1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audio ads playing randomly

Discussion in 'Virus & Other Malware Removal' started by EddieG1, Aug 31, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. EddieG1

    EddieG1 Thread Starter

    Joined:
    Aug 31, 2010
    Messages:
    7
    Hi,

    Like a few others on here I have a problem with occasional adverts playing randomly on my my pc. Audio sound, no other physical appearance of an IE page or a file running through task manager. I *think* that if I browse via Chrome all is well but as soon as IE fires up for any reason that seems to trigger the ads to start running. PrimeScratchcards. com as a song is doing my head in !

    So I hope you can help me get rid of the problem.

    Included here are:
    • HijackThis log pasted below
    • DDS.txt file. pasted below
    • Attach.txt file. attached
    • ark.txt file pasted below
    Hijack This:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:25:22, on 31/08/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Virgin Media\Chat Extension\HsdService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Virgin Media\Digital Home Support\ServicepointService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Virgin Media Toolbar - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\PROGRA~1\VIRGIN~3\VIRGIN~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Virgin Media Toolbar - {A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - C:\PROGRA~1\VIRGIN~3\VIRGIN~1.DLL
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [V Stuff Backup] "C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" /delayed
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} (SearchCD Control) - http://www.partsarena.com/baxi/Plugins/IMIESRCHie7.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} (GrafixViewControl) - http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
    O16 - DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} (ViewDirector Object) - http://www.scotlandspeople.gov.uk/Viewers/ActiveXControl/viewdw32.ocx
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.ourcat.co.uk/bin/msnchat45.cab
    O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} (VM_1.VM_Control) - http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F13DDBD1-A104-41EC-870D-6269D93B92A9}: NameServer = 194.168.4.100,194.168.8.100
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HsdService - Virgin Media - C:\Program Files\Virgin Media\Chat Extension\HsdService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\Digital Home Support\ServicepointService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


    --
    End of file - 13802 bytes

    ....................................................................
    DDS.txt


    DDS (Ver_09-09-29.01) - FAT32x86
    Run by Main at 21:20:21.18 on 31/08/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1503.328 [GMT 1:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    SVCHOST.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe 4
    SVCHOST.EXE
    SVCHOST.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe 4
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Virgin Media\Chat Extension\HsdService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Virgin Media\Digital Home Support\ServicepointService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
    C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Main\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.virginmedia.com
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Virgin Media Toolbar: {a057a204-bacc-4d26-cfc3-3cecc9ab2eda} - c:\progra~1\virgin~3\VIRGIN~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Virgin Media Toolbar: {a057a204-bacc-4d26-cfc3-3cecc9ab2eda} - c:\progra~1\virgin~3\VIRGIN~1.DLL
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {A057A204-BACC-4D26-8590-3AAE8EEE749D} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
    mPolicies-explorer: NoResolveTrack = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
    DPF: {1B735B98-8010-11D5-AD0B-00500463D885} - hxxp://www.partsarena.com/baxi/Plugins/IMIESRCHie7.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} - hxxp://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
    DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} - hxxp://www.scotlandspeople.gov.uk/Viewers/ActiveXControl/viewdw32.ocx
    DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/53/install/gtdownls.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader.cab
    DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
    DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.ourcat.co.uk/bin/msnchat45.cab
    DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    TCP: {F13DDBD1-A104-41EC-870D-6269D93B92A9} = 194.168.4.100,194.168.8.100
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-30 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-8 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-8 29584]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
    R2 HsdService;HsdService;c:\program files\virgin media\chat extension\HsdService.exe [2010-5-31 1410288]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-5 304464]
    R2 ServicepointService;ServicepointService;c:\program files\virgin media\digital home support\ServicepointService.exe [2010-5-31 689392]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-23 15008]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-5 20952]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\main\locals~1\temp\dmskssrh.sys --> c:\docume~1\main\locals~1\temp\DMSKSSRh.sys [?]
    S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-12-10 58288]
    S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2006-12-10 8336]
    S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2006-12-10 94064]
    S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2006-12-10 85408]
    S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-12-10 83344]
    S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys --> c:\windows\system32\drivers\lgmcbus.sys [?]
    S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys --> c:\windows\system32\drivers\lgmcmdfl.sys [?]
    S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys --> c:\windows\system32\drivers\lgmcmdm.sys [?]
    S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys --> c:\windows\system32\drivers\lgmcmgmt.sys [?]
    S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys --> c:\windows\system32\drivers\lgmcobex.sys [?]
    S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys --> c:\windows\system32\drivers\lgmcunic.sys [?]
    S4 vsdatant;vsdatant; [x]

    =============== Created Last 30 ================

    2010-08-28 23:46 423,656 a------- c:\windows\system32\deployJava1.dll
    2010-08-28 13:42 <DIR> --dsh--- C:\FOUND.000
    2010-08-28 00:52 1,790 a------- c:\windows\system32\tmp.reg
    2010-08-27 07:34 15,880 a------- c:\windows\system32\lsdelete.exe
    2010-08-24 14:33 272,128 -------- c:\windows\system32\dllcache\bthport.sys
    2010-08-24 14:32 354,304 -------- c:\windows\system32\dllcache\srv.sys
    2010-08-24 14:31 455,680 -------- c:\windows\system32\dllcache\mrxsmb.sys
    2010-08-24 14:31 471,552 -------- c:\windows\system32\dllcache\aclayers.dll
    2010-08-24 14:31 744,448 -------- c:\windows\system32\dllcache\helpsvc.exe
    2010-08-24 14:28 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
    2010-08-24 14:24 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
    2010-08-24 14:23 2,560 -------- c:\windows\system32\xpsp4res.dll
    2010-08-24 14:23 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
    2010-08-24 14:10 <DIR> --d----- c:\windows\system32\scripting
    2010-08-24 14:10 <DIR> --d----- c:\windows\system32\en
    2010-08-24 14:10 <DIR> --d----- c:\windows\l2schemas
    2010-08-24 14:10 <DIR> --d----- c:\windows\system32\bits
    2010-08-24 14:06 1,374 a------- c:\windows\imsins.BAK
    2010-08-24 14:03 <DIR> --d----- c:\windows\EHome
    2010-08-24 13:22 4,274,816 -------- c:\windows\system32\nv4_disp.dll
    2010-08-24 13:22 1,897,408 -------- c:\windows\system32\drivers\nv4_mini.sys
    2010-08-24 13:22 1,888,992 -------- c:\windows\system32\ati3duag.dll
    2010-08-24 13:22 1,737,856 -------- c:\windows\system32\mtxparhd.dll
    2010-08-24 13:22 1,372,672 -------- c:\windows\system32\dllcache\msxml6.dll
    2010-08-24 13:22 1,309,184 -------- c:\windows\system32\drivers\mtlstrm.sys
    2010-08-24 13:22 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
    2010-08-24 13:22 870,784 -------- c:\windows\system32\ati3d1ag.dll
    2010-08-24 13:22 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
    2010-08-05 17:40 664 a------- c:\windows\system32\d3d9caps.dat

