --> c:\windows\system32\DRIVERS\lgmcbus.sys [?]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys --> c:\windows\system32\DRIVERS\lgmcmdfl.sys [?]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys --> c:\windows\system32\DRIVERS\lgmcmdm.sys [?]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys --> c:\windows\system32\DRIVERS\lgmcmgmt.sys [?]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys --> c:\windows\system32\DRIVERS\lgmcobex.sys [?]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys --> c:\windows\system32\DRIVERS\lgmcunic.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/06/2010 17:06 20952]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2006 12:23 639224]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849584960-738971770-2466402417-1006Core.job
- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 12:49]
2010-09-02 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 21:48]
2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:36]
2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {F13DDBD1-A104-41EC-870D-6269D93B92A9} = 194.168.4.100,194.168.8.100
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\udu11bgl.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-8590-3AAE8EEE749D} - (no file)
MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
MSConfigStartUp-NI - c:\windows\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
MSConfigStartUp-ppmate - c:\program files\PPMate\PPMate\ppmate.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TuneUp MemOptimizer - c:\program files\TuneUp Utilities 2007\MemOptimizer.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 19:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,05,1a,23,9f,de,e9,4e,87,6b,53, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,05,1a,23,9f,de,e9,4e,87,6b,53, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_Ac tiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
- - - - - - - > 'explorer.exe'(1740)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-09-02 19:43:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-02 18:43
Pre-Run: 4,572,577,792 bytes free
Post-Run: 4,462,641,152 bytes free
- - End Of File - - B859A11183A6BD3E6EB2572FE2A7AFAE
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
02-Sep-2010, 06:31 PM #6
Hi

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
http://forums.techguy.org/virus-other-malware-removal/947014-audio-ads-playing-randomly.html#post7580004

Collect::
c:\docume~1\Main\LOCALS~1\Temp\DMSKSSRh.sys

Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\qganeekov

Driver::
DMSKSSRh
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista/Win7 users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
__________________
Microsoft MVP - 2010, 2011
EddieG1's Avatar
Junior Member with 7 posts.
  
Join Date: Aug 2010
Experience: Intermediate
02-Sep-2010, 07:31 PM #7
1) CF script run in Combofix. Log pasted below

2) MBAM scan complete - all clear - Log pasted below.

3) Kaspersky - not run. Kaspersky site says I need Java Framework 1.5 or later and won;t progress to run without that. Following their link to Java takes me to Java site where their online analysis says:
Your Java is working, Latest Java installed.
Your Java configuration is as follows: Vendor: Sun Microsystems Inc. Version: Java 6 Update 21 Operating System: Windows XP 5.1 Architecture: x86

So I'm not clear on how to deal with that Java point. Any advice or is there a different scanner to use for a further check?

Thanks again for the help, Logs follow.


ComboFix 10-09-01.02 - Main 02/09/2010 22:39:02.4.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1503.772 [GMT 1:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Application Data\qganeekov

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMSKSSRH
-------\Service_DMSKSSRh


