1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Total XP Security

Discussion in 'Virus & Other Malware Removal' started by townendexile, Apr 21, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. townendexile

    townendexile Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    27
    Hi, Total XP Security.....

    This lovely little gem keeps attacking my system with constant messages of security issues. I know Total XP security is fake, but can't get rid of it. Please help!!! It also blocked my internet access for a bit unitl Spybot managed to relieve the pain!!

    Dell optiplex 280
    XP
    1gig Ram
    2.53 Htz Celeron Processor

    and here is my HJT log.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:07:12, on 21/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Documents and Settings\User\Local Settings\Application Data\ave.exe
    C:\Documents and Settings\User\Local Settings\Application Data\ave.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Documents and Settings\User\Local Settings\Application Data\ave.exe
    C:\Documents and Settings\User\Local Settings\Application Data\ave.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\User\Local Settings\Application Data\ave.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe bnis.mxo yfklng
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240077097290
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

    --
    End of file - 12466 bytes

    Many many thanks,

    Paul.
     
  2. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Hello and welcome to Tech Support Guy.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

    Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log
     
  3. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    townendexile? Do you still need help?
     
  4. townendexile

    townendexile Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    27
    Hi and sorry for the delay in replying. Yes please I would love to have help still!!

    Here is my fresh HJT log.

    I am afraid though I had to do something quickly because things got out of hand. My PC now seems ok for a few days and then everything returns and I get loads of messages about total XP security etc.

    Below is the HJT log, I had just done a malware bytes anti-malware search and a spybot search and destroy scan before logging on here.

    Thanks again for your help

    Paul.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:22:12, on 15/05/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Analog Devices\Core\smax4pnp .exe
    C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\AVG\AVG9\avgtray .exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
    C:\Program Files\iTunes\iTunesHelper .exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Sbuu] C:\DOCUME~1\User\LOCALS~1\Temp\Sbuu.exe
    O4 - HKLM\..\Run: [StudioStudio] c:\program files\microsoft office\office12\addins\visualtools.exe
    O4 - HKLM\..\Run: [QuickTimeQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimempeg.resources\nb.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\Run: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeeffects.resources\nb.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\RunServices: [Sbuu] C:\DOCUME~1\User\LOCALS~1\Temp\Sbuu.exe
    O4 - HKLM\..\RunServices: [iTunesMiniPlayerLocalizediTunes] c:\program files\itunes\itunesminiplayer.resources\zh_cn.lproj\itunesminiplayerlocalizeditunes.exe
    O4 - HKLM\..\RunServices: [WindowsContactsSyncYSFileShim813980] c:\program files\common files\apple\mobile device support\bin\windowsmailsynclibtidy.exe
    O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeeffects.resources\de.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\RunServices: [QuickTimeQuickTimeResources] C:\program files\quicktime\qtsystem\quicktimeeffects.resources\de.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTime7.6] c:\program files\quicktime\qtsystem\quicktimempeg.resources\nb.lproj\quicktimequicktimeresources.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [utwpssrq] C:\Documents and Settings\NetworkService\Local Settings\Application Data\shwwawlcw\scffdprtssd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [utwpssrq] C:\Documents and Settings\NetworkService\Local Settings\Application Data\shwwawlcw\scffdprtssd.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240077097290
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

    --
    End of file - 13281 bytes
     
  5. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    If you still have the MalwareBytes' Anti-Malware Log that you got before logging on to Tech Support Guy, please post it in your next post/reply.


    Step # 1: Disable Teatimer

    Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

    This is a two step process.
    First step:
    • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
    • If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
    • If you have Version 1.4, Click on Exit Spybot S&D Resident

    Second step, For Either Version :
    • Open Spybot S&D
    • Click Mode, choose Advanced Mode
    • Go To the bottom of the Vertical Panel on the Left, Click Tools
    • then, also in left panel, click Resident shows a red/white shield.
    • If your firewall raises a question, say OK
    • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
    • OK any prompts.
    • Use File, Exit to terminate Spybot
    • Reboot your machine for the changes to take effect.


    Step # 2 Download and run DDS

    Download DDS and save it to your desktop from here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.


    Step # 3: Download and Run Gmer

    Please download gmer.zip from Gmer and save it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.


