1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Bad Image Virus

Discussion in 'Virus & Other Malware Removal' started by drbead, Jan 27, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. drbead

    drbead Thread Starter

    Joined:
    Jan 27, 2012
    Messages:
    8
    Hi Guys,
    Hope someone can help me, I seem to have acquired the Bad Image Virus and it's getting me down now, I've put up with it for ages. The bad image pop up comes up whenever I try to do anything.

    Here's all the info you need, (I think) Hope I've done this right.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz, x86 Family 15 Model 4 Stepping 7
    Processor Count: 2
    RAM: 1022 Mb
    Graphics Card: NVIDIA GeForce 7300 SE, 512 Mb
    Hard Drives: C: Total - 182778 MB, Free - 95947 MB;
    Motherboard: Packard Bell BV, Cuba MS-7301
    Antivirus: AVG Anti-Virus Free Edition 2011, Updated: Yes, On-Demand Scanner: Enabled

    Hijack this
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:45:23, on 21/01/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: (no name) - {33436869-7109-4F6D-B452-DD08A828F422} - C:\WINDOWS\system32\tuvTllIX.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: LabelPrinterDLL.Interface - {5C802AD0-165B-11DB-86C3-0060080C38C1} - C:\Documents and Settings\MLKRS\Local Settings\Application Data\labelprinterdll2\labelprinter.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe -update activex
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [piripoluyu] Rundll32.exe "C:\WINDOWS\system32\bibuwoge.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Print Address Label - res://C:\Program Files\AiMCo Label Printer Pro\explorer\labelprinter.dll/HTML/CONTEXT.HTML
    O8 - Extra context menu item: Print Sales Records - res://C:\Documents and Settings\MLKRS\Local Settings\Application Data\LabelPrinterDLL2\labelprinter.dll/HTML/PRINT.HTML
    O8 - Extra context menu item: Update Sales Records - res://C:\Documents and Settings\MLKRS\Local Settings\Application Data\LabelPrinterDLL2\labelprinter.dll/HTML/UPDATE.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Print sales records - {5ABDF6B0-336E-41e8-ADF2-76629F963BD7} - C:\Documents and Settings\MLKRS\Local Settings\Application Data\labelprinterdll2\labelprinter.dll
    O9 - Extra 'Tools' menuitem: Print sales records - {5ABDF6B0-336E-41e8-ADF2-76629F963BD7} - C:\Documents and Settings\MLKRS\Local Settings\Application Data\labelprinterdll2\labelprinter.dll
    O9 - Extra button: Update sales records - {5ABDF6B0-336E-41e8-ADF2-76629F963BD8} - C:\Documents and Settings\MLKRS\Local Settings\Application Data\labelprinterdll2\labelprinter.dll
    O9 - Extra 'Tools' menuitem: Update sales records - {5ABDF6B0-336E-41e8-ADF2-76629F963BD8} - C:\Documents and Settings\MLKRS\Local Settings\Application Data\labelprinterdll2\labelprinter.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168857712625
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://benholme.dyndns.org/activex/AMC.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
    O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    O20 - AppInit_DLLs: lkdsce.dll, C:\WINDOWS\system32\sebajuyo.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: iifEtQJD - iifEtQJD.dll (file missing)
    O20 - Winlogon Notify: qoMdcbYP - qoMdcbYP.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    --
    End of file - 14269 bytes

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by MLKRS at 18:49:41 on 2012-01-21
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.363 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    svchost.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uWindow Title = Packard Bell
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/
    uURLSearchHooks: H - No File
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: {33436869-7109-4f6d-b452-dd08a828f422} - c:\windows\system32\tuvTllIX.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: LabelPrinterDLL.Interface: {5c802ad0-165b-11db-86c3-0060080c38c1} - c:\documents and settings\mlkrs\local settings\application data\labelprinterdll2\labelprinter.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10u_ActiveX.exe -update activex
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
    IE: Import Sales Record -
    IE: Print Address Label - c:\program files\aimco label printer pro\explorer\labelprinter.dll/HTML/CONTEXT.HTML
    IE: Print Sales Records - c:\documents and settings\mlkrs\local settings\application data\labelprinterdll2\labelprinter.dll/HTML/PRINT.HTML
    IE: Update Sales Records - c:\documents and settings\mlkrs\local settings\application data\labelprinterdll2\labelprinter.dll/HTML/UPDATE.HTML
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
    IE: {5ABDF6B0-336E-41e8-ADF2-76629F963BD7} - {5C802AD0-165B-11DB-86C3-0060080C38C1} - c:\documents and settings\mlkrs\local settings\application data\labelprinterdll2\labelprinter.dll
    IE: {5ABDF6B0-336E-41e8-ADF2-76629F963BD8} - {EA10E704-A499-11DC-AB00-00045A7930B0} - c:\documents and settings\mlkrs\local settings\application data\labelprinterdll2\labelprinter.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168857712625
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://benholme.dyndns.org/activex/AMC.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{99904BDB-3417-4001-83D4-F653D6146087} : DhcpNameServer = 192.168.1.1
    Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: iifEtQJD - iifEtQJD.dll
    Notify: qoMdcbYP - qoMdcbYP.dll
    AppInit_DLLs: lkdsce.dll, c:\windows\system32\sebajuyo.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {AF209DB6-29BB-4F8B-84E8-2056EA999610} - No File
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvTllIX
    LSA: Notification Packages = scecli c:\windows\system32\sebajuyo.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\mlkrs\application data\mozilla\firefox\profiles\uagwiaqs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61758
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-28 116608]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\rapportbuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-13 167264]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-8-30 30560]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 12872]
    S4 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
    .
    =============== Created Last 30 ================
    .
    2012-01-21 18:44:24 388096 ----a-r- c:\documents and settings\mlkrs\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-01-21 18:44:23 -------- d-----w- c:\program files\Trend Micro
    2012-01-16 21:09:54 -------- d-----w- c:\windows\system32\cache
    .
    ==================== Find3M ====================
    .
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
    2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 15:05:04 20 ----a-w- c:\windows\system32\LKDSCE.DLL
    2010-06-09 09:24:30 346825176 ----a-w- c:\program files\Installer-CityoftheDaleks.exe
    2009-03-04 16:39:47 148520 -c--a-w- c:\program files\Tcpview.exe
    2009-03-04 16:39:47 132136 -c--a-w- c:\program files\tcpvcon.exe
    2008-11-21 11:34:53 2372472 -c--a-w- c:\program files\mbam-setup.exe
    2008-11-21 11:03:13 5738016 -c--a-w- c:\program files\SUPERAntiSpyware.exe
    2007-02-18 18:05:00 9453630 -c--a-w- c:\program files\vlc-0.8.6a-win32.exe
    .
    ============= FINISH: 18:50:57.64 ===============
     

    Attached Files:

  2. drbead

    drbead Thread Starter

    Joined:
    Jan 27, 2012
    Messages:
    8
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  4. drbead

    drbead Thread Starter

    Joined:
    Jan 27, 2012
    Messages:
    8
    Hi Kevin,
    Thanks so much for your help. Here's the combofix log