    ==================== Find3M ====================

    2010-08-24 14:12 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2010-07-30 22:45 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-27 07:30 8,462,336 -------- c:\windows\system32\dllcache\shell32.dll
    2010-07-17 09:25 12,536 a------- c:\windows\system32\avgrsstx.dll
    2010-07-17 09:24 216,400 a------- c:\windows\system32\drivers\avgldx86.sys
    2010-07-12 09:55 64,288 a------- c:\windows\system32\drivers\Lbd.sys
    2010-06-30 13:31 149,504 a------- c:\windows\system32\schannel.dll
    2010-06-30 13:31 149,504 -------- c:\windows\system32\dllcache\schannel.dll
    2010-06-24 17:51 11,077,120 -------- c:\windows\system32\dllcache\ieframe.dll
    2010-06-24 13:22 916,480 a------- c:\windows\system32\wininet.dll
    2010-06-24 13:22 916,480 -------- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 13:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 13:22 5,951,488 -------- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 13:22 1,210,368 -------- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 13:22 611,840 -------- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 13:22 206,848 -------- c:\windows\system32\dllcache\occache.dll
    2010-06-24 13:22 599,040 -------- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 13:22 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 13:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 13:21 1,986,560 -------- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 13:21 247,808 -------- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 13:21 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 13:21 743,424 -------- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 13:21 387,584 -------- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-23 14:44 1,851,904 a------- c:\windows\system32\win32k.sys
    2010-06-23 14:44 1,851,904 -------- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 13:08 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-18 16:46 81 a------- C:\CTX.DAT
    2010-06-18 14:36 3,558,912 a------- c:\windows\system32\dllcache\moviemk.exe
    2010-06-17 15:03 80,384 a------- c:\windows\system32\iccvid.dll
    2010-06-14 15:31 744,448 a------- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
    2010-06-14 08:41 1,172,480 a------- c:\windows\system32\msxml3.dll
    2010-06-14 08:41 1,172,480 a------- c:\windows\system32\dllcache\msxml3.dll
    2007-11-10 19:28 87,608 a------- c:\docume~1\main\applic~1\ezpinst.exe
    2007-11-10 19:28 47,360 a------- c:\docume~1\main\applic~1\pcouffin.sys
    2007-01-11 12:55 24,192 a------- c:\documents and settings\main\usbsermptxp.sys
    2007-01-11 12:55 22,768 a------- c:\documents and settings\main\usbsermpt.sys
    2006-04-29 17:17 774,144 a------- c:\program files\RngInterstitial.dll
    2006-01-26 12:24 400 a------- c:\docume~1\main\applic~1\wklnhst.dat

    ============= FINISH: 21:21:56.78 ===============
    Ark.txt

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-31 21:57:54
    Windows 5.1.2600 Service Pack 3
    Running: kjwobg08.exe; Driver: C:\DOCUME~1\Main\LOCALS~1\Temp\pgldqpow.sys