    In your next post/reply, I need to see the following:

    1. The MalwareBytes' Log
    2. The two DDS Logs (DDS and Attach.txt)
    3. The GMER Log

    Use multiple posts if you can't fit everything into one post.
     
  6. townendexile

    townendexile Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    27
    Hi and thanks,

    Please find below the logs you asked for. I think this is the malware log you asked for. At the end I have attached another one that I ran just before posting here as I thought I had lost the other one! Also my PC froze when trying to save the GMER log, so I had to restart and create another. Hope this is ok

    Many many thanks for your help so far!!

    Paul.

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 4024

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    15/05/2010 09:32:48
    mbam-log-2010-05-15 (09-32-48).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 186892
    Time elapsed: 1 hour(s), 0 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    DDS LOG



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 12:26:05.76 on 16/05/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.518 [GMT 1:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\User\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [Sbuu] c:\docume~1\user\locals~1\temp\Sbuu.exe
    mRun: [StudioStudio] c:\program files\microsoft office\office12\addins\visualtools.exe
    mRun: [QuickTimeQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimempeg.resources\nb.lproj\quicktimequicktimeresources.exe
    mRun: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeeffects.resources\nb.lproj\quicktimequicktimeresources.exe
    mRunServices: [Sbuu] c:\docume~1\user\locals~1\temp\Sbuu.exe
    mRunServices: [iTunesMiniPlayerLocalizediTunes] c:\program files\itunes\itunesminiplayer.resources\zh_cn.lproj\itunesminiplayerlocalizeditunes.exe
    mRunServices: [WindowsContactsSyncYSFileShim813980] c:\program files\common files\apple\mobile device support\bin\windowsmailsynclibtidy.exe
    mRunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeeffects.resources\de.lproj\quicktimequicktimeresources.exe
    mRunServices: [QuickTimeQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeeffects.resources\de.lproj\quicktimequicktimeresources.exe
    mRunServices: [QuickTimeResourcesQuickTime7.6] c:\program files\quicktime\qtsystem\quicktimempeg.resources\nb.lproj\quicktimequicktimeresources.exe
    dRun: [utwpssrq] c:\documents and settings\networkservice\local settings\application data\shwwawlcw\scffdprtssd.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240077097290
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\809looit.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - component: c:\program files\mozilla firefox\extensions\{3156dbc1-6810-ffe2-f58a-d37e9cbf7201}\components\713d32c0.dll
    FF - plugin: c:\program files\download manager\npfpdlm.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{3156dbc1-6810-ffe2-f58a-d37e9cbf7201}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-12-6 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-6 52872]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-18 216200]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-18 29512]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-18 242896]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-17 916760]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-3-17 2325816]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-19 55152]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-4-17 2749736]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-12-6 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-12-6 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-12-6 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-12-6 26120]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-4-17 15656]
    S1 ethzzzld;ethzzzld;c:\windows\system32\drivers\ethzzzld.sys [2010-4-12 140288]
    S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-17 5888008]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-3 135664]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-12-6 30104]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]

    ============== File Associations ===============

    .txt=

    =============== Created Last 30 ================

    2010-05-13 20:55:25 52865 ----a-w- C:\debug
    2010-05-13 20:52:54 69122 ----a-w- c:\docume~1\alluse~1\applic~1\KQ2aQBE4.exe
    2010-05-13 19:35:24 112 ----a-w- c:\docume~1\alluse~1\applic~1\Hh15o80.dat
    2010-05-09 12:43:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-04 15:44:23 96704 ----a-w- c:\windows\system32\913d6722.exe
    2010-05-04 15:44:10 50994 ----a-w- c:\windows\system32\wwvlqgldner.exe
    2010-04-29 17:07:30 0 d-----w- c:\program files\Microsoft Digital Image 10
    2010-04-28 16:45:30 7 ----a-w- c:\windows\INI2=No
    2010-04-28 16:45:30 7 ----a-w- c:\windows\INI1=No
    2010-04-28 16:45:20 0 d-----w- c:\program files\Monitor Calibration Wizard
    2010-04-21 16:19:12 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
    2010-04-21 16:18:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-21 16:18:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-21 16:18:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-04-21 16:18:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 15:21:34 0 d-----w- c:\windows\pss
    2010-04-17 23:34:05 0 d-----w- c:\program files\Trend Micro
    2010-04-17 20:01:20 0 d-----w- c:\docume~1\user\applic~1\WTablet
    2010-04-17 20:01:14 4222760 ----a-w- c:\windows\system32\PenTablet.cpl
    2010-04-17 20:01:14 1421964 ----a-w- c:\windows\system32\PenTablet.znc
    2010-04-17 20:01:04 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
    2010-04-17 20:00:44 13352 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2010-04-17 20:00:44 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2010-04-17 20:00:30 15656 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2010-04-17 20:00:29 0 d-----w- c:\windows\system32\WTablet
    2010-04-17 20:00:27 172840 ----a-w- c:\windows\system32\Wintab32.dll
    2010-04-17 20:00:26 2749736 ----a-w- c:\windows\system32\Pen_Tablet.exe
    2010-04-17 20:00:26 186152 ----a-w- c:\windows\system32\Pen_Tablet.dll
    2010-04-17 20:00:24 0 d-----w- c:\program files\Tablet
    2010-04-17 09:58:11 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
    2010-04-17 09:57:00 24 ----a-w- c:\windows\popcinfot.dat
    2010-04-17 09:57:00 0 d-----w- c:\program files\PopCap Games
    2010-04-17 09:57:00 0 ----a-w- c:\windows\popcreg.dat