    ComboFix 12-01-29.01 - MLKRS 29/01/2012 10:49:40.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.509 [GMT 0:00]
    Running from: c:\documents and settings\MLKRS\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
    c:\documents and settings\MLKRS\Application Data\453A.B98
    c:\documents and settings\MLKRS\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\MLKRS\WINDOWS
    c:\windows\kb913800.exe
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\a54e3ddf83634e5f.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\FF05DA0D.dll
    c:\windows\system32\SETAC.tmp
    c:\windows\system32\SETAE.tmp
    c:\windows\system32\SETBD.tmp
    c:\windows\system32\XIllTvut.ini
    c:\windows\system32\XIllTvut.ini2
    c:\windows\Tasks\cibmspfh.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-21 18:44 . 2012-01-21 18:44 388096 ----a-r- c:\documents and settings\MLKRS\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-21 18:44 . 2012-01-21 18:44 -------- d-----w- c:\program files\Trend Micro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-25 21:57 . 2004-09-10 13:57 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-09-10 13:57 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-09-10 13:57 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-09-10 13:57 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-09-10 13:57 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-11-04 19:20 . 2004-09-10 13:57 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-09-10 13:57 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-09-10 13:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-09-10 13:57 385024 ------w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2004-09-10 13:57 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28 . 2004-09-10 13:57 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2004-09-10 13:57 1288704 ----a-w- c:\windows\system32\ole32.dll
    2010-06-09 09:24 . 2010-06-09 09:23 346825176 ----a-w- c:\program files\Installer-CityoftheDaleks.exe
    2009-03-04 16:39 . 2008-01-09 15:38 148520 -c--a-w- c:\program files\Tcpview.exe
    2009-03-04 16:39 . 2008-01-03 10:40 132136 -c--a-w- c:\program files\tcpvcon.exe
    2008-11-21 11:34 . 2008-11-21 11:34 2372472 -c--a-w- c:\program files\mbam-setup.exe
    2008-11-21 11:03 . 2008-11-21 11:02 5738016 -c--a-w- c:\program files\SUPERAntiSpyware.exe
    2007-02-18 18:05 . 2007-02-18 18:04 9453630 -c--a-w- c:\program files\vlc-0.8.6a-win32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-16 21:08 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-09 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-07 06:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^MLKRS^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\documents and settings\MLKRS\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    2003-05-02 10:31 24576 ----a-w- c:\apps\ABOARD\ABOARD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
    2011-01-25 09:13 2312048 ----a-w- c:\program files\ARO 2011\ARO.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
    2011-09-10 05:28 2338656 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
    2005-10-20 05:15 102400 ----a-w- c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-10 13:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-01-15 03:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2009-03-17 13:24 157552 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
    2009-11-06 16:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2006-04-27 23:47 7573504 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2006-04-27 23:47 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-04-27 23:47 1519616 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-01-10 15:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-10-17 07:06 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2006-05-16 17:04 2879488 ----a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
    2005-11-17 08:51 975360 ----a-w- c:\apps\SMP\SMPSYS.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
    2004-01-26 11:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-06-03 02:52 36975 ----a-w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-10-24 20:08 4615552 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-21 20:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
    2007-10-12 08:33 202016 ----a-w- c:\program files\TalkTalk\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
    2006-02-16 16:46 295936 ----a-w- c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2011-06-16 06:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "tgsrvc_TalkTalk"=2 (0x2)
    "RapportMgmtService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "ehSched"=2 (0x2)
    "ehRecvr"=2 (0x2)
    "BITS"=3 (0x3)
    "avgwd"=2 (0x2)
    "AVGIDSAgent"=2 (0x2)
    "AVG Security Toolbar Service"=3 (0x3)
    "ASKUpgrade"=2 (0x2)
    "ASKService"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\MSPUB.EXE"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=
    "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
    "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
    "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "21:TCP"= 21:TCP:lifecam
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/11/2008 15:11 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/11/2008 15:11 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [28/07/2010 17:35 116608]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 00:33 7390560]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 04:33 269520]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [16/01/2012 21:09 909152]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 27216]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [08/02/2009 16:12 47360]
    S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\RapportBuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 11:27 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [13/10/2010 09:30 167264]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 11:27 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
    S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [30/08/2009 20:04 30560]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/11/2008 15:11 12872]
    S4 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
    .
    2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:27]
    .
    2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:27]
    .
    2012-01-29 c:\windows\Tasks\User_Feed_Synchronization-{39255F96-5183-4BDD-A7FD-EE75C427F308}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: Import Sales Record -
    IE: Print Address Label - c:\program files\AiMCo Label Printer Pro\explorer\labelprinter.dll/HTML/CONTEXT.HTML
    IE: Print Sales Records - c:\documents and settings\MLKRS\Local Settings\Application Data\LabelPrinterDLL2\labelprinter.dll/HTML/PRINT.HTML
    IE: Update Sales Records - c:\documents and settings\MLKRS\Local Settings\Application Data\LabelPrinterDLL2\labelprinter.dll/HTML/UPDATE.HTML
    IE: {{5ABDF6B0-336E-41e8-ADF2-76629F963BD8} - {EA10E704-A499-11DC-AB00-00045A7930B0} - c:\documents and settings\MLKRS\Local Settings\Application Data\labelprinterdll2\labelprinter.dll
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://benholme.dyndns.org/activex/AMC.cab
    FF - ProfilePath - c:\documents and settings\MLKRS\Application Data\Mozilla\Firefox\Profiles\uagwiaqs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61758
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    BHO-{33436869-7109-4F6D-B452-DD08A828F422} - c:\windows\system32\tuvTllIX.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Notify-iifEtQJD - iifEtQJD.dll
    Notify-qoMdcbYP - qoMdcbYP.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-29 11:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,42,16,60,43,f6,95,4d,84,b1,58,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,42,16,60,43,f6,95,4d,84,b1,58,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(860)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2884)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG10\avgchsvx.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\program files\AVG\AVG10\avgnsx.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    c:\windows\system32\dllhost.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\progra~1\AVG\AVG10\avgrsx.exe
    c:\program files\AVG\AVG10\avgcsrvx.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-29 11:11:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-29 11:11
    .
    Pre-Run: 102,010,388,480 bytes free
    Post-Run: 102,273,785,856 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - A56C01D65DF4C2EF6059EF70B7015526
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Continue as follows :-

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    
    KillAll::
    ClearJavaCache::
    File::
    c:\windows\system32\packager.exe
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "21:TCP"=-
    Firefox::FF - ProfilePath - c:\documents and settings\MLKRS\Application Data\Mozilla\Firefox\Profiles\uagwiaqs.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61758
    FF - prefs.js: network.proxy.type - 1
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,42,16,60,43,f6,95,4d,84,b1,58, \
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,42,16,60,43,f6,95,4d,84,b1,58, \
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Let me see those two logs, also give update on issues/concerns

    Kevin
     
  6. drbead

    drbead Thread Starter

    Joined:
    Jan 27, 2012
    Messages:
    8
    Hi Kevin,
    I have rebooted a few times and the bad image popup is no longer appearing.
    I have followed the instructions regarding ESET scan as best I could, as the images you have used to describe push button actions are only appearing on my PC as little red crosses. (I'm not sure if this is related to something on my PC not working correctly, or the use of bad/outdated links to these images) Anyway, I unselected the box to remove any threats - so presumably the five threats it found are still on my PC.
    All programs seem to be loading at normal speed, no other issues noticed.
    Thanks again, Maura

    ComboFix 12-01-29.01 - MLKRS 29/01/2012 11:50:06.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.364 [GMT 0:00]
    Running from: c:\documents and settings\MLKRS\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\MLKRS\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    FILE ::
    "c:\windows\system32\packager.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\MLKRS\Application Data\inst.exe
    c:\documents and settings\MLKRS\Application Data\vso_ts_preview.xml
    C:\Thumbs.db
    c:\windows\system32\ntnet.drv
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-21 18:44 . 2012-01-21 18:44 388096 ----a-r- c:\documents and settings\MLKRS\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-21 18:44 . 2012-01-21 18:44 -------- d-----w- c:\program files\Trend Micro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-25 21:57 . 2004-09-10 13:57 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-09-10 13:57 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-09-10 13:57 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-09-10 13:57 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-09-10 13:57 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-11-04 19:20 . 2004-09-10 13:57 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-09-10 13:57 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-09-10 13:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-09-10 13:57 385024 ------w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2004-09-10 13:57 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28 . 2004-09-10 13:57 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2004-09-10 13:57 1288704 ----a-w- c:\windows\system32\ole32.dll
    2010-06-09 09:24 . 2010-06-09 09:23 346825176 ----a-w- c:\program files\Installer-CityoftheDaleks.exe
    2009-03-04 16:39 . 2008-01-09 15:38 148520 -c--a-w- c:\program files\Tcpview.exe
    2009-03-04 16:39 . 2008-01-03 10:40 132136 -c--a-w- c:\program files\tcpvcon.exe
    2008-11-21 11:34 . 2008-11-21 11:34 2372472 -c--a-w- c:\program files\mbam-setup.exe
    2008-11-21 11:03 . 2008-11-21 11:02 5738016 -c--a-w- c:\program files\SUPERAntiSpyware.exe
    2007-02-18 18:05 . 2007-02-18 18:04 9453630 -c--a-w- c:\program files\vlc-0.8.6a-win32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-16 21:08 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-09 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-07 06:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^MLKRS^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\documents and settings\MLKRS\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    2003-05-02 10:31 24576 ----a-w- c:\apps\ABOARD\ABOARD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
    2011-01-25 09:13 2312048 ----a-w- c:\program files\ARO 2011\ARO.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
    2011-09-10 05:28 2338656 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
    2005-10-20 05:15 102400 ----a-w- c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-10 13:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-01-15 03:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2009-03-17 13:24 157552 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
    2009-11-06 16:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2006-04-27 23:47 7573504 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2006-04-27 23:47 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-04-27 23:47 1519616 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-01-10 15:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-10-17 07:06 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2006-05-16 17:04 2879488 ----a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
    2005-11-17 08:51 975360 ----a-w- c:\apps\SMP\SMPSYS.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
    2004-01-26 11:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-06-03 02:52 36975 ----a-w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-10-24 20:08 4615552 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-21 20:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
    2007-10-12 08:33 202016 ----a-w- c:\program files\TalkTalk\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
    2006-02-16 16:46 295936 ----a-w- c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2011-06-16 06:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "tgsrvc_TalkTalk"=2 (0x2)
    "RapportMgmtService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "ehSched"=2 (0x2)
    "ehRecvr"=2 (0x2)
    "BITS"=3 (0x3)
    "avgwd"=2 (0x2)
    "AVGIDSAgent"=2 (0x2)
    "AVG Security Toolbar Service"=3 (0x3)
    "ASKUpgrade"=2 (0x2)
    "ASKService"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\MSPUB.EXE"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=
    "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
    "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
    "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "21:TCP"= 21:TCP:lifecam
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/11/2008 15:11 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/11/2008 15:11 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [28/07/2010 17:35 116608]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 00:33 7390560]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 04:33 269520]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [16/01/2012 21:09 909152]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 27216]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [08/02/2009 16:12 47360]
    S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\RapportBuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 11:27 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [13/10/2010 09:30 167264]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 11:27 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
    S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [30/08/2009 20:04 30560]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/11/2008 15:11 12872]
    S4 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
    .
    2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:27]
    .
    2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:27]
    .
    2012-01-29 c:\windows\Tasks\User_Feed_Synchronization-{39255F96-5183-4BDD-A7FD-EE75C427F308}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: Import Sales Record -
    IE: Print Address Label - c:\program files\AiMCo Label Printer Pro\explorer\labelprinter.dll/HTML/CONTEXT.HTML
    IE: Print Sales Records - c:\documents and settings\MLKRS\Local Settings\Application Data\LabelPrinterDLL2\labelprinter.dll/HTML/PRINT.HTML
    IE: Update Sales Records - c:\documents and settings\MLKRS\Local Settings\Application Data\LabelPrinterDLL2\labelprinter.dll/HTML/UPDATE.HTML
    IE: {{5ABDF6B0-336E-41e8-ADF2-76629F963BD8} - {EA10E704-A499-11DC-AB00-00045A7930B0} - c:\documents and settings\MLKRS\Local Settings\Application Data\labelprinterdll2\labelprinter.dll
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://benholme.dyndns.org/activex/AMC.cab
    FF - ProfilePath - c:\documents and settings\MLKRS\Application Data\Mozilla\Firefox\Profiles\uagwiaqs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61758
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-29 12:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(864)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1724)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG10\avgchsvx.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\AVG\AVG10\avgnsx.exe
    c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\windows\system32\dllhost.exe
    c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\progra~1\AVG\AVG10\avgrsx.exe
    c:\program files\AVG\AVG10\avgcsrvx.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-29 12:19:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-29 12:19
    ComboFix2.txt 2012-01-29 11:11
    .
    Pre-Run: 102,284,951,552 bytes free
    Post-Run: 102,274,490,368 bytes free
    .
    - - End Of File - - D58EFFBCF25E9A8135F4F204ECC5CC55


    C:\Documents and Settings\MLKRS\Desktop\SDFix.exe Win32/PrcView application
    C:\Qoobox\Quarantine\C\WINDOWS\system32\XIllTvut.ini.vir Win32/Adware.Virtumonde.NEO application
    C:\Qoobox\Quarantine\C\WINDOWS\system32\XIllTvut.ini2.vir Win32/Adware.Virtumonde.NEO application
    C:\SDFix\apps\Process.exe Win32/PrcView application
    C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP1647\A0140715.ini Win32/Adware.Virtumonde.NEO application
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    mmm Never had issues with ESET before, use that scanner on every log I work at some point. OK at least you got it to produce a log. Entries are contained, can be dealt with whwn we clean up..

    Do this please:

    Please visit Virustotal
    • Click the Browse... button
    • Navigate to the file c:\windows\system32\packager.exe
    • Click the Open button
    • Click the Send button
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.

    Let me see those results...

    Kevin
     
  8. drbead

    drbead Thread Starter

    Joined:
    Jan 27, 2012
    Messages:
    8
    Hi Kevin,
    I can see all your little button images now! Must have been a blip at my end! Never Mind.
    Here's the virustotal results

    SHA256:726939e930d91e1a32764d726fb16a87a6965a6e959e4095513fb388556ad2f9SHA1:8dad838f09d201012d87801b6efe263449346a56MD5:32b99ef8d05c70898e93a65a89b621e3File size:59.0 KB ( 60416 bytes ) File name:C:\WINDOWS\system32\packager.exeFile type:Win32 EXEDetection ratio:0 / 42Analysis date:2012-01-29 15:26:24 UTC ( 0 minutes ago )
    [​IMG]
    0


    0






    AntivirusResultUpdateAhnLab-V3-20120129AntiVir-20120127Antiy-AVL-20120129Avast-20120129AVG-20120129BitDefender-20120129ByteHero-20120126CAT-QuickHeal-20120127ClamAV-20120129Commtouch-20120128Comodo-20120128DrWeb-20120129Emsisoft-20120129eSafe-20120126eTrust-Vet-20120127F-Prot-20120128F-Secure-20120129Fortinet-20120129GData-20120129Ikarus-20120129Jiangmin-20120129K7AntiVirus-20120127Kaspersky-20120129McAfee-20120129McAfee-GW-Edition-20120129Microsoft-20120129NOD32-20120129Norman-20120129nProtect-20120129Panda-20120129PCTools-20120129Rising-20120118Sophos-20120129SUPERAntiSpyware-20120128Symantec-20120129TheHacker-20120127TrendMicro-20120129TrendMicro-HouseCall-20120129VBA32-20120126VIPRE-20120129ViRobot-20120129VirusBuster-20120128

    No comments
     
  9. drbead

    drbead Thread Starter

    Joined:
    Jan 27, 2012
    Messages:
    8
    Oh dear the formatting has disappeared. Essentially I think it didn't find anything wrong with this file.
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Thats OK, how is your system responding, any issues?

    Run the following :-

    Step 1

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      ipconfig /flushdns /c
      :Commands
      [EmptyTemp]
       
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Step 2

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Let me see those two logs, also give update on any remaining issues or concerns...

    Kevin
     
  11. drbead

    drbead Thread Starter

    Joined:
    Jan 27, 2012
    Messages:
    8
    Hi Kevin,
    Sorry for delayed reply, I haven't been on the PC since Sunday cos I've been so busy!
    It's running great now, I've run those 2 pieces of software.
    OTM made me reboot, heres the logfile;

    All processes killed
    Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 456 bytes

    User: MLKRS
    ->Temp folder emptied: 5600693 bytes
    ->Temporary Internet Files folder emptied: 39659185 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 4068904 bytes
    ->Flash cache emptied: 9289 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 149799 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 176692 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 48.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 02012012_211847
    Files moved on Reboot...
    Registry entries deleted on Reboot...


    And I've just run security check, but I should say that previously I was using AVG free version, but I had to uninstall it to run the system scans that you wanted. I was planning on reinstalling it ASAP - is that a good idea? What would you recommend?
    Heres the security check logfile;
    Results of screen317's Security Check version 0.99.30
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG PC Tuneup 2011
    ESET Online Scanner v3
    McAfee Security Scan Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TuneUp Companion 1.5.5
    AVG PC Tuneup 2011
    CCleaner
    Adobe Flash Player 9.0.124.0 Flash Player out of Date!
    Mozilla Firefox (3.0.1) Firefox out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````


    Thanks so much again, you're a truly helpful fellow! x
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    You need to install an AV program ASAP, if you prefer AVG then reinstall it. If you want my recommendation, then that has to be Microsoft Security Essentials:

    To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go Here and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

    Go Here for information that will show you how to install and use MSE.

    Once you have a preferred AV program installed. updated and running do this :-

    Step 1

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.
    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Step 2

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

    Step 3

    We need to remove ESET Online Scanner.

    • Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER.
    • Click to select ESET Online Scanner from the application list, and then click Remove. Only re-boot if prompted

    Step 4

    Your Adobe Flash Player is out of date. Older versions are vulnerable to attack and exploitation
    Please go to the link below to update.
    Adobe Flash Player Untick the Free McAfee® Security Scan Plus (optional) Not required.

    You also need to update Firefox, your current version is way out of date, get the latest version Here

    Tell me if those steps complete OK, also if any remaining issues or concerns...

    Kevin
     
  13. drbead

    drbead Thread Starter

    Joined:
    Jan 27, 2012
    Messages:
    8
    Hi Kevin,
    I've downloaded, installed, updated and set up MSE - thank you - it didn't find any issues.
    I've also followed all the other steps you've outlined. I didn't update Firefox, just uninstalled it, as I never use it.
    The PC is working fab now, no issues or concerns, thank you so much for all your help.
    Maura x
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Thanks for the update Maura, that is excellent news. If you have no remaining issues here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan* button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    When you are OK to close out hit the “Mark Solved” tab at the top of the thread,

    Take care,

    Kevin :)
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1038402