((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-28 22:47 . 2010-08-28 22:47 503808 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\msvcp71.dll
2010-08-28 22:47 . 2010-08-28 22:47 499712 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\jmc.dll
2010-08-28 22:47 . 2010-08-28 22:47 348160 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\msvcr71.dll
2010-08-28 22:47 . 2010-08-28 22:47 61440 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-487dce57-n\decora-sse.dll
2010-08-28 22:47 . 2010-08-28 22:47 12800 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-487dce57-n\decora-d3d.dll
2010-08-28 22:46 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 12:42 . 2010-08-28 12:42 -------- d-----w- C:\FOUND.000
2010-08-27 06:34 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-25 19:40 . 2010-08-25 19:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-08-25 07:19 . 2010-08-25 07:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-24 13:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-08-24 13:32 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-08-24 13:31 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-24 13:31 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-24 13:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-24 13:28 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-08-24 13:24 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-08-24 13:23 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-24 13:23 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\scripting
2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\en
2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\l2schemas
2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\bits
2010-08-24 13:03 . 2010-08-24 13:03 -------- d-----w- c:\windows\EHome
2010-08-24 12:22 . 2008-04-14 00:12 4274816 ------w- c:\windows\system32\nv4_disp.dll
2010-08-24 12:22 . 2008-04-14 00:11 1888992 ------w- c:\windows\system32\ati3duag.dll
2010-08-24 12:22 . 2008-04-13 16:34 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2010-08-24 12:22 . 2008-04-14 00:12 1737856 ------w- c:\windows\system32\mtxparhd.dll
2010-08-24 12:22 . 2009-07-31 09:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-08-24 12:22 . 2008-04-13 18:23 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2010-08-24 12:22 . 2008-04-13 18:23 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-08-24 12:22 . 2008-04-14 00:11 870784 ------w- c:\windows\system32\ati3d1ag.dll
2010-08-24 12:22 . 2008-04-13 16:34 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-08-05 16:40 . 2010-08-05 16:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 13:13 . 2010-08-04 13:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-08-04 13:12 . 2010-08-04 13:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 15:19 . 2010-07-29 22:03 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-28 15:18 . 2010-07-29 22:03 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-24 17:13 . 2006-01-23 21:38 111792 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-24 13:12 . 2005-04-19 10:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-22 17:04 . 2010-08-03 13:14 452104 ----a-w- c:\documents and settings\Main\Application Data\Real\Update\setup3.12\setup.exe
2010-07-30 21:45 . 2010-07-30 21:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-30 21:02 . 2010-07-30 21:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-30 21:01 . 2010-07-30 21:01 -------- d-----w- c:\program files\Lavasoft
2010-07-30 21:01 . 2010-07-30 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-29 22:03 . 2010-07-29 22:03 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-29 22:02 . 2010-07-29 22:02 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-07-29 22:02 . 2010-07-29 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 22:01 . 2010-07-29 22:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 21:48 . 2010-07-29 21:48 388096 ----a-r- c:\documents and settings\Main\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-29 21:48 . 2010-07-29 21:48 -------- d-----w- c:\program files\Trend Micro
2010-07-22 09:50 . 2010-07-22 09:50 -------- d-----w- c:\program files\iPod
2010-07-22 09:49 . 2010-07-22 09:49 -------- d-----w- c:\program files\iTunes
2010-07-22 09:32 . 2010-07-22 09:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-22 08:12 . 2010-07-22 08:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-07-22 06:25 . 2010-07-22 06:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\VIRGINMEDIATOOLBAR
2010-07-21 17:03 . 2010-07-21 17:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\VIRGINMEDIATOOLBAR
2010-07-21 12:50 . 2010-07-21 12:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VIRGINMEDIATOOLBAR
2010-07-17 08:25 . 2010-07-17 08:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 08:24 . 2010-04-08 21:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 08:56 . 2010-07-30 21:02 2979280 ----a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-07-30 21:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-01 22:47 . 2010-03-09 17:08 439816 ----a-w- c:\documents and settings\Main\Application Data\Real\Update\setup3.10\setup.exe
2010-07-01 09:17 . 2010-07-01 09:17 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-30 12:31 . 2005-04-19 10:28 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-04-19 10:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2005-04-19 10:28 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 11:42 . 2010-06-23 11:42 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb86A.tmp.exe
2010-06-21 15:27 . 2005-04-19 10:28 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:46 . 2010-06-18 15:46 81 ----a-w- C:\CTX.DAT
2010-06-17 14:03 . 2005-04-19 10:28 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-04-19 10:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-14 07:41 . 2005-04-19 10:28 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-04-29 16:17 . 2006-04-29 16:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-10-02 22:07 . 2007-07-27 20:37 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-10-02 22:07 . 2007-07-27 20:37 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-10-02 22:07 . 2007-07-27 20:37 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-10-02 22:07 . 2007-07-27 20:37 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-10-02 22:07 . 2007-07-27 20:37 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-02_18.36.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-02 21:46 . 2010-09-02 21:46 16384 c:\windows\temp\Perflib_Perfdata_770.dat
+ 2010-09-02 18:51 . 2010-09-02 18:51 16384 c:\windows\temp\Perflib_Perfdata_6e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2010-01-19 8262928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2005-03-17 106496]
"SoundMan"="SOUNDMAN.EXE" [2005-03-17 67584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-08 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_Active X.exe" [2010-07-03 231888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 08:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 11:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 12:49 136176 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 06:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 04:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2008-07-08 17:53 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-07-15 00:07 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-09-13 12:31 22880040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-24 09:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-07-08 17:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"kdx"=c:\program files\Kontiki\KHost.exe -all
"Google Update"="c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"HsdClient.exe"="c:\program files\Virgin Media\Chat Extension\HsdClient.exe" /AUTORUN
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DigitalHomeSupport.exe"="c:\program files\Virgin Media\Digital Home Support\DigitalHomeSupport.exe" /AUTORUN
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Main\\Desktop\\Music & DVD\\utorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Virgin Media\\Digital Home Support\\ServicepointService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"7338:TCP"= 7338:TCPpLive
"3915:UDP"= 3915:UDPpLive

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/07/2010 22:46 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/04/2010 22:20 216400]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 09:25 308136]
R2 HsdService;HsdService;c:\program files\Virgin Media\Chat Extension\HsdService.exe [31/05/2010 13:59 1410288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 09:55 1355416]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/06/2010 17:06 304464]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Digital Home Support\ServicepointService.exe [31/05/2010 13:58 689392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/06/2010 17:06 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2010 23:36 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [10/12/2006 18:09 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [10/12/2006 18:09 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [10/12/2006 18:09 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [10/12/2006 18:09 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [10/12/2006 18:09 83344]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys --> c:\windows\system32\DRIVERS\lgmcbus.sys [?]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys --> c:\windows\system32\DRIVERS\lgmcmdfl.sys [?]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys --> c:\windows\system32\DRIVERS\lgmcmdm.sys [?]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys --> c:\windows\system32\DRIVERS\lgmcmgmt.sys [?]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys --> c:\windows\system32\DRIVERS\lgmcobex.sys [?]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys --> c:\windows\system32\DRIVERS\lgmcunic.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2006 12:23 639224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849584960-738971770-2466402417-1006Core.job
- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 12:49]

2010-09-02 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 21:48]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:36]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {F13DDBD1-A104-41EC-870D-6269D93B92A9} = 194.168.4.100,194.168.8.100
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\udu11bgl.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 22:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,05,1a,23,9f,de,e9,4e,87,6b,53, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,05,1a,23,9f,de,e9,4e,87,6b,53, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_Ac tiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(408)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(932)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\smc.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\VirginMedia\V Stuff Backup\AGMailAgent.exe
.
**************************************************************************
.
Completion time: 2010-09-02 22:52:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-02 21:52
ComboFix2.txt 2010-09-02 18:43

Pre-Run: 4,365,025,280 bytes free
Post-Run: 4,366,598,144 bytes free

- - End Of File - - 3CA3A33278DA52810310296087497E9F


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4532

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/09/2010 23:06:10
mbam-log-2010-09-02 (23-06-10).txt

Scan type: Quick scan
Objects scanned: 139890
Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


End of logs.
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
02-Sep-2010, 08:21 PM #8
It appears the MBR is not being fixed properly, so we will need to do it in the recovery console,

please do the following:

Earlier on ComboFix installed the Recovery Console. We're going to use that now.

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)





When you get to the above screen, take note of the number that references your operating system.
If it's '1' like the picture above, type 1 and press Enter



Next type FIXMBR



If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.



NEXT

Please run MBRCheck and post the log

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.
__________________
Microsoft MVP - 2010, 2011
EddieG1's Avatar
Junior Member with 7 posts.
  
Join Date: Aug 2010
Experience: Intermediate
03-Sep-2010, 03:52 AM #9
1) FixMBR completed

2) MBRcheck run - Log details posted below, seemed all ok.

3) For info - Kaspersky online scan will run if I launch from Firefox rather than IE. I haven't run yet but can try if that helps.