    ==================== Find3M ====================

    2010-05-15 10:57:36 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-04-21 08:14:26 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-12 08:57:31 140288 ----a-w- c:\windows\system32\drivers\ethzzzld.sys
    2010-03-18 17:44:18 286720 ----a-w- c:\windows\iun505.exe
    2010-03-17 09:17:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

    ============= FINISH: 12:27:37.14 ===============


    ATTACH LOG


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 05/04/2009 22:04:09
    System Uptime: 16/05/2010 12:22:03 (0 hours ago)

    Motherboard: Dell Inc. | | 0G8310
    Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 15.734 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP90: 02/04/2010 09:38:53 - Avg Update
    RP91: 04/04/2010 22:52:11 - System Checkpoint
    RP92: 11/04/2010 13:54:00 - Avg Update
    RP93: 11/04/2010 20:55:28 - Installed Adobe Photoshop CS2
    RP94: 11/04/2010 22:01:14 - Printer Driver Adobe PDF Converter Installed
    RP95: 12/04/2010 22:04:23 - System Checkpoint
    RP96: 13/04/2010 23:01:56 - Removed Adobe Photoshop CS2
    RP97: 14/04/2010 22:29:38 - Software Distribution Service 3.0
    RP98: 16/04/2010 23:49:21 - System Checkpoint
    RP99: 19/04/2010 18:41:35 - System Checkpoint
    RP100: 20/04/2010 19:21:13 - System Checkpoint
    RP101: 21/04/2010 17:14:30 - Avg Update
    RP102: 22/04/2010 20:56:58 - System Checkpoint
    RP103: 24/04/2010 17:47:50 - System Checkpoint
    RP104: 25/04/2010 23:08:51 - System Checkpoint
    RP105: 27/04/2010 20:39:36 - System Checkpoint
    RP106: 28/04/2010 21:24:52 - System Checkpoint
    RP107: 29/04/2010 18:07:01 - Installed Microsoft Digital Image Pro 10
    RP108: 29/04/2010 18:10:58 - Installed Microsoft Digital Image Library 10
    RP109: 01/05/2010 01:18:17 - System Checkpoint
    RP110: 02/05/2010 13:03:47 - System Checkpoint
    RP111: 03/05/2010 19:56:14 - System Checkpoint
    RP112: 04/05/2010 22:18:13 - System Checkpoint
    RP113: 05/05/2010 23:00:48 - System Checkpoint
    RP114: 06/05/2010 23:46:17 - System Checkpoint
    RP115: 08/05/2010 16:25:15 - Avg Update
    RP116: 09/05/2010 16:51:15 - System Checkpoint
    RP117: 10/05/2010 20:28:01 - System Checkpoint
    RP118: 11/05/2010 20:42:22 - System Checkpoint
    RP119: 14/05/2010 20:43:31 - System Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    Add or Remove Adobe Creative Suite 3 Design Premium
    Adobe Acrobat 8 Professional
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Recommended Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Extra Settings
    Adobe Creative Suite 3 Design Premium
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.1
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 9.0
    Bejeweled Blitz
    Bonjour
    Broadcom Gigabit Integrated Controller
    CCleaner
    Choice Guard
    Contextual Tool Profitmuse
    Critical Update for Windows Media Player 11 (KB959772)
    Download Manager 2.3.10
    EPSON Printer Software
    Football Manager 2010
    Fotobook Editor 4.9
    Google Toolbar for Internet Explorer
    Google Update Helper
    Guitar-Online Tools - Metronome, version 2.1
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections 15.1.29.0
    iTunes
    Java(TM) 6 Update 16
    Java(TM) 6 Update 17
    Java(TM) 6 Update 7
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 10
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Pro 10
    Microsoft Digital Image Suite 10
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Monitor Calibration Wizard 1.0
    Mozilla Firefox (3.6.3)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    neroxml
    OGA Notifier 2.0.0048.0
    PC Drummer Trial Edition 5.11
    PDF Settings
    Pen Tablet
    Performance Maximizer Profitizeme
    Photo Gadget
    PowerDVD
    QuickTime
    RealPlayer
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Segoe UI
    SoundMAX
    Spybot - Search & Destroy
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb981433)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VERITAS RecordNow DX
    VERITAS RecordNow DX Update Manager
    VRDrumMIDI
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    16/05/2010 00:06:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
    15/05/2010 23:06:00, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
    15/05/2010 22:06:00, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
    15/05/2010 21:06:00, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
    15/05/2010 20:06:00, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
    15/05/2010 19:06:00, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
    15/05/2010 18:06:00, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
    15/05/2010 17:06:00, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
    15/05/2010 16:06:00, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
    15/05/2010 15:06:00, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
    15/05/2010 14:06:00, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
    15/05/2010 13:06:00, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
    15/05/2010 12:06:00, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
    15/05/2010 11:06:00, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
    15/05/2010 10:06:00, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
    15/05/2010 02:40:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    13/05/2010 07:36:13, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    10/05/2010 17:40:04, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
    10/05/2010 17:37:53, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    10/05/2010 17:37:53, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    09/05/2010 13:43:48, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    ==== End Of File ===========================

    GMER FILE

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-05-16 13:37:44
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kxtdapow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \Driver\Tcpip \Device\Ip 85B6FEF9

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\Tcp 85B6FEF9

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Udp 85B6FEF9

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Driver\Tcpip \Device\RawIp 85B6FEF9

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device -> \Driver\atapi \Device\Harddisk0\DR0 85FDAAC8

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:1100] 85B71ADD
    Thread System [4:1104] 85B71ADD
    Thread System [4:1108] 85B71ADD
    Thread System [4:1112] 85B71ADD
    Thread System [4:1120] 85B71ADD
    Thread System [4:812] 85B71ADD
    Thread System [4:816] 85B71ADD
    Thread System [4:820] 85B71ADD
    Thread System [4:824] 85B71ADD
    Thread System [4:828] 85B71ADD
    Thread System [4:832] 85B71ADD
    Thread System [4:836] 85B71ADD
    Thread System [4:840] 85B71ADD
    Thread System [4:844] 85B71ADD
    Thread System [4:848] 85B71ADD
    Thread System [4:852] 85B71ADD
    Thread System [4:856] 85B71ADD
    Thread System [4:860] 85B71ADD
    Thread System [4:864] 85B71ADD
    Thread System [4:868] 85B71ADD
    Thread System [4:872] 85B71ADD
    Thread System [4:876] 85B71ADD
    Thread System [4:880] 85B71ADD
    Thread System [4:884] 85B71ADD
    Thread System [4:888] 85B71ADD
    Thread System [4:892] 85B71ADD
    Thread System [4:896] 85B71ADD
    Thread System [4:900] 85B71ADD
    Thread System [4:904] 85B71ADD
    Thread System [4:908] 85B71ADD
    Thread System [4:912] 85B71ADD
    Thread System [4:916] 85B71ADD
    Thread System [4:920] 85B71ADD
    Thread System [4:924] 85B71ADD
    Thread System [4:928] 85B71ADD
    Thread System [4:932] 85B71ADD
    Thread System [4:936] 85B71ADD
    Thread System [4:940] 85B71ADD
    Thread System [4:944] 85B71ADD
    Thread System [4:948] 85B71ADD
    Thread System [4:952] 85B71ADD
    Thread System [4:956] 85B71ADD
    Thread System [4:960] 85B71ADD
    Thread System [4:964] 85B71ADD
    Thread System [4:968] 85B71ADD
    Thread System [4:972] 85B71ADD
    Thread System [4:976] 85B71ADD
    Thread System [4:980] 85B71ADD
    Thread System [4:984] 85B71ADD
    Thread System [4:988] 85B71ADD
    Thread System [4:992] 85B71ADD
    Thread System [4:996] 85B71ADD
    Thread System [4:1000] 85B71ADD
    Thread System [4:1004] 85B71ADD
    Thread System [4:1008] 85B71ADD
    Thread System [4:1012] 85B71ADD
    Thread System [4:1016] 85B71ADD
    Thread System [4:1020] 85B71ADD
    Thread System [4:1032] 85B71ADD
    Thread System [4:1036] 85B71ADD
    Thread System [4:1040] 85B71ADD
    Thread System [4:1044] 85B71ADD
    Thread System [4:1048] 85B71ADD
    Thread System [4:1052] 85B71ADD
    Thread System [4:1056] 85B71ADD
    Thread System [4:1060] 85B71ADD
    Thread System [4:1064] 85B71ADD
    Thread System [4:1068] 85B71ADD
    Thread System [4:1072] 85B71ADD
    Thread System [4:1076] 85B71ADD
    Thread System [4:1080] 85B71ADD
    Thread System [4:500] 85B71ADD
    Thread System [4:188] 85B71ADD
    Thread System [4:1124] 85B71ADD

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----



    MALWARE LOG just done.....



    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 4024

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    16/05/2010 15:11:41
    mbam-log-2010-05-16 (15-11-41).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
    Objects scanned: 188717
    Time elapsed: 1 hour(s), 16 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  7. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1 Download and Run CKScanner.exe

    Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
    Important - Save it to your desktop.
    Doubleclick CKScanner.exe and click Search For Files.
    After a very short time, when the cursor hourglass disappears, click Save List To File.
    A message box will verify the file saved.
    Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
     
  8. townendexile

    townendexile Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    27
    Hi,

    attached is the file below.

    I downloaded this and this coincides when all things went wrong. I didn't actually need this, but I was having trouble with registering Adobe, but this file as I'm sure you know makes a false authentication number. I believe my copy is genuine though.

    Many thanks!

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\user\my documents\downloads\adobe_photoshop_cs_keygen.zip
    scanner sequence 3.AP.11
    ----- EOF -----
     
  9. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Delete the following file off of your computer, if found:

    c:\documents and settings\user\my documents\downloads\adobe_photoshop_cs_keygen.zip

    Do you remember where you got Adobe Photoshop from? If its not a genuine version, you need to uninstall it immediately as its a malicious piece of sofware that can infect/reinfect your computer if/when you use it.
     
  10. townendexile

    townendexile Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    27
    Uninstalling now!! Many thanks!

    Is that it all sorted out then?
     
  11. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Not just yet, we still got some more work to do. :)


    Step # 1: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    *Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
     
  12. townendexile

    townendexile Thread Starter

    Joined:
    Nov 19, 2004
    Messages:
    27
    Apologies for the long delay. So busy at work. Continuing many thanks for your help.

    Attached below is the logfile for your perusal!



    ComboFix 10-05-26.04 - User 27/05/2010 18:12:36.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.590 [GMT 1:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users.\documents\settings

    Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-04-27 to 2010-05-27 )))))))))))))))))))))))))))))))
    .

    2010-05-14 23:27 . 2010-05-16 09:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\shwwawlcw
    2010-05-09 12:43 . 2010-05-09 12:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-05 08:10 . 2010-05-05 09:53 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\gsfeubhfd
    2010-05-04 15:44 . 2010-05-04 15:44 96704 ----a-w- c:\windows\system32\913d6722.exe
    2010-05-04 15:44 . 2010-05-04 15:44 50994 ----a-w- c:\windows\system32\wwvlqgldner.exe
    2010-04-29 17:07 . 2010-04-29 17:11 -------- d-----w- c:\program files\Microsoft Digital Image 10
    2010-04-28 16:45 . 2010-04-28 16:56 -------- d-----w- c:\program files\Monitor Calibration Wizard

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-27 17:12 . 2010-04-17 20:01 -------- d-----w- c:\documents and settings\User\Application Data\WTablet
    2010-05-27 17:11 . 2010-04-18 19:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
    2010-05-27 08:37 . 2009-04-18 18:30 -------- d-----w- c:\program files\Common Files\Adobe
    2010-05-16 15:36 . 2010-04-12 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-15 11:31 . 2009-04-24 18:11 -------- d-----w- c:\program files\QuickTime
    2010-05-15 10:57 . 2004-08-04 10:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-05-15 09:42 . 2009-04-24 18:13 -------- d-----w- c:\program files\iTunes
    2010-05-15 07:49 . 2010-05-13 19:35 112 ----a-w- c:\documents and settings\All Users\Application Data\Hh15o80.dat
    2010-05-12 15:43 . 2010-04-12 15:41 439816 ----a-w- c:\documents and settings\User\Application Data\Real\Update\setup3.10\setup.exe
    2010-04-29 17:18 . 2009-04-18 23:34 65296 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-25 12:48 . 2010-03-03 19:46 -------- d-----w- c:\program files\CCleaner
    2010-04-24 19:54 . 2009-12-06 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-21 16:19 . 2010-04-21 16:19 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2010-04-21 16:19 . 2010-04-21 16:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 16:18 . 2010-04-21 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-21 15:16 . 2010-04-21 15:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2010-04-21 08:14 . 2009-04-18 17:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-19 15:40 . 2010-04-17 09:57 24 ----a-w- c:\windows\popcinfot.dat
    2010-04-18 19:16 . 2010-04-12 22:27 -------- d-----w- c:\program files\Spyware Doctor
    2010-04-18 09:44 . 2010-04-12 22:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-17 23:34 . 2010-04-17 23:34 -------- d-----w- c:\program files\Trend Micro
    2010-04-17 20:01 . 2010-04-17 20:00 -------- d-----w- c:\program files\Tablet
    2010-04-17 09:58 . 2010-04-17 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
    2010-04-17 09:57 . 2010-04-17 09:57 -------- d-----w- c:\program files\PopCap Games
    2010-04-17 09:57 . 2010-04-17 09:57 0 ----a-w- c:\windows\popcreg.dat
    2010-04-14 21:35 . 2010-03-09 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-14 00:50 . 2010-04-14 00:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
    2010-04-12 22:43 . 2010-04-12 22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-12 08:57 . 2010-04-12 08:57 140288 ----a-w- c:\windows\system32\drivers\ethzzzld.sys
    2010-04-11 23:58 . 2010-04-11 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-04-11 19:17 . 2010-03-22 19:53 -------- d-----w- c:\documents and settings\User\Application Data\Fotobook Editor
    2010-04-01 20:24 . 2010-04-01 20:24 -------- d-----w- c:\program files\Total War
    2010-03-31 19:33 . 2010-03-31 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-03-31 19:33 . 2010-03-31 19:33 -------- d-----w- c:\documents and settings\User\Application Data\Office Genuine Advantage
    2010-03-31 19:32 . 2009-04-24 18:12 -------- d-----w- c:\program files\Bonjour
    2010-03-31 19:30 . 2009-04-24 18:10 -------- d-----w- c:\program files\Common Files\Apple
    2010-03-29 23:46 . 2010-04-21 16:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 23:45 . 2010-04-21 16:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-23 08:28 . 2010-03-23 08:28 0 ----a-w- c:\windows\nsreg.dat
    2010-03-18 17:44 . 2010-03-18 17:44 286720 ----a-w- c:\windows\iun505.exe
    2010-03-17 09:17 . 2010-03-17 09:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-17 09:17 . 2009-04-18 17:52 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-17 09:17 . 2009-12-06 15:52 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-03-17 09:17 . 2009-04-18 17:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-17 09:17 . 2009-12-06 15:52 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-04 19:06 . 2010-03-04 19:06 1 ----a-w- c:\documents and settings\User\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    .
    Code:
    <pre>
    c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
    c:\program files\Analog Devices\Core\smax4pnp .exe
    c:\program files\AVG\AVG9\avgtray .exe
    c:\program files\Common Files\Real\Update_OB\realsched .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\QuickTime\qttask     .exe
    c:\program files\VERITAS Software\Update Manager\sgtray .exe
    </pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-18 39408]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [N/A]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [N/A]
    "StudioStudio"="c:\program files\microsoft office\office12\addins\visualtools.exe" [N/A]
    "QuickTimeQuickTimeResources"="c:\program files\quicktime\qtsystem\quicktimempeg.resources\nb.lproj\quicktimequicktimeresources.exe" [N/A]
    "QuickTimeResourcesQuickTimeResources"="c:\program files\quicktime\qtsystem\quicktimeeffects.resources\nb.lproj\quicktimequicktimeresources.exe" [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-17 09:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
    c:\progra~1\AVG\AVG9\avgtray.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "wscsvc"=2 (0x2)

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [06/12/2009 16:52 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [06/12/2009 16:52 52872]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/04/2009 18:52 216200]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/04/2009 18:52 242896]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17/03/2010 10:17 916760]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 10:17 308064]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [17/03/2010 10:17 2325816]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [17/04/2010 21:00 2749736]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [06/12/2009 16:51 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [06/12/2009 16:51 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [06/12/2009 16:51 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [06/12/2009 16:51 26120]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [17/04/2010 21:00 15656]
    S1 ethzzzld;ethzzzld;c:\windows\system32\drivers\ethzzzld.sys [12/04/2010 09:57 140288]
    S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [17/03/2010 10:17 5888008]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/03/2010 19:40 135664]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [06/12/2009 16:51 30104]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 11336]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 18:40]

    2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 18:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\809looit.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - component: c:\program files\Mozilla Firefox\extensions\{3156dbc1-6810-ffe2-f58a-d37e9cbf7201}\components\713d32c0.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    .
    ------- File Associations -------
    .
    .txt=
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-27 18:18
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,6a,f5,34,ce,b3,f3,49,ba,cc,72,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,6a,f5,34,ce,b3,f3,49,ba,cc,72,\
    .
    Completion time: 2010-05-27 18:21:01
    ComboFix-quarantined-files.txt 2010-05-27 17:20

    Pre-Run: 19,298,275,328 bytes free
    Post-Run: 19,284,877,312 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - F80A2870282024F257A8DAFF0B304A57
     
  13. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Delete the following files off of your computer, if found:

    c:\program files\quicktime\qtsystem\quicktimempeg.resources\nb.lproj\quicktimequicktim eresources.exe
    c:\program files\quicktime\qtsystem\quicktimeeffects.resources\nb.lproj\quicktimequick timeresources.exe



    Step # 1: Run CFScript

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      http://forums.techguy.org/7410813-post12.html
      
      KILLALL::
      
      Driver::
      
      ethzzzld
      
      Collect::
      
      c:\windows\system32\913d6722.exe
      c:\windows\system32\wwvlqgldner.exe
      c:\windows\system32\drivers\ethzzzld.sys
      
      Folder::
      
      c:\documents and settings\NetworkService\Local Settings\Application Data\shwwawlcw
      c:\documents and settings\User\Local Settings\Application Data\gsfeubhfd
      
      RenV::
      
      c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
      c:\program files\Analog Devices\Core\smax4pnp .exe
      c:\program files\AVG\AVG9\avgtray .exe
      c:\program files\Common Files\Real\Update_OB\realsched .exe
      c:\program files\iTunes\iTunesHelper .exe
      c:\program files\QuickTime\qttask     .exe
      c:\program files\VERITAS Software\Update Manager\sgtray .exe
      
      Registry::
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTimeQuickTimeResources"=-
      "QuickTimeResourcesQuickTimeResources"=-
      
      DDS::
      
      http=127.0.0.1:5555
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




      [​IMG]


      Note: This CFScript is for use on townendexile's computer only! Do not use it on your computer.

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Please Note:

    When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. ComboFix is capturing a file/files to submit for analysis.

    Ensure you are connected to the internet and click OK on the message box.


    Please let me know if the file was successfully submitted. Thanks.


    Step # 2: Restore Proxy Settings

    In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".

    Open up Firefox, go to Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. And once in "Connection Settings" box, make sure that Direct Connection to the Internet has a mark by it then click OK.


    In your next post/reply, I need to see the following:

    1. The ComboFix Log that appears after Step 1 has been completed.
    2. A fresh DDS Log taken after Step 2 has been completed.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918323

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice