Jump to content

andrewbdean

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by andrewbdean

  1. Great, thanks again. You did a great job, and it really is appreciated.
  2. OK. So far, that seems to have done the trick. If so, I'm greatly appreciative. As to next steps, if this continues to seem fine, do I uninstall CF, reinstall AVG, re-enable DeFogger?
  3. Hm. So far, redirect does not seem to be in effect. I will keep trying -- sometimes it seems to go away for a few minutes (but fingers crossed). Log below: 2011/07/14 19:42:25.0046 7208 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/14 19:42:25.0593 7208 ================================================================================ 2011/07/14 19:42:25.0593 7208 SystemInfo: 2011/07/14 19:42:25.0593 7208 2011/07/14 19:42:25.0593 7208 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/14 19:42:25.0593 7208 Product type: Workstation 2011/07/14 19:42:25.0593 7208 ComputerName: DEAN-209F4BAA0C 2011/07/14 19:42:25.0593 7208 UserName: Andrew & Una 2011/07/14 19:42:25.0593 7208 Windows directory: C:\WINDOWS 2011/07/14 19:42:25.0593 7208 System windows directory: C:\WINDOWS 2011/07/14 19:42:25.0593 7208 Processor architecture: Intel x86 2011/07/14 19:42:25.0593 7208 Number of processors: 2 2011/07/14 19:42:25.0593 7208 Page size: 0x1000 2011/07/14 19:42:25.0593 7208 Boot type: Normal boot 2011/07/14 19:42:25.0593 7208 ================================================================================ 2011/07/14 19:42:25.0937 7208 Initialize success 2011/07/14 19:42:32.0421 7392 ================================================================================ 2011/07/14 19:42:32.0421 7392 Scan started 2011/07/14 19:42:32.0421 7392 Mode: Manual; 2011/07/14 19:42:32.0421 7392 ================================================================================ 2011/07/14 19:42:32.0671 7392 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/07/14 19:42:32.0765 7392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/14 19:42:32.0781 7392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/14 19:42:32.0843 7392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/14 19:42:32.0875 7392 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/14 19:42:33.0125 7392 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/14 19:42:33.0250 7392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/14 19:42:33.0281 7392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 2011/07/14 19:42:33.0359 7392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/14 19:42:33.0390 7392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/14 19:42:33.0406 7392 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/07/14 19:42:33.0421 7392 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys 2011/07/14 19:42:33.0468 7392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/14 19:42:33.0500 7392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/14 19:42:33.0531 7392 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/07/14 19:42:33.0609 7392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/14 19:42:33.0687 7392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/14 19:42:33.0718 7392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/14 19:42:33.0750 7392 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 2011/07/14 19:42:34.0000 7392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/14 19:42:34.0062 7392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/14 19:42:34.0109 7392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/14 19:42:34.0125 7392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/14 19:42:34.0156 7392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/14 19:42:34.0187 7392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/14 19:42:34.0218 7392 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/07/14 19:42:34.0312 7392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/14 19:42:34.0328 7392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/07/14 19:42:34.0359 7392 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 2011/07/14 19:42:34.0390 7392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/14 19:42:34.0421 7392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/07/14 19:42:34.0453 7392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/14 19:42:34.0484 7392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/14 19:42:34.0515 7392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/14 19:42:34.0562 7392 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/07/14 19:42:34.0609 7392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/14 19:42:34.0687 7392 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/14 19:42:34.0734 7392 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/14 19:42:34.0843 7392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/14 19:42:34.0953 7392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 2011/07/14 19:42:35.0000 7392 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/07/14 19:42:35.0046 7392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/14 19:42:35.0109 7392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/14 19:42:35.0156 7392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/14 19:42:35.0218 7392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/14 19:42:35.0250 7392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/14 19:42:35.0281 7392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/14 19:42:35.0296 7392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/14 19:42:35.0359 7392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/14 19:42:35.0406 7392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/14 19:42:35.0453 7392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/14 19:42:35.0468 7392 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/07/14 19:42:35.0546 7392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/14 19:42:35.0578 7392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/14 19:42:35.0687 7392 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 2011/07/14 19:42:35.0781 7392 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 2011/07/14 19:42:35.0843 7392 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 2011/07/14 19:42:35.0890 7392 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 2011/07/14 19:42:35.0937 7392 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys 2011/07/14 19:42:36.0093 7392 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 2011/07/14 19:42:36.0156 7392 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys 2011/07/14 19:42:36.0218 7392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/14 19:42:36.0265 7392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/14 19:42:36.0312 7392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/14 19:42:36.0328 7392 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/14 19:42:36.0343 7392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/14 19:42:36.0390 7392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/14 19:42:36.0406 7392 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/14 19:42:36.0468 7392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/14 19:42:36.0515 