Thanks again for help


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000006fc

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltmgr.sys
0xF748E000 sr.sys
0xF7647000 Lbd.sys
0xF7657000 PxHelp20.sys
0xF746A000 Fastfat.sys
0xF7453000 KSecDD.sys
0xF7426000 NDIS.sys
0xF7667000 uagp35.sys
0xF786A000 Teefer.sys
0xF7850000 Mup.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA50B000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xBA4F7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA4D4000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7727000 \SystemRoot\system32\drivers\gearaspiwdm.sys
0xBA415000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xBA3F1000 \SystemRoot\system32\drivers\portcls.sys
0xF7587000 \SystemRoot\system32\drivers\drmk.sys
0xBA38F000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xF772F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xBA36B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7737000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF773F000 \SystemRoot\system32\DRIVERS\sisnic.sys
0xBA235000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7747000 \SystemRoot\System32\Drivers\Modem.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7577000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7933000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA221000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7567000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7757000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5AC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7557000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7937000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA20A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7547000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7537000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF775F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF776F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7527000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF7517000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF798B000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA10C000 \SystemRoot\system32\DRIVERS\update.sys
0xF793F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7507000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA740000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF798D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA7E8000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF798F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA58F000 \SystemRoot\System32\Drivers\Null.SYS
0xF7991000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7787000 \SystemRoot\System32\drivers\vga.sys
0xF7993000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7995000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7797000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7D8000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB7061000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF7697000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB7008000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6FE0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF76A7000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xB6F96000 \SystemRoot\System32\drivers\afd.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA7CC000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xB6F74000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF779F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB6F49000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6ED9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1FA000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6E13000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA4D0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA1CA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77B7000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB6DDF000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA4CC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA4C8000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB6D2A000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xF7887000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA4B0000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77CF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A68000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA4B8000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB6B2A000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys
0xB6A86000 \SystemRoot\SYSTEM32\Drivers\wg4n.sys
0xB6A82000 \SystemRoot\SYSTEM32\Drivers\wg5n.sys
0xB6A7E000 \SystemRoot\SYSTEM32\Drivers\wg6n.sys
0xB677D000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6ACA000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6294000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA703000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
324 C:\WINDOWS\System32\SMSS.EXE
380 CSRSS.EXE
404 C:\WINDOWS\System32\WINLOGON.EXE
448 C:\WINDOWS\System32\SERVICES.EXE
460 C:\WINDOWS\System32\LSASS.EXE
608 C:\WINDOWS\System32\SVCHOST.EXE
672 SVCHOST.EXE
752 C:\WINDOWS\System32\SVCHOST.EXE
788 C:\Program Files\Sygate\SPF\Smc.exe
848 C:\Program Files\AVG\AVG9\AVGCHSVX.EXE
856 C:\Program Files\AVG\AVG9\AVGRSX.EXE
976 C:\Program Files\AVG\AVG9\AVGCSRVX.EXE
992 SVCHOST.EXE
1188 SVCHOST.EXE
1248 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1400 C:\WINDOWS\EXPLORER.EXE
1456 C:\WINDOWS\System32\SPOOLSV.EXE
2032 C:\WINDOWS\SOUNDMAN.EXE
152 C:\WINDOWS\AGRSMMSG.EXE
200 C:\Program Files\AVG\AVG9\AVGTRAY.EXE
300 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
308 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
344 C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
360 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1036 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1076 C:\Program Files\AVG\AVG9\AVGWDSVC.EXE
1148 C:\Program Files\Bonjour\mDNSResponder.exe
1560 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
824 C:\Program Files\Virgin Media\Chat Extension\HsdService.exe
1748 C:\Program Files\Java\JRE6\BIN\JQS.EXE
1764 C:\Program Files\Kontiki\KService.exe
1060 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1968 C:\Program Files\Virgin Media\Digital Home Support\ServicepointService.exe
2064 C:\WINDOWS\System32\SVCHOST.EXE
2104 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2172 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
2584 C:\WINDOWS\System32\WUAUCLT.EXE
3132 wmiprvse.exe
3384 C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3404 unsecapp.exe
3444 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
3512 C:\WINDOWS\System32\wscntfy.exe
3784 alg.exe
4052 wmiprvse.exe
364 C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
832 C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2140 C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2912 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2984 C:\Documents and Settings\Main\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`a2864c00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-22JHC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
03-Sep-2010, 06:34 AM #10
Good

that has fixed it now

Yes please give Kaspersky a try

thanks
EddieG1's Avatar
Junior Member with 7 posts.
  
Join Date: Aug 2010
Experience: Intermediate
03-Sep-2010, 02:41 PM #11
Hi,

Phew Kapersky scan took quite some time. Looks to have identified a few though. Log posted below.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 3, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 03, 2010 04:34:02
Records in database: 4183404
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\

Scan statistics:
Objects scanned: 94548
Threats found: 8
Infected objects found: 16
Suspicious objects found: 0
Scan duration: 07:20:45


File name / Threat / Threats count
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\4\66698d04-72ec0897 Infected: Trojan-Downloader.Java.Agent.gv 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\4\66698d04-72ec0897 Infected: Trojan-Downloader.Java.Agent.gw 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\4\66698d04-72ec0897 Infected: Trojan-Downloader.Java.Agent.gu 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\20\230cfb94-3a587274 Infected: Exploit.Java.CVE-2010-0094.a 2
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\20\230cfb94-3a587274 Infected: Trojan-Downloader.JS.Agent.fns 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\20\3af7b714-385491e6 Infected: Exploit.Java.CVE-2009-3867.e 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\29\6095321d-4368541a Infected: Exploit.Java.CVE-2009-3867.e 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\49\100cc2b1-1a002acc Infected: Exploit.Java.CVE-2010-0094.a 2
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\49\100cc2b1-1a002acc Infected: Trojan-Downloader.JS.Agent.fns 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\62\9c6417e-1fcc87a7 Infected: Trojan-Downloader.Java.Agent.gv 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\62\9c6417e-1fcc87a7 Infected: Trojan-Downloader.Java.Agent.gw 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\62\9c6417e-1fcc87a7 Infected: Trojan-Downloader.Java.Agent.gu 1
C:\Program Files\DVDFab 5\DVDFab.exe Infected: Trojan.Win32.Agent.dyvq 1
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1

Selected area has been scanned.
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
03-Sep-2010, 06:13 PM #12
Hi

Kaspersky has identified this file as infected, if it is in your Add/Remove programs uninstall it, if not > navigate to the DVDFab 5 folder and delete it

C:\Program Files\DVDFab 5\DVDFab.exe

The other items are in java cache which we can empty



Please do the following:
  • Hold down the Windows key and press R to open a run box
  • type the following text into the run box
    appwiz.cpl
  • This will open your Add or Remove Programs
  • A list of installed programs will populate
  • Remove the following program:

J2SE Runtime Environment 5.0 Update 6

NEXT

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.3)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

You can delete the MBRCheck, DDS and GMER logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.






If there are any logs/tools remaining > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________
Microsoft MVP - 2010, 2011
EddieG1's Avatar
Junior Member with 7 posts.
  
Join Date: Aug 2010
Experience: Intermediate
03-Sep-2010, 06:44 PM #13
Hi Catbyte,

Thanks for that latest update, instructions and advice. I've gone through all the actions and am just working my way through the advisory parts now. TFC about to run. I just thought I'd confirm all done first and say thanks for all your help. It feels great to have that all fixed and I really do appreciate your guidance to get me there.

Cheers!

EddieG
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
03-Sep-2010, 07:04 PM #14
You are welcome

stay safe

~CB
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Random Audio Ads playing on my computer (2nd attempted removal) stompydon Virus & Other Malware Removal 1 08-Aug-2010 01:03 AM
Audio ads playing in the background Oats16 Virus & Other Malware Removal 1 04-Mar-2010 07:58 PM
Audio ads playing in background sutefaniidesu Virus & Other Malware Removal 15 15-Jan-2010 06:03 PM
Audios Ads No Browser open nigeljs Virus & Other Malware Removal 0 27-Nov-2009 09:06 PM
Need help with random audio ads/search engine redirect/pop ups/slowed internet rwrocks247 Virus & Other Malware Removal 0 08-Aug-2009 06:31 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 03:28 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.