    ---- System - GMER 1.0.15 ----
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
    Inc.) ZwAllocateVirtualMemory [0xBA210B30]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB)
    ZwCreateKey [0xF764787E]
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
    Inc.) ZwCreateThread [0xBA2106F0]
    SSDT sptd.sys
    ZwEnumerateKey [0xF750584C]
    SSDT sptd.sys
    ZwEnumerateValueKey [0xF7505BEC]
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
    Inc.) ZwMapViewOfSection [0xBA210470]
    SSDT sptd.sys
    ZwOpenKey [0xF7500090]
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
    Inc.) ZwProtectVirtualMemory [0xBA210C50]
    SSDT sptd.sys
    ZwQueryKey [0xF7505CC4]
    SSDT sptd.sys
    ZwQueryValueKey [0xF7505B44]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB)
    ZwSetValueKey [0xF7647BFE]
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
    Inc.) ZwShutdownSystem [0xBA210990]
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
    Inc.) ZwTerminateProcess [0xBA2108D0]
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies,
    Inc.) ZwWriteVirtualMemory [0xBA210D60]
    ---- Kernel code sections - GMER 1.0.15 ----
    ? C:\WINDOWS\system32\drivers\sptd.sys
    The process cannot access the file because it is being used by another process.
    init C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    entry point in "init" section [0xBA400900]
    .text USBPORT.SYS!DllUnload
    BA39A8AC 5 Bytes JMP 8A08F960
    .text tcpip.sys!IPTransmit + 10FC
    B6F50D3A 6 Bytes CALL BA7EBE50 Teefer.sys (Teefer Driver/Sygate Technologies,
    Inc.)
    .text tcpip.sys!IPTransmit + 2A52
    B6F52690 6 Bytes CALL BA7EBE50 Teefer.sys (Teefer Driver/Sygate Technologies,
    Inc.)
    .text tcpip.sys!IPRegisterProtocol + 930
    B6F68454 6 Bytes CALL BA7EBE50 Teefer.sys (Teefer Driver/Sygate Technologies,
    Inc.)
    .text wanarp.sys
    BA1E33FD 7 Bytes CALL BA7EBFA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
    ? C:\WINDOWS\TEMP\pgldqpoc.sys
    The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
    USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP
    3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
    USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP
    3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
    3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
    3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
    USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP
    3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
    USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP
    3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxExA
    7E45085C 5 Bytes JMP 3E3E49D4
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
    3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116]
    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
    3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP
    3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP
    3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360] USER32.dll!CallNextHookEx
    7E42B3C6 5 Bytes JMP 3E2DD135
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP
    3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes
    JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
    3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
    3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP
    3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP
    3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360] USER32.dll!MessageBoxExA
    7E45085C 5 Bytes JMP 3E3E49D4
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
    3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
    3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360] ole32.dll!CoCreateInstance
    7750057E 5 Bytes JMP 3E2EDB80
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3360]
    ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP
    3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!DialogBoxParamW
    7E4247AB 5 Bytes JMP 3E215501
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380]
    USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP
    3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!CallNextHookEx
    7E42B3C6 5 Bytes JMP 3E2DD135
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!CreateWindowExW
    7E42D0A3 5 Bytes JMP 3E2EDB24
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380]
    USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes
    JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380]
    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
    3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380]
    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
    3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!DialogBoxParamA
    7E43B144 5 Bytes JMP 3E3E4B0C
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!MessageBoxExW
    7E450838 5 Bytes JMP 3E3E4972
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380] USER32.dll!MessageBoxExA
    7E45085C 5 Bytes JMP 3E3E49D4
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380]
    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
    3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380]
    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
    3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380] ole32.dll!CoCreateInstance
    7750057E 5 Bytes JMP 3E2EDB80
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3380] ole32.dll!OleLoadFromStream
    77529C85 5 Bytes JMP 3E3E4EF0
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + 6 7C90D0B4
    4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtCreateFile + B 7C90D0B9
    1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6
    7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + 6
    7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtMapViewOfSection + B
    7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + 6 7C90D5A4
    4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenFile + B 7C90D5A9
    1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + 6
    7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcess + B
    7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + 6
    7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessToken + B
    7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + 6
    7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenProcessTokenEx + B
    7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + 6
    7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThread + B
    7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + 6
    7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadToken + B
    7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + 6
    7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtOpenThreadTokenEx + B
    7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + 6
    7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryAttributesFile + B
    7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + 6
    7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtQueryFullAttributesFile + B
    7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + 6
    7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationFile + B
    7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + 6
    7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtSetInformationThread + B
    7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6
    7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + 6
    7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4244] ntdll.dll!NtUnmapViewOfSection + B
    7C90DF19 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP
    3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP
    3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264] USER32.dll!CallNextHookEx
    7E42B3C6 5 Bytes JMP 3E2DD135
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP
    3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes
    JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
    3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
    3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP
    3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP
    3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264] USER32.dll!MessageBoxExA
    7E45085C 5 Bytes JMP 3E3E49D4
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
    3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
    3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264] ole32.dll!CoCreateInstance
    7750057E 5 Bytes JMP 3E2EDB80
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4264]
    ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP
    3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtCreateFile + 6 7C90D0B4
    4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtCreateFile + B 7C90D0B9
    1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + 6
    7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + 6
    7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + B
    7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenFile + 6 7C90D5A4
    4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenFile + B 7C90D5A9
    1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcess + 6
    7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcess + B
    7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessToken + 6
    7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessToken + B
    7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessTokenEx + 6
    7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessTokenEx + B
    7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThread + 6
    7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThread + B
    7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadToken + 6
    7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadToken + B
    7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadTokenEx + 6
    7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadTokenEx + B
    7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryAttributesFile + 6
    7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryAttributesFile + B
    7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryFullAttributesFile + 6
    7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryFullAttributesFile + B
    7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationFile + 6
    7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationFile + B
    7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationThread + 6
    7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationThread + B
    7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + 6
    7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + 6
    7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + B
    7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + 6 7C90D0B4
    4 Bytes [28, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtCreateFile + B 7C90D0B9
    1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6
    7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + 6
    7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtMapViewOfSection + B
    7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + 6 7C90D5A4
    4 Bytes [68, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenFile + B 7C90D5A9
    1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + 6
    7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcess + B
    7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + 6
    7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessToken + B
    7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + 6
    7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenProcessTokenEx + B
    7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + 6
    7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThread + B
    7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + 6
    7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadToken + B
    7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + 6
    7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtOpenThreadTokenEx + B
    7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + 6
    7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryAttributesFile + B
    7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + 6
    7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtQueryFullAttributesFile + B
    7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + 6
    7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationFile + B
    7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + 6
    7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtSetInformationThread + B
    7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6
    7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + 6
    7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Documents and Settings\Main\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe[5012] ntdll.dll!NtUnmapViewOfSection + B
    7C90DF19 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!DialogBoxParamW
    7E4247AB 5 Bytes JMP 3E215501
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240]
    USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP
    3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!CallNextHookEx
    7E42B3C6 5 Bytes JMP 3E2DD135
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!CreateWindowExW
    7E42D0A3 5 Bytes JMP 3E2EDB24
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240]
    USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes
    JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240]
    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
    3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240]
    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
    3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!DialogBoxParamA
    7E43B144 5 Bytes JMP 3E3E4B0C
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!MessageBoxExW
    7E450838 5 Bytes JMP 3E3E4972
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240] USER32.dll!MessageBoxExA
    7E45085C 5 Bytes JMP 3E3E49D4
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240]
    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
    3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240]
    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
    3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240] ole32.dll!CoCreateInstance
    7750057E 5 Bytes JMP 3E2EDB80
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5240] ole32.dll!OleLoadFromStream
    77529C85 5 Bytes JMP 3E3E4EF0
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!DialogBoxParamW
    7E4247AB 5 Bytes JMP 3E215501
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!CreateWindowExW
    7E42D0A3 5 Bytes JMP 3E2EDB24
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796]
    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP
    3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796]
    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP
    3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!DialogBoxParamA
    7E43B144 5 Bytes JMP 3E3E4B0C
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxExW
    7E450838 5 Bytes JMP 3E3E4972
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796] USER32.dll!MessageBoxExA
    7E45085C 5 Bytes JMP 3E3E49D4
    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796]
    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP
    3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5796]
    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP
    3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs
    8A19A980
    Device \FileSystem\Fastfat \FatCdrom
    8A5601D8
    Device \Driver\Tcpip \Device\Ip
    wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
    Device \Driver\usbohci \Device\USBPDO-0
    8A08E980
    Device \Driver\usbohci \Device\USBPDO-1
    8A08E980
    Device \Driver\usbohci \Device\USBPDO-2
    8A08E980
    Device \Driver\usbehci \Device\USBPDO-3
    89F831D8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{F13DDBD1-A104-41EC-870D-6269D93B92A9}
    89EB51D8
    Device \Driver\Tcpip \Device\Tcp
    wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp
    Lbd.sys (Boot Driver/Lavasoft AB)
    Device \Driver\USBSTOR \Device\00000071
    8A27D980
    Device \Driver\Ftdisk \Device\HarddiskVolume1
    8A4F41D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2
    8A4F41D8
    Device \Driver\Cdrom \Device\CdRom0
    8A08B5C0
    Device \Driver\USBSTOR \Device\00000072
    8A27D980
    Device \Driver\Ftdisk \Device\HarddiskVolume3
    8A4F41D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3
    [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX,
    [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0
    [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX,
    [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1
    [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX,
    [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e
    [F7869B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX,
    [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Ftdisk \Device\HarddiskVolume4
    8A4F41D8
    Device \Driver\USBSTOR \Device\00000074
    8A27D980
    Device \Driver\USBSTOR \Device\00000075
    8A27D980
    Device \Driver\USBSTOR \Device\00000076
    8A27D980
    Device \Driver\NetBT \Device\NetBt_Wins_Export
    89EB51D8
    Device \Driver\USBSTOR \Device\00000077
    8A27D980
    Device \Driver\USBSTOR \Device\00000078
    8A27D980
    Device \Driver\USBSTOR \Device\00000079
    8A27D980
    Device \Driver\NetBT \Device\NetbiosSmb
    89EB51D8
    Device \Driver\Tcpip \Device\Udp
    wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
    Device \Driver\Tcpip \Device\RawIp
    wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
    Device \Driver\usbohci \Device\USBFDO-0
    8A08E980
    Device \Driver\usbohci \Device\USBFDO-1
    8A08E980
    Device \Driver\USBSTOR \Device\0000006d
    8A27D980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver
    89C831D8
    Device \Driver\usbohci \Device\USBFDO-2
    8A08E980
    Device \Driver\Tcpip \Device\IPMULTICAST
    wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
    Device \Driver\usbehci \Device\USBFDO-3
    89F831D8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector
    89C831D8
    Device \Driver\Ftdisk \Device\FtControl
    8A4F41D8
    Device \FileSystem\Fastfat \Fat
    8A5601D8
    AttachedDevice \FileSystem\Fastfat \Fat
    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    Device \FileSystem\Cdfs \Cdfs
    8A1746F0
    ---- Processes - GMER 1.0.15 ----
    Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** )
    1116

    Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** )
    3360

    Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )
    3380
    Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** )
    4264

    Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )
    5240
    Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )
    5796
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]
    821321661
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]
    -745569455
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]
    1
    Reg
    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

    Reg
    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    @h0 0
    Reg
    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    @ujdew 0x51 0x94 0x3C 0x3B ...
    Reg
    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not
    active ControlSet)
    Reg
    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]
    0 0
    Reg
    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected]
    dew 0x51 0x94 0x3C 0x3B ...
    Reg
    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not
    active ControlSet)
    Reg
    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected]
    0 0
    Reg
    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected]
    dew 0x51 0x94 0x3C 0x3B ...
    ---- EOF - GMER 1.0.15 ----


    End of information. Do let me know if you need anything further.
     

    Attached Files:

  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  3. EddieG1

    EddieG1 Thread Starter

    Joined:
    Aug 31, 2010
    Messages:
    7
    Sorry, I ran combofix but it seemed to stall. It got throigh to stage 50 completed and then said delteting Windows /XXX/ Temp files (I can't recall exactly which) But then it froze. I was careful not to click anywhere.

    The warning above says not to try to run again but to report back. There was a message from Combofix earlier in process saying that Master Boot Record was infected. No sign of any log file. Recommended next steps?
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    please look and see if a log was generated, it will be at C:\Combofix.txt

    If there is no log,

    tap into safe mode and run it from safe mode. if it needs to reboot, make sure you go back into safe mode so it will produce a log.

    To enter safe mode > reboot and tap F8 repeatedly until a advanced menu appears > arrow up to safe mode


    (if combofix asks to update itself > allow it to do so)
     
  5. EddieG1

    EddieG1 Thread Starter

    Joined:
    Aug 31, 2010
    Messages:
    7
    Hi - Re run in Safe mode as above. Text of log pasted below. Thanks for your help.

    Do let me know what the next steps are.

    ComboFix 10-09-01.02 - Main 02/09/2010 19:27:20.3.1 - FAT32x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1503.1108 [GMT 1:00]
    Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_NPF