7392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/14 19:42:36.0562 7392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/14 19:42:36.0640 7392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/14 19:42:36.0656 7392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/14 19:42:36.0703 7392 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys 2011/07/14 19:42:36.0734 7392 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/07/14 19:42:36.0765 7392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/14 19:42:36.0796 7392 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/07/14 19:42:36.0843 7392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/14 19:42:36.0875 7392 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/07/14 19:42:36.0906 7392 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/14 19:42:36.0937 7392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/14 19:42:36.0953 7392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/14 19:42:37.0000 7392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/14 19:42:37.0046 7392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/14 19:42:37.0078 7392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/14 19:42:37.0140 7392 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/14 19:42:37.0171 7392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/14 19:42:37.0203 7392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/14 19:42:37.0250 7392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/14 19:42:37.0375 7392 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/07/14 19:42:37.0515 7392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/14 19:42:37.0578 7392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/14 19:42:37.0609 7392 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/14 19:42:37.0640 7392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/07/14 19:42:37.0656 7392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/14 19:42:37.0687 7392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/14 19:42:37.0750 7392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/14 19:42:37.0828 7392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/14 19:42:38.0046 7392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/14 19:42:38.0078 7392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/14 19:42:38.0125 7392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/14 19:42:38.0281 7392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/14 19:42:38.0328 7392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/14 19:42:38.0375 7392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/14 19:42:38.0406 7392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/14 19:42:38.0453 7392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/14 19:42:38.0484 7392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/14 19:42:38.0531 7392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/14 19:42:38.0593 7392 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/14 19:42:38.0640 7392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/14 19:42:38.0687 7392 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/07/14 19:42:38.0734 7392 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 2011/07/14 19:42:38.0796 7392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/14 19:42:38.0843 7392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/07/14 19:42:38.0890 7392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/07/14 19:42:38.0937 7392 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/07/14 19:42:38.0968 7392 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/07/14 19:42:39.0015 7392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/14 19:42:39.0031 7392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/14 19:42:39.0078 7392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/14 19:42:39.0125 7392 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys 2011/07/14 19:42:39.0156 7392 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/07/14 19:42:39.0187 7392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/14 19:42:39.0218 7392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/14 19:42:39.0390 7392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/14 19:42:39.0437 7392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/14 19:42:39.0500 7392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/14 19:42:39.0562 7392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/14 19:42:39.0578 7392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/14 19:42:39.0671 7392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/14 19:42:39.0750 7392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/14 19:42:39.0812 7392 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/07/14 19:42:39.0859 7392 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/07/14 19:42:39.0906 7392 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 2011/07/14 19:42:39.0953 7392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/14 19:42:40.0000 7392 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 2011/07/14 19:42:40.0031 7392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/14 19:42:40.0062 7392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/14 19:42:40.0125 7392 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 2011/07/14 19:42:40.0140 7392 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/14 19:42:40.0187 7392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/14 19:42:40.0203 7392 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/14 19:42:40.0234 7392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/07/14 19:42:40.0265 7392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/14 19:42:40.0343 7392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/14 19:42:40.0390 7392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/14 19:42:40.0468 7392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/14 19:42:40.0546 7392 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/07/14 19:42:40.0609 7392 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/07/14 19:42:40.0687 7392 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/07/14 19:42:40.0718 7392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/14 19:42:40.0750 7392 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/14 19:42:40.0781 7392 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0 2011/07/14 19:42:40.0781 7392 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/07/14 19:42:40.0781 7392 Boot (0x1200) (f6eff8c1b0745a1c76999355137861be) \Device\Harddisk0\DR0\Partition0 2011/07/14 19:42:40.0781 7392 ================================================================================ 2011/07/14 19:42:40.0781 7392 Scan finished 2011/07/14 19:42:40.0781 7392 ================================================================================ 2011/07/14 19:42:40.0796 7380 Detected object count: 1 2011/07/14 19:42:40.0796 7380 Actual detected object count: 1 2011/07/14 19:42:53.0421 7380 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/07/14 19:42:53.0421 7380 \Device\Harddisk0\DR0 - ok 2011/07/14 19:42:53.0421 7380 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/14 19:43:29.0640 7204 Deinitialize success
  4. And just fyi, redirect and rogue pop ups still persist.
  5. Upload successful, and here is the new log: ComboFix 11-07-14.05 - Andrew & Una 07/14/2011 19:13:19.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1445 [GMT -4:00] Running from: c:\documents and settings\Andrew & Una\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Andrew & Una\Desktop\CFScript.txt AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C} . file zipped: c:\windows\is-3J77F.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\BlueFlare Antivirus c:\windows\is-3J77F.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 ))))))))))))))))))))))))))))))) . . 2011-07-10 13:53 . 2011-07-10 13:53 -------- d-----w- c:\documents and settings\Andrew & Una\Local Settings\Application Data\Threat Expert 2011-07-10 13:11 . 2011-07-10 13:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-10 13:10 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-07-10 13:10 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-07-10 13:10 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-07-10 13:10 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-07-10 13:10 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-07-10 13:10 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-07-10 13:10 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-07-10 13:10 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-07-09 22:53 . 2011-07-11 00:14 -------- d-----w- c:\program files\PC Tools Security 2011-07-09 22:53 . 2011-07-11 00:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-07-09 22:51 . 2011-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-07-06 00:19 . 2011-07-06 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-07-06 00:19 . 2011-07-06 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-06-30 00:23 . 2011-06-30 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-06-29 23:35 . 2011-06-29 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-06-29 23:34 . 2011-06-29 23:34 354 ----a-w- C:\fix.reg 2011-06-29 23:02 . 2011-06-29 23:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-06-29 23:02 . 2011-06-29 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-06-29 09:24 . 2011-06-29 09:24 179 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat 2011-06-29 09:24 . 2011-06-29 09:24 177 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33436921.bat 2011-06-29 09:23 . 2011-06-29 09:23 139 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33415171.bat 2011-06-29 09:23 . 2011-06-29 09:23 205 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33394218.bat 2011-06-28 03:36 . 2011-06-28 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-06-28 03:17 . 2011-06-28 03:17 -------- d-----w- C:\Adobe 2011-06-28 03:05 . 2011-06-28 03:05 -------- d-----w- C:\$AVG 2011-06-28 03:01 . 2011-06-28 03:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-06-16 07:29 . 2011-07-09 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-06-16 07:02 . 2011-06-16 07:24 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 01:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-29 13:11 . 2010-08-20 22:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-08-20 22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2007-03-22 04:42 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2011-06-16 04:17 . 2011-07-10 13:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-07-14_22.51.40 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-14 23:20 . 2011-07-14 23:20 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/20/2010 6:55 PM 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/20/2010 6:55 PM 22712] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-07-14 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dpw.com\newyork TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-14 19:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(552) c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(612) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(6056) c:\windows\system32\WININET.dll c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\stsystra.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2011-07-14 19:25:02 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-14 23:24 ComboFix2.txt 2011-07-14 22:54 ComboFix3.txt 2011-07-14 20:32 ComboFix4.txt 2011-07-14 12:39 . Pre-Run: 186,341,699,584 bytes free Post-Run: 186,321,743,872 bytes free . - - End Of File - - 65A6078A82C8008BC0C71B7C76262C5B Upload was successful
  6. Results (first one plus Jotti): 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: gb_33448921.bat Submission date: 2011-07-14 22:51:45 (UTC) Current status: finished Result: 3/ 43 (7.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.07.15.00 2011.07.14 - AntiVir 7.11.11.156 2011.07.14 - Antiy-AVL 2.0.3.7 2011.07.14 - Avast 4.8.1351.0 2011.07.14 - Avast5 5.0.677.0 2011.07.14 - AVG 10.0.0.1190 2011.07.14 - BitDefender 7.2 2011.07.14 - CAT-QuickHeal 11.00 2011.07.13 - ClamAV 0.97.0.0 2011.07.14 - Commtouch 5.3.2.6 2011.07.14 - Comodo 9382 2011.07.14 - DrWeb 5.0.2.03300 2011.07.15 - Emsisoft 5.1.0.8 2011.07.14 - eSafe 7.0.17.0 2011.07.14 - eTrust-Vet 36.1.8444 2011.07.14 - F-Prot 4.6.2.117 2011.07.14 - F-Secure 9.0.16440.0 2011.07.14 - Fortinet 4.2.257.0 2011.07.14 BAT/Sdel!tr GData 22 2011.07.14 - Ikarus T3.1.1.104.0 2011.07.14 - Jiangmin 13.0.900 2011.07.14 - K7AntiVirus 9.108.4907 2011.07.14 - Kaspersky 9.0.0.837 2011.07.14 - McAfee 5.400.0.1158 2011.07.15 Bat/sdel McAfee-GW-Edition 2010.1D 2011.07.14 Bat/sdel Microsoft 1.7000 2011.07.14 - NOD32 6295 2011.07.15 - Norman 6.07.10 2011.07.14 - nProtect 2011-07-14.02 2011.07.14 - Panda 10.0.3.5 2011.07.14 - PCTools 8.0.0.5 2011.07.13 - Prevx 3.0 2011.07.15 - Rising 23.66.03.03 2011.07.14 - Sophos 4.67.0 2011.07.14 - SUPERAntiSpyware 4.40.0.1006 2011.07.15 - Symantec 20111.1.0.186 2011.07.15 - TheHacker 6.7.0.1.255 2011.07.14 - TrendMicro 9.200.0.1012 2011.07.14 - TrendMicro-HouseCall 9.200.0.1012 2011.07.15 - VBA32 3.12.16.4 2011.07.14 - VIPRE 9858 2011.07.14 - ViRobot 2011.7.14.4569 2011.07.14 - VirusBuster 14.0.125.0 2011.07.14 - Additional information MD5 : cad9e32b3eb68d200ecbca4bce7065be SHA1 : e6849785e58fd91baaacfa3344a88b87b94e55ea SHA256: 629ea25f438cb88697c3e5e43c175b348f9c76a5359c29ce429a33ab16d6ab3b VT Community Jotti: Jotti's malware scan Filename: gb_33448921.bat Status: Scan finished. 0 out of 20 scanners reported malware. Scan taken on: Fri 15 Jul 2011 01:06:16 (CET) Permalink Additional info File size: 179 bytes Filetype: DOS batch file text MD5: cad9e32b3eb68d200ecbca4bce7065be SHA1: e6849785e58fd91baaacfa3344a88b87b94e55ea Scanners [ArcaVir] 2011-07-15 Found nothing [F-Secure Anti-Virus] 2011-07-14 Found nothing [Avast! antivirus] 2011-07-14 Found nothing [G DATA] 2011-07-14 Found nothing [Grisoft AVG Anti-Virus] 2011-07-14 Found nothing [ikarus] 2011-07-14 Found nothing [Avira AntiVir] 2011-07-14 Found nothing [Kaspersky Anti-Virus] 2011-07-14 Found nothing [softwin BitDefender] 2011-07-14 Found nothing [ESET NOD32] 2011-07-14 Found nothing [ClamAV] 2011-07-14 Found nothing [Panda Antivirus] 2011-07-14 Found nothing [CPsecure] 2011-07-14 Found nothing [Quick Heal] 2011-07-14 Found nothing [Dr.Web] 2011-07-15 Found nothing [sophos] 2011-07-14 Found nothing [Emsisoft Anti-Malware] 2011-07-15 Found nothing [VirusBlokAda VBA32] 2011-07-14 Found nothing [Frisk F-Prot Antivirus] 2011-07-14 Found nothing [VirusBuster] 2011-07-14 Found nothing
  7. I ran Jotti again and came back with the same result. Anyway, here is the new CF log: ComboFix 11-07-14.05 - Andrew & Una 07/14/2011 18:43:46.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1522 [GMT -4:00] Running from: c:\documents and settings\Andrew & Una\Desktop\ComboFix.exe AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C} . . ((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 ))))))))))))))))))))))))))))))) . . 2011-07-10 13:53 . 2011-07-10 13:53 -------- d-----w- c:\documents and settings\Andrew & Una\Local Settings\Application Data\Threat Expert 2011-07-10 13:11 . 2011-07-10 13:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-10 13:10 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-07-10 13:10 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-07-10 13:10 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-07-10 13:10 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-07-10 13:10 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-07-10 13:10 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-07-10 13:10 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-07-10 13:10 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-07-09 22:53 . 2011-07-11 00:14 -------- d-----w- c:\program files\PC Tools Security 2011-07-09 22:53 . 2011-07-11 00:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-07-09 22:51 . 2011-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-07-06 00:19 . 2011-07-06 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-07-06 00:19 . 2011-07-06 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-06-30 00:23 . 2011-06-30 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-06-29 23:35 . 2011-06-29 23:35 711728 ----a-w- c:\windows\is-3J77F.exe 2011-06-29 23:35 . 2011-06-29 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-06-29 23:34 . 2011-06-29 23:34 354 ----a-w- C:\fix.reg 2011-06-29 23:02 . 2011-06-29 23:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-06-29 23:02 . 2011-06-29 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-06-29 09:24 . 2011-06-29 09:24 179 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat 2011-06-29 09:24 . 2011-06-29 09:24 177 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33436921.bat 2011-06-29 09:23 . 2011-06-29 09:23 139 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33415171.bat 2011-06-29 09:23 . 2011-06-29 09:23 205 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33394218.bat 2011-06-28 03:36 . 2011-06-28 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-06-28 03:17 . 2011-06-28 03:17 -------- d-----w- C:\Adobe 2011-06-28 03:08 . 2011-06-28 03:08 -------- d-----w- C:\BlueFlare Antivirus 2011-06-28 03:05 . 2011-06-28 03:05 -------- d-----w- C:\$AVG 2011-06-28 03:01 . 2011-06-28 03:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-06-16 07:29 . 2011-07-09 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-06-16 07:02 . 2011-06-16 07:24 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 01:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-29 13:11 . 2010-08-20 22:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-08-20 22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2007-03-22 04:42 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2011-06-16 04:17 . 2011-07-10 13:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-14_12.36.40 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll + 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll + 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll + 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll + 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll + 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll + 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll + 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll + 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll + 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll + 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll + 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll + 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll + 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll + 2011-07-14 20:52 . 2011-07-14 20:52 16384 c:\windows\temp\Perflib_Perfdata_884.dat - 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll + 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll + 2007-03-24 14:45 . 2011-07-14 20:48 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-03-24 14:45 . 2011-07-13 00:42 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-03-24 14:45 . 2011-07-13 00:42 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2007-03-24 14:45 . 2011-07-14 20:48 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-03-24 14:45 . 2011-07-13 00:42 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-03-24 14:45 . 2011-07-14 20:48 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2007-03-24 14:45 . 2011-07-13 00:42 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2007-03-24 14:45 . 2011-07-14 20:48 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2007-03-24 14:45 . 2011-07-14 20:48 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-03-24 14:45 . 2011-07-13 00:42 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll + 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll + 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll + 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll + 2007-03-21 15:34 . 2011-07-14 20:52 277352 c:\windows\system32\FNTCACHE.DAT - 2007-03-21 15:34 . 2011-06-30 23:52 277352 c:\windows\system32\FNTCACHE.DAT - 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll + 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll + 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll + 2011-07-14 20:50 . 2011-07-14 20:50 223744 c:\windows\Installer\13ffb7.msi + 2007-03-24 14:45 . 2011-07-14 20:48 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2007-03-24 14:45 . 2011-07-13 00:42 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2007-03-24 14:45 . 2011-07-13 00:42 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2007-03-24 14:45 . 2011-07-14 20:48 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-03-24 14:45 . 2011-07-13 00:42 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-03-24 14:45 . 2011-07-14 20:48 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2007-03-24 14:45 . 2011-07-13 00:42 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-03-24 14:45 . 2011-07-14 20:48 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll + 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll + 2008-10-15 21:18 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys + 2011-05-23 18:15 . 2011-05-23 18:15 3617792 c:\windows\Installer\13ffb0.msp + 2007-03-22 12:14 . 2011-07-14 20:49 49089992 c:\windows\system32\MRT.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/20/2010 6:55 PM 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/20/2010 6:55 PM 22712] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-07-14 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dpw.com\newyork TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-14 18:51 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(548) c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(608) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(488) c:\windows\system32\WININET.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-07-14 18:54:33 ComboFix-quarantined-files.txt 2011-07-14 22:54 ComboFix2.txt 2011-07-14 20:32 ComboFix3.txt 2011-07-14 12:39 . Pre-Run: 186,343,780,352 bytes free Post-Run: 186,335,674,368 bytes free . - - End Of File - - 7275D2C41B4F169C5851883C02C2E450
  8. Not sure what Blue Flare is. I ran Eset and some others that had been posted to this site, but don't recognize that one. As to the exe file you ID'd: Here is the first link, and then Kaspersky, and then Jotti: File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: c8de25fefb17627e2237b320ccf30ee1 Date first seen: 2011-05-31 21:01:18 (UTC) Date last seen: 2011-07-13 23:02:37 (UTC) Detection ratio: 0/43 Kaspersky: Kaspersky File Scanner Scanned file: is-3J77F.exe You're clean! Kaspersky File Scanner has not detected any viruses at this time in the file you submitted. However, only a fully-functional antivirus solution with regularly updated virus definitions can ensure comprehensive protection against malware. If you do not have an antivirus solution installed, you may wish to consider purchasing one today. Download a trial version of Kaspersky Internet Security Purchase Kaspersky Internet Security in our E-Store Purchase Kaspersky Internet Security from a certified partner Jotti: Jotti's malware scan This file has been scanned before. The results for this previous scan are listed below. Filename: is-CB483.exe Status: Scan finished. 0 out of 12 scanners reported malware. Scan taken on: Fri 1 Jul 2011 02:57:15 (CET) Permalink Additional info File size: 711728 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: c8de25fefb17627e2237b320ccf30ee1 SHA1: 1eb76f645e9a74e9e45b33fdf4793c889c5a6744
  9. New log below. I did a few tests. In IE, I still get redirected. In Firefox, when I run a Google search and then click on a search result, most web pages come back completely blank. One note: I shut down my PC and apparently some updates uploaded upon closing. This is the first time that has happened, so it appears that CF worked on that at least. But I am still blocked form accessing the website: http://windowsupdate.microsoft.com/ from both IE and Firefox. ComboFix 11-07-14.05 - Andrew & Una 07/14/2011 16:18:57.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1401 [GMT -4:00] Running from: c:\documents and settings\Andrew & Una\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Andrew & Una\Desktop\CFScript.txt AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C} . . ((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 ))))))))))))))))))))))))))))))) . . 2011-07-10 13:53 . 2011-07-10 13:53 -------- d-----w- c:\documents and settings\Andrew & Una\Local Settings\Application Data\Threat Expert 2011-07-10 13:11 . 2011-07-10 13:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-10 13:10 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-07-10 13:10 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-07-10 13:10 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-07-10 13:10 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-07-10 13:10 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-07-10 13:10 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-07-10 13:10 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-07-10 13:10 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-07-09 22:53 . 2011-07-11 00:14 -------- d-----w- c:\program files\PC Tools Security 2011-07-09 22:53 . 2011-07-11 00:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-07-09 22:51 . 2011-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-07-06 00:19 . 2011-07-06 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-07-06 00:19 . 2011-07-06 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-06-30 00:23 . 2011-06-30 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-06-29 23:35 . 2011-06-29 23:35 711728 ----a-w- c:\windows\is-3J77F.exe 2011-06-29 23:35 . 2011-06-29 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-06-29 23:34 . 2011-06-29 23:34 354 ----a-w- C:\fix.reg 2011-06-29 23:02 . 2011-06-29 23:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-06-29 23:02 . 2011-06-29 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-06-29 09:24 . 2011-06-29 09:24 179 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat 2011-06-29 09:24 . 2011-06-29 09:24 177 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33436921.bat 2011-06-29 09:23 . 2011-06-29 09:23 139 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33415171.bat 2011-06-29 09:23 . 2011-06-29 09:23 205 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33394218.bat 2011-06-28 03:36 . 2011-06-28 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-06-28 03:17 . 2011-06-28 03:17 -------- d-----w- C:\Adobe 2011-06-28 03:08 . 2011-06-28 03:08 -------- d-----w- C:\BlueFlare Antivirus 2011-06-28 03:05 . 2011-06-28 03:05 -------- d-----w- C:\$AVG 2011-06-28 03:01 . 2011-06-28 03:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-06-16 07:29 . 2011-07-09 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-06-16 07:02 . 2011-06-16 07:24 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 01:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-08-20 22:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-08-20 22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2007-03-22 04:42 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2011-06-16 04:17 . 2011-07-10 13:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-14_12.36.40 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-14 20:27 . 2011-07-14 20:27 16384 c:\windows\temp\Perflib_Perfdata_18c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/20/2010 6:55 PM 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/20/2010 6:55 PM 22712] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-07-14 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dpw.com\newyork TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-14 16:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(552) c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(612) c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(1596) c:\windows\system32\WININET.dll c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\stsystra.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2011-07-14 16:31:59 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-14 20:31 ComboFix2.txt 2011-07-14 12:39 . Pre-Run: 186,398,883,840 bytes free Post-Run: 186,397,876,224 bytes free . - - End Of File - - F1BB91A9B7B6C15243F4991663B758FD
  10. OK. AVG uninstalled and ran combofix. Here is the log: ComboFix 11-07-13.04 - Andrew & Una 07/14/2011 8:26.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1414 [GMT -4:00] Running from: c:\documents and settings\Andrew & Una\Desktop\ComboFix.exe AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\20100126163026.log c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.ico c:\documents and settings\All Users\Desktop\Malware Protection.lnk C:\Microsoft . . ((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 ))))))))))))))))))))))))))))))) . . 2011-07-10 13:53 . 2011-07-10 13:53 -------- d-----w- c:\documents and settings\Andrew & Una\Local Settings\Application Data\Threat Expert 2011-07-10 13:11 . 2011-07-10 13:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-10 13:10 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-07-10 13:10 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-07-10 13:10 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-07-10 13:10 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-07-10 13:10 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-07-10 13:10 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-07-10 13:10 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-07-10 13:10 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-07-09 22:53 . 2011-07-11 00:14 -------- d-----w- c:\program files\PC Tools Security 2011-07-09 22:53 . 2011-07-11 00:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-07-09 22:51 . 2011-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-07-06 00:19 . 2011-07-06 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-07-06 00:19 . 2011-07-06 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-06-30 00:23 . 2011-06-30 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-06-29 23:35 . 2011-06-29 23:35 711728 ----a-w- c:\windows\is-3J77F.exe 2011-06-29 23:35 . 2011-06-29 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-06-29 23:34 . 2011-06-29 23:34 354 ----a-w- C:\fix.reg 2011-06-29 23:02 . 2011-06-29 23:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-06-29 23:02 . 2011-06-29 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-06-29 09:24 . 2011-06-29 09:24 179 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat 2011-06-29 09:24 . 2011-06-29 09:24 177 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33436921.bat 2011-06-29 09:23 . 2011-06-29 09:23 139 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33415171.bat 2011-06-29 09:23 . 2011-06-29 09:23 205 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33394218.bat 2011-06-28 03:36 . 2011-06-28 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-06-28 03:17 . 2011-06-28 03:17 -------- d-----w- C:\Adobe 2011-06-28 03:08 . 2011-06-28 03:08 -------- d-----w- C:\BlueFlare Antivirus 2011-06-28 03:05 . 2011-06-28 03:05 -------- d-----w- C:\$AVG 2011-06-28 03:01 . 2011-06-28 03:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-06-16 07:29 . 2011-07-09 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-06-16 07:02 . 2011-06-16 07:24 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 01:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-08-20 22:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-08-20 22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31 . 2007-03-22 04:42 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2011-06-16 04:17 . 2011-07-10 13:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/20/2010 6:55 PM 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/20/2010 6:55 PM 22712] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2010-02-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dpw.com\newyork TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55333 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-UIUCU - c:\docume~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe AddRemove-{E7269FD6-34EA-4617-8752-6739AA384080} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{E7269~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-14 08:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(568) c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(628) c:\windows\system32\WININET.dll . Completion time: 2011-07-14 08:39:45 ComboFix-quarantined-files.txt 2011-07-14 12:39 . Pre-Run: 185,413,607,424 bytes free Post-Run: 186,277,552,128 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - F3E63EDF0E5C24E88384E52ACE542AFD
  11. Three items: 1. I clicked on the links to uninstall AVG. The first and last links apperead to work. The second did not. The AVG icon still exists in my toolbar, so I tried to unistall via Windows. I tried several times but keep running into an uninstall error. ComboFix won't run unless I remove AVG. Any suggestions? 2. You indicated that the Firefox proxy was on. I checked again, and "no prox" is checked. Not sure what is happening here. 3. I should note that only once I have been able to successfully post a message to this site from the infected computer. (I have tried both IE and Firefox. I re-ran DDS, just in case. Let me know if you don't want me to post this without instruction b/c it is long. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Run by Andrew & Una at 19:21:26 on 2011-07-13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1347 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Brownie\brpjp04a.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [uIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini" mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: dpw.com\newyork DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174537892913 DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{F029A846-7AAF-4804-AF6B-F8F5DD0D83F9} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\andrew & una\application data\mozilla\firefox\profiles\7tcgmxqx.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55333 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll . ============= SERVICES / DRIVERS =============== . R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-20 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-20 22712] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . =============== Created Last 30 ================ . 2011-07-10 13:53:18 -------- d-----w- c:\documents and settings\andrew & una\local settings\application data\Threat Expert 2011-07-10 13:28:16 -------- d-----w- c:\documents and settings\andrew & una\application data\AVG10 2011-07-10 13:24:51 -------- d-----w- c:\documents and settings\all users\application data\AVG10 2011-07-10 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-07-10 13:11:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-10 13:10:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-07-10 13:10:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-07-10 13:10:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-07-10 13:10:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-07-10 13:10:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-07-10 13:10:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-07-10 13:10:25 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-07-10 13:10:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-07-09 22:53:23 -------- d-----w- c:\program files\PC Tools Security 2011-07-09 22:51:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-07-06 00:19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-07-06 00:19:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2011-06-29 23:35:25 711728 ----a-w- c:\windows\is-3J77F.exe 2011-06-29 23:34:06 354 ----a-w- C:\fix.reg 2011-06-29 09:24:26 179 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33448921.bat 2011-06-29 09:24:14 177 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33436921.bat 2011-06-29 09:23:52 139 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33415171.bat 2011-06-29 09:23:31