    ((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
    .
    2010-08-28 22:46 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-28 12:42 . 2010-08-28 12:42 -------- d-----w- C:\FOUND.000
    2010-08-27 06:34 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-25 19:40 . 2010-08-25 19:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
    2010-08-25 07:19 . 2010-08-25 07:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\qganeekov
    2010-08-25 07:19 . 2010-08-25 07:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-08-24 13:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2010-08-24 13:32 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-08-24 13:31 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-08-24 13:31 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-08-24 13:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-08-24 13:28 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
    2010-08-24 13:24 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2010-08-24 13:23 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-08-24 13:23 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
    2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\scripting
    2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\en
    2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\l2schemas
    2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\bits
    2010-08-24 13:03 . 2010-08-24 13:03 -------- d-----w- c:\windows\EHome
    2010-08-24 12:22 . 2008-04-14 00:12 4274816 ------w- c:\windows\system32\nv4_disp.dll
    2010-08-24 12:22 . 2008-04-14 00:11 1888992 ------w- c:\windows\system32\ati3duag.dll
    2010-08-24 12:22 . 2008-04-13 16:34 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
    2010-08-24 12:22 . 2008-04-14 00:12 1737856 ------w- c:\windows\system32\mtxparhd.dll
    2010-08-24 12:22 . 2009-07-31 09:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
    2010-08-24 12:22 . 2008-04-13 18:23 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2010-08-24 12:22 . 2008-04-13 18:23 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
    2010-08-24 12:22 . 2008-04-14 00:11 870784 ------w- c:\windows\system32\ati3d1ag.dll
    2010-08-24 12:22 . 2008-04-13 16:34 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
    2010-08-05 16:40 . 2010-08-05 16:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-04 13:13 . 2010-08-04 13:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-08-04 13:12 . 2010-08-04 13:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-28 22:47 . 2010-08-28 22:47 503808 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\msvcp71.dll
    2010-08-28 22:47 . 2010-08-28 22:47 499712 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\jmc.dll
    2010-08-28 22:47 . 2010-08-28 22:47 348160 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\msvcr71.dll
    2010-08-28 22:47 . 2010-08-28 22:47 61440 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-487dce57-n\decora-sse.dll
    2010-08-28 22:47 . 2010-08-28 22:47 12800 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-487dce57-n\decora-d3d.dll
    2010-08-28 15:19 . 2010-07-29 22:03 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-28 15:18 . 2010-07-29 22:03 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-24 17:13 . 2006-01-23 21:38 111792 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-24 13:12 . 2005-04-19 10:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-08-22 17:04 . 2010-08-03 13:14 452104 ----a-w- c:\documents and settings\Main\Application Data\Real\Update\setup3.12\setup.exe
    2010-07-30 21:45 . 2010-07-30 21:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-30 21:02 . 2010-07-30 21:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-07-30 21:01 . 2010-07-30 21:01 -------- d-----w- c:\program files\Lavasoft
    2010-07-30 21:01 . 2010-07-30 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-07-29 22:03 . 2010-07-29 22:03 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-07-29 22:02 . 2010-07-29 22:02 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
    2010-07-29 22:02 . 2010-07-29 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-07-29 22:01 . 2010-07-29 22:01 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-29 21:48 . 2010-07-29 21:48 388096 ----a-r- c:\documents and settings\Main\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-29 21:48 . 2010-07-29 21:48 -------- d-----w- c:\program files\Trend Micro
    2010-07-22 09:50 . 2010-07-22 09:50 -------- d-----w- c:\program files\iPod
    2010-07-22 09:49 . 2010-07-22 09:49 -------- d-----w- c:\program files\iTunes
    2010-07-22 09:32 . 2010-07-22 09:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
    2010-07-22 08:12 . 2010-07-22 08:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2010-07-22 06:25 . 2010-07-22 06:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\VIRGINMEDIATOOLBAR
    2010-07-21 17:03 . 2010-07-21 17:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\VIRGINMEDIATOOLBAR
    2010-07-21 12:50 . 2010-07-21 12:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VIRGINMEDIATOOLBAR
    2010-07-17 08:25 . 2010-07-17 08:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-17 08:24 . 2010-04-08 21:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-12 08:56 . 2010-07-30 21:02 2979280 ----a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
    2010-07-12 08:55 . 2010-07-30 21:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-07-01 22:47 . 2010-03-09 17:08 439816 ----a-w- c:\documents and settings\Main\Application Data\Real\Update\setup3.10\setup.exe
    2010-07-01 09:17 . 2010-07-01 09:17 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
    2010-06-30 12:31 . 2005-04-19 10:28 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2005-04-19 10:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2005-04-19 10:28 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 11:42 . 2010-06-23 11:42 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb86A.tmp.exe
    2010-06-21 15:27 . 2005-04-19 10:28 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-18 15:46 . 2010-06-18 15:46 81 ----a-w- C:\CTX.DAT
    2010-06-17 14:03 . 2005-04-19 10:28 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2005-04-19 10:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
    2010-06-14 07:41 . 2005-04-19 10:28 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2006-04-29 16:17 . 2006-04-29 16:17 774144 ----a-w- c:\program files\RngInterstitial.dll
    2007-10-02 22:07 . 2007-07-27 20:37 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2007-10-02 22:07 . 2007-07-27 20:37 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2007-10-02 22:07 . 2007-07-27 20:37 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2007-10-02 22:07 . 2007-07-27 20:37 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2007-10-02 22:07 . 2007-07-27 20:37 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2010-01-19 8262928]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2005-03-17 106496]
    "SoundMan"="SOUNDMAN.EXE" [2005-03-17 67584]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-08 185896]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-07-03 231888]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-17 08:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2005-12-16 11:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-18 12:49 136176 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-16 06:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2004-08-04 04:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
    2008-07-08 17:53 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-07-15 00:07 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2007-09-13 12:31 22880040 ----a-r- c:\program files\Skype\Phone\Skype.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-05-24 09:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2008-07-08 17:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    "kdx"=c:\program files\Kontiki\KHost.exe -all
    "Google Update"="c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
    "SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    "SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
    "HsdClient.exe"="c:\program files\Virgin Media\Chat Extension\HsdClient.exe" /AUTORUN
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "DigitalHomeSupport.exe"="c:\program files\Virgin Media\Digital Home Support\DigitalHomeSupport.exe" /AUTORUN
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Documents and Settings\\Main\\Desktop\\Music & DVD\\utorrent.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Safari\\Safari.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\Virgin Media\\Digital Home Support\\ServicepointService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7338:TCP"= 7338:TCP:ppLive
    "3915:UDP"= 3915:UDP:ppLive
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/07/2010 22:46 64288]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 09:55 1355416]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/04/2010 22:20 216400]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 09:25 308136]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2010 23:36 135664]
    S2 HsdService;HsdService;c:\program files\Virgin Media\Chat Extension\HsdService.exe [31/05/2010 13:59 1410288]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/06/2010 17:06 304464]
    S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Digital Home Support\ServicepointService.exe [31/05/2010 13:58 689392]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:05 1021256]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
    S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\Main\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\Main\LOCALS~1\Temp\DMSKSSRh.sys [?]
    S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [10/12/2006 18:09 58288]
    S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [10/12/2006 18:09 8336]
    S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [10/12/2006 18:09 94064]
    S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [10/12/2006 18:09 85408]
    S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [10/12/2006 18:09 83344]
    S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys --> c:\windows\system32\DRIVERS\lgmcbus.sys [?]
    S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys --> c:\windows\system32\DRIVERS\lgmcmdfl.sys [?]
    S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys --> c:\windows\system32\DRIVERS\lgmcmdm.sys [?]
    S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys --> c:\windows\system32\DRIVERS\lgmcmgmt.sys [?]
    S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys --> c:\windows\system32\DRIVERS\lgmcobex.sys [?]
    S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys --> c:\windows\system32\DRIVERS\lgmcunic.sys [?]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/06/2010 17:06 20952]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2006 12:23 639224]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849584960-738971770-2466402417-1006Core.job
    - c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 12:49]
    2010-09-02 c:\windows\Tasks\Automatic troubleshooting.job
    - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
    2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 21:48]
    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:36]
    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.virginmedia.com
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: {F13DDBD1-A104-41EC-870D-6269D93B92A9} = 194.168.4.100,194.168.8.100
    DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
    DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\udu11bgl.default\
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: browser.blink_allowed - true
    FF - user.js: network.prefetch-next - true
    FF - user.js: layout.spellcheckDefault - 1
    FF - user.js: browser.urlbar.autoFill - false
    FF - user.js: browser.search.openintab - false
    FF - user.js: browser.tabs.closeButtons - 1
    FF - user.js: browser.tabs.opentabfor.middleclick - true
    FF - user.js: browser.tabs.tabMinWidth - 100
    FF - user.js: browser.urlbar.hideGoButton - false
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    WebBrowser-{A057A204-BACC-4D26-8590-3AAE8EEE749D} - (no file)
    MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
    MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
    MSConfigStartUp-NI - c:\windows\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
    MSConfigStartUp-ppmate - c:\program files\PPMate\PPMate\ppmate.exe
    MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    MSConfigStartUp-TuneUp MemOptimizer - c:\program files\TuneUp Utilities 2007\MemOptimizer.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-02 19:36
    Windows 5.1.2600 Service Pack 3 FAT NTAPI
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,05,1a,23,9f,de,e9,4e,87,6b,53,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,05,1a,23,9f,de,e9,4e,87,6b,53,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(232)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\l3codeca.acm
    c:\windows\system32\sirenacm.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    - - - - - - - > 'explorer.exe'(1740)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-02 19:43:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-02 18:43
    Pre-Run: 4,572,577,792 bytes free
    Post-Run: 4,462,641,152 bytes free
    - - End Of File - - B859A11183A6BD3E6EB2572FE2A7AFAE
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/virus-other-malware-removal/947014-audio-ads-playing-randomly.html#post7580004
    
    Collect::
    c:\docume~1\Main\LOCALS~1\Temp\DMSKSSRh.sys
    
    Folder::
    c:\documents and settings\LocalService\Local Settings\Application Data\qganeekov
    
    Driver::
    DMSKSSRh
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT


    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT

    **Vista/Win7 users - right click on the IE icon and run as administrator

    Run an on-line scan with Kaspersky

    Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.
    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    3. Click Run at the Security prompt.
    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.

      [​IMG]
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
     
  7. EddieG1

    EddieG1 Thread Starter

    Joined:
    Aug 31, 2010
    Messages:
    7
    1) CF script run in Combofix. Log pasted below

    2) MBAM scan complete - all clear - Log pasted below.

    3) Kaspersky - not run. Kaspersky site says I need Java Framework 1.5 or later and won;t progress to run without that. Following their link to Java takes me to Java site where their online analysis says:
    Your Java is working, Latest Java installed.
    Your Java configuration is as follows: Vendor: Sun Microsystems Inc. Version: Java 6 Update 21 Operating System: Windows XP 5.1 Architecture: x86


    So I'm not clear on how to deal with that Java point. Any advice or is there a different scanner to use for a further check?

    Thanks again for the help, Logs follow.


    ComboFix 10-09-01.02 - Main 02/09/2010 22:39:02.4.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1503.772 [GMT 1:00]
    Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Main\Desktop\cfscript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\Local Settings\Application Data\qganeekov

    .
    \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DMSKSSRH
    -------\Service_DMSKSSRh


    ((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
    .

    2010-08-28 22:47 . 2010-08-28 22:47 503808 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\msvcp71.dll
    2010-08-28 22:47 . 2010-08-28 22:47 499712 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\jmc.dll
    2010-08-28 22:47 . 2010-08-28 22:47 348160 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1804d9d1-n\msvcr71.dll
    2010-08-28 22:47 . 2010-08-28 22:47 61440 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-487dce57-n\decora-sse.dll
    2010-08-28 22:47 . 2010-08-28 22:47 12800 ----a-w- c:\documents and settings\Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-487dce57-n\decora-d3d.dll
    2010-08-28 22:46 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-28 12:42 . 2010-08-28 12:42 -------- d-----w- C:\FOUND.000
    2010-08-27 06:34 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-25 19:40 . 2010-08-25 19:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
    2010-08-25 07:19 . 2010-08-25 07:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-08-24 13:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2010-08-24 13:32 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-08-24 13:31 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-08-24 13:31 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-08-24 13:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-08-24 13:28 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
    2010-08-24 13:24 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2010-08-24 13:23 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-08-24 13:23 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
    2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\scripting
    2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\en
    2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\l2schemas
    2010-08-24 13:10 . 2010-08-24 13:10 -------- d-----w- c:\windows\system32\bits
    2010-08-24 13:03 . 2010-08-24 13:03 -------- d-----w- c:\windows\EHome
    2010-08-24 12:22 . 2008-04-14 00:12 4274816 ------w- c:\windows\system32\nv4_disp.dll
    2010-08-24 12:22 . 2008-04-14 00:11 1888992 ------w- c:\windows\system32\ati3duag.dll
    2010-08-24 12:22 . 2008-04-13 16:34 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
    2010-08-24 12:22 . 2008-04-14 00:12 1737856 ------w- c:\windows\system32\mtxparhd.dll
    2010-08-24 12:22 . 2009-07-31 09:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
    2010-08-24 12:22 . 2008-04-13 18:23 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2010-08-24 12:22 . 2008-04-13 18:23 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
    2010-08-24 12:22 . 2008-04-14 00:11 870784 ------w- c:\windows\system32\ati3d1ag.dll
    2010-08-24 12:22 . 2008-04-13 16:34 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
    2010-08-05 16:40 . 2010-08-05 16:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-04 13:13 . 2010-08-04 13:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-08-04 13:12 . 2010-08-04 13:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-28 15:19 . 2010-07-29 22:03 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-28 15:18 . 2010-07-29 22:03 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-24 17:13 . 2006-01-23 21:38 111792 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-24 13:12 . 2005-04-19 10:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-08-22 17:04 . 2010-08-03 13:14 452104 ----a-w- c:\documents and settings\Main\Application Data\Real\Update\setup3.12\setup.exe
    2010-07-30 21:45 . 2010-07-30 21:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-30 21:02 . 2010-07-30 21:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-07-30 21:01 . 2010-07-30 21:01 -------- d-----w- c:\program files\Lavasoft
    2010-07-30 21:01 . 2010-07-30 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-07-29 22:03 . 2010-07-29 22:03 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-07-29 22:02 . 2010-07-29 22:02 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
    2010-07-29 22:02 . 2010-07-29 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-07-29 22:01 . 2010-07-29 22:01 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-29 21:48 . 2010-07-29 21:48 388096 ----a-r- c:\documents and settings\Main\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-29 21:48 . 2010-07-29 21:48 -------- d-----w- c:\program files\Trend Micro
    2010-07-22 09:50 . 2010-07-22 09:50 -------- d-----w- c:\program files\iPod
    2010-07-22 09:49 . 2010-07-22 09:49 -------- d-----w- c:\program files\iTunes
    2010-07-22 09:32 . 2010-07-22 09:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
    2010-07-22 08:12 . 2010-07-22 08:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2010-07-22 06:25 . 2010-07-22 06:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\VIRGINMEDIATOOLBAR
    2010-07-21 17:03 . 2010-07-21 17:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\VIRGINMEDIATOOLBAR
    2010-07-21 12:50 . 2010-07-21 12:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VIRGINMEDIATOOLBAR
    2010-07-17 08:25 . 2010-07-17 08:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-17 08:24 . 2010-04-08 21:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-12 08:56 . 2010-07-30 21:02 2979280 ----a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
    2010-07-12 08:55 . 2010-07-30 21:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-07-01 22:47 . 2010-03-09 17:08 439816 ----a-w- c:\documents and settings\Main\Application Data\Real\Update\setup3.10\setup.exe
    2010-07-01 09:17 . 2010-07-01 09:17 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
    2010-06-30 12:31 . 2005-04-19 10:28 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2005-04-19 10:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2005-04-19 10:28 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 11:42 . 2010-06-23 11:42 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb86A.tmp.exe
    2010-06-21 15:27 . 2005-04-19 10:28 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-18 15:46 . 2010-06-18 15:46 81 ----a-w- C:\CTX.DAT
    2010-06-17 14:03 . 2005-04-19 10:28 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2005-04-19 10:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
    2010-06-14 07:41 . 2005-04-19 10:28 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2006-04-29 16:17 . 2006-04-29 16:17 774144 ----a-w- c:\program files\RngInterstitial.dll
    2007-10-02 22:07 . 2007-07-27 20:37 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2007-10-02 22:07 . 2007-07-27 20:37 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2007-10-02 22:07 . 2007-07-27 20:37 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2007-10-02 22:07 . 2007-07-27 20:37 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2007-10-02 22:07 . 2007-07-27 20:37 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_18.36.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-02 21:46 . 2010-09-02 21:46 16384 c:\windows\temp\Perflib_Perfdata_770.dat
    + 2010-09-02 18:51 . 2010-09-02 18:51 16384 c:\windows\temp\Perflib_Perfdata_6e0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2010-01-19 8262928]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2005-03-17 106496]
    "SoundMan"="SOUNDMAN.EXE" [2005-03-17 67584]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-08 185896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-07-03 231888]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-17 08:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2005-12-16 11:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-18 12:49 136176 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-16 06:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2004-08-04 04:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
    2008-07-08 17:53 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-07-15 00:07 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2007-09-13 12:31 22880040 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-05-24 09:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2008-07-08 17:53 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    "kdx"=c:\program files\Kontiki\KHost.exe -all
    "Google Update"="c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
    "SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    "SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
    "HsdClient.exe"="c:\program files\Virgin Media\Chat Extension\HsdClient.exe" /AUTORUN
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "DigitalHomeSupport.exe"="c:\program files\Virgin Media\Digital Home Support\DigitalHomeSupport.exe" /AUTORUN
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Documents and Settings\\Main\\Desktop\\Music & DVD\\utorrent.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Safari\\Safari.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\Virgin Media\\Digital Home Support\\ServicepointService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7338:TCP"= 7338:TCP:ppLive
    "3915:UDP"= 3915:UDP:ppLive

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/07/2010 22:46 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/04/2010 22:20 216400]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 09:25 308136]
    R2 HsdService;HsdService;c:\program files\Virgin Media\Chat Extension\HsdService.exe [31/05/2010 13:59 1410288]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 09:55 1355416]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/06/2010 17:06 304464]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Digital Home Support\ServicepointService.exe [31/05/2010 13:58 689392]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:05 1021256]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/06/2010 17:06 20952]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2010 23:36 135664]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
    S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [10/12/2006 18:09 58288]
    S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [10/12/2006 18:09 8336]
    S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [10/12/2006 18:09 94064]
    S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [10/12/2006 18:09 85408]
    S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [10/12/2006 18:09 83344]
    S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys --> c:\windows\system32\DRIVERS\lgmcbus.sys [?]
    S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys --> c:\windows\system32\DRIVERS\lgmcmdfl.sys [?]
    S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys --> c:\windows\system32\DRIVERS\lgmcmdm.sys [?]
    S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys --> c:\windows\system32\DRIVERS\lgmcmgmt.sys [?]
    S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys --> c:\windows\system32\DRIVERS\lgmcobex.sys [?]
    S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys --> c:\windows\system32\DRIVERS\lgmcunic.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/12/2006 12:23 639224]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849584960-738971770-2466402417-1006Core.job
    - c:\documents and settings\Main\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 12:49]

    2010-09-02 c:\windows\Tasks\Automatic troubleshooting.job
    - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

    2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 21:48]

    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:36]

    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 22:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.virginmedia.com
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: {F13DDBD1-A104-41EC-870D-6269D93B92A9} = 194.168.4.100,194.168.8.100
    DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
    DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
    FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\udu11bgl.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: browser.blink_allowed - true
    FF - user.js: network.prefetch-next - true
    FF - user.js: layout.spellcheckDefault - 1
    FF - user.js: browser.urlbar.autoFill - false
    FF - user.js: browser.search.openintab - false
    FF - user.js: browser.tabs.closeButtons - 1
    FF - user.js: browser.tabs.opentabfor.middleclick - true
    FF - user.js: browser.tabs.tabMinWidth - 100
    FF - user.js: browser.urlbar.hideGoButton - false
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-02 22:48
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,05,1a,23,9f,de,e9,4e,87,6b,53,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,05,1a,23,9f,de,e9,4e,87,6b,53,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(408)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(932)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\SSSensor.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Sygate\SPF\smc.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Kontiki\KService.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\AGRSMMSG.exe
    c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\VirginMedia\V Stuff Backup\AGMailAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-02 22:52:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-02 21:52
    ComboFix2.txt 2010-09-02 18:43

    Pre-Run: 4,365,025,280 bytes free
    Post-Run: 4,366,598,144 bytes free

    - - End Of File - - 3CA3A33278DA52810310296087497E9F


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4532

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    02/09/2010 23:06:10
    mbam-log-2010-09-02 (23-06-10).txt

    Scan type: Quick scan
    Objects scanned: 139890
    Time elapsed: 11 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    End of logs.
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    It appears the MBR is not being fixed properly, so we will need to do it in the recovery console,

    please do the following:

    Earlier on ComboFix installed the Recovery Console. We're going to use that now.

    Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
    (you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)

    [​IMG]

    [​IMG]

    When you get to the above screen, take note of the number that references your operating system.
    If it's '1' like the picture above, type 1 and press Enter

    [​IMG]

    Next type FIXMBR

    [​IMG]

    If it ask if you're sure you want to write a new MBR, answer 'Y'

    Then type EXIT to reboot the machine.



    NEXT


    Please run MBRCheck and post the log

    Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.
     
  9. EddieG1

    EddieG1 Thread Starter

    Joined:
    Aug 31, 2010
    Messages:
    7
    1) FixMBR completed

    2) MBRcheck run - Log details posted below, seemed all ok.

    3) For info - Kaspersky online scan will run if I launch from Firefox rather than IE. I haven't run yet but can try if that helps.

    Thanks again for help


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000006fc

    Kernel Drivers (total 123):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7607000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF74C0000 atapi.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF74A0000 fltmgr.sys
    0xF748E000 sr.sys
    0xF7647000 Lbd.sys
    0xF7657000 PxHelp20.sys
    0xF746A000 Fastfat.sys
    0xF7453000 KSecDD.sys
    0xF7426000 NDIS.sys
    0xF7667000 uagp35.sys
    0xF786A000 Teefer.sys
    0xF7850000 Mup.sys
    0xF76C7000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA50B000 \SystemRoot\system32\DRIVERS\sisgrp.sys
    0xBA4F7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF76D7000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA4D4000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7727000 \SystemRoot\system32\drivers\gearaspiwdm.sys
    0xBA415000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xBA3F1000 \SystemRoot\system32\drivers\portcls.sys
    0xF7587000 \SystemRoot\system32\drivers\drmk.sys
    0xBA38F000 \SystemRoot\system32\drivers\ALCXSENS.SYS
    0xF772F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xBA36B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7737000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF773F000 \SystemRoot\system32\DRIVERS\sisnic.sys
    0xBA235000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xF7747000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF774F000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF7577000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF7933000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA221000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7567000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7757000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA5AC000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7557000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7937000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xBA20A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7547000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7537000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF775F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF7767000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF776F000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7527000 \SystemRoot\System32\Drivers\pcouffin.sys
    0xF7517000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF798B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xBA10C000 \SystemRoot\system32\DRIVERS\update.sys
    0xF793F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7507000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA740000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF798D000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA7E8000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF798F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA58F000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7991000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7787000 \SystemRoot\System32\drivers\vga.sys
    0xF7993000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7995000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7797000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA7D8000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB7061000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF7697000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB7008000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB6FE0000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF76A7000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    0xB6F96000 \SystemRoot\System32\drivers\afd.sys
    0xF76B7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA7CC000 \SystemRoot\system32\DRIVERS\srvkp.sys
    0xB6F74000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF779F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xB6F49000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB6ED9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA1FA000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB6E13000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA1EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF77A7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xBA4D0000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA1CA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF77AF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF77B7000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xB6DDF000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xF77BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA4CC000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA4C8000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xF77C7000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xB6D2A000 \SystemRoot\System32\Drivers\Ntfs.SYS
    0xF7887000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xBA4B0000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF77CF000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7A68000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\SiSGRV.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xBA4B8000 \??\C:\WINDOWS\system32\drivers\mbam.sys
    0xB6B2A000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys
    0xB6A86000 \SystemRoot\SYSTEM32\Drivers\wg4n.sys
    0xB6A82000 \SystemRoot\SYSTEM32\Drivers\wg5n.sys
    0xB6A7E000 \SystemRoot\SYSTEM32\Drivers\wg6n.sys
    0xB677D000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB6ACA000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB6294000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA703000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
    0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    324 C:\WINDOWS\System32\SMSS.EXE
    380 CSRSS.EXE
    404 C:\WINDOWS\System32\WINLOGON.EXE
    448 C:\WINDOWS\System32\SERVICES.EXE
    460 C:\WINDOWS\System32\LSASS.EXE
    608 C:\WINDOWS\System32\SVCHOST.EXE
    672 SVCHOST.EXE
    752 C:\WINDOWS\System32\SVCHOST.EXE
    788 C:\Program Files\Sygate\SPF\Smc.exe
    848 C:\Program Files\AVG\AVG9\AVGCHSVX.EXE
    856 C:\Program Files\AVG\AVG9\AVGRSX.EXE
    976 C:\Program Files\AVG\AVG9\AVGCSRVX.EXE
    992 SVCHOST.EXE
    1188 SVCHOST.EXE
    1248 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    1400 C:\WINDOWS\EXPLORER.EXE
    1456 C:\WINDOWS\System32\SPOOLSV.EXE
    2032 C:\WINDOWS\SOUNDMAN.EXE
    152 C:\WINDOWS\AGRSMMSG.EXE
    200 C:\Program Files\AVG\AVG9\AVGTRAY.EXE
    300 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
    308 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    344 C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
    360 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1036 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1076 C:\Program Files\AVG\AVG9\AVGWDSVC.EXE
    1148 C:\Program Files\Bonjour\mDNSResponder.exe
    1560 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    824 C:\Program Files\Virgin Media\Chat Extension\HsdService.exe
    1748 C:\Program Files\Java\JRE6\BIN\JQS.EXE
    1764 C:\Program Files\Kontiki\KService.exe
    1060 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    1968 C:\Program Files\Virgin Media\Digital Home Support\ServicepointService.exe
    2064 C:\WINDOWS\System32\SVCHOST.EXE
    2104 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    2172 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    2584 C:\WINDOWS\System32\WUAUCLT.EXE
    3132 wmiprvse.exe
    3384 C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3404 unsecapp.exe
    3444 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    3512 C:\WINDOWS\System32\wscntfy.exe
    3784 alg.exe
    4052 wmiprvse.exe
    364 C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe
    832 C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2140 C:\Documents and Settings\Main\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2912 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    2984 C:\Documents and Settings\Main\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`bbc57e00 (FAT32)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`a2864c00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800BB-22JHC0, Rev: 05.01C05

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Good

    that has fixed it now

    Yes please give Kaspersky a try

    thanks
     
  11. EddieG1

    EddieG1 Thread Starter

    Joined:
    Aug 31, 2010
    Messages:
    7
    Hi,

    Phew Kapersky scan took quite some time. Looks to have identified a few though. Log posted below.


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, September 3, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, September 03, 2010 04:34:02
    Records in database: 4183404
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    J:\
    K:\

    Scan statistics:
    Objects scanned: 94548
    Threats found: 8
    Infected objects found: 16
    Suspicious objects found: 0
    Scan duration: 07:20:45


    File name / Threat / Threats count
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\4\66698d04-72ec0897 Infected: Trojan-Downloader.Java.Agent.gv 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\4\66698d04-72ec0897 Infected: Trojan-Downloader.Java.Agent.gw 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\4\66698d04-72ec0897 Infected: Trojan-Downloader.Java.Agent.gu 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\20\230cfb94-3a587274 Infected: Exploit.Java.CVE-2010-0094.a 2
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\20\230cfb94-3a587274 Infected: Trojan-Downloader.JS.Agent.fns 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\20\3af7b714-385491e6 Infected: Exploit.Java.CVE-2009-3867.e 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\29\6095321d-4368541a Infected: Exploit.Java.CVE-2009-3867.e 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\49\100cc2b1-1a002acc Infected: Exploit.Java.CVE-2010-0094.a 2
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\49\100cc2b1-1a002acc Infected: Trojan-Downloader.JS.Agent.fns 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\62\9c6417e-1fcc87a7 Infected: Trojan-Downloader.Java.Agent.gv 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\62\9c6417e-1fcc87a7 Infected: Trojan-Downloader.Java.Agent.gw 1
    C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\62\9c6417e-1fcc87a7 Infected: Trojan-Downloader.Java.Agent.gu 1
    C:\Program Files\DVDFab 5\DVDFab.exe Infected: Trojan.Win32.Agent.dyvq 1
    C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1

    Selected area has been scanned.
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Kaspersky has identified this file as infected, if it is in your Add/Remove programs uninstall it, if not > navigate to the DVDFab 5 folder and delete it

    C:\Program Files\DVDFab 5\DVDFab.exe

    The other items are in java cache which we can empty



    Please do the following:

    • Hold down the Windows key and press R to open a run box
    • type the following text into the run box
      appwiz.cpl
    • This will open your Add or Remove Programs
    • A list of installed programs will populate
    • Remove the following program:

    J2SE Runtime Environment 5.0 Update 6


    NEXT

    Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


    NEXT

    Visit ADOBEand download the latest version of Acrobat Reader (version 9.3)
    Having the latest updates ensures there are no security vulnerabilities in your system.


    NEXT

    You can delete the MBRCheck, DDS and GMER logs and programs from your desktop.


    NEXT


    Follow these steps to uninstall Combofix

    • Make sure your security programs are totally disabled.
    • Click START then RUN
    • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

    [​IMG]




    If there are any logs/tools remaining > right click and delete them.


    NEXT


    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
      Strong passwords: How to create and use them
      Then consider a password keeper, to keep all your passwords safe.

    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    • Download TFC to your desktop
      • Close any open windows.
      • Double click the TFC icon to run the program
      • TFC will close all open programs itself in order to run,
      • Click the Start button to begin the process.
      • Allow TFC to run uninterrupted.
      • The program should not take long to finish it's job
      • Once its finished it should automatically reboot your machine,
      • if it doesn't, manually reboot to ensure a complete clean
      It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox and IE

    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
      Think Prevention.
      PC Safety and Security--What Do I Need?.


    **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


    Thank you for your patience, and performing all of the procedures requested.

    Please respond one last time so we can consider the thread resolved and close it, thank-you.
     
  13. EddieG1

    EddieG1 Thread Starter

    Joined:
    Aug 31, 2010
    Messages:
    7
    Hi Catbyte,

    Thanks for that latest update, instructions and advice. I've gone through all the actions and am just working my way through the advisory parts now. TFC about to run. I just thought I'd confirm all done first and say thanks for all your help. It feels great to have that all fixed and I really do appreciate your guidance to get me there.

    Cheers! :):)

    EddieG
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    You are welcome

    stay safe

    ~CB
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/947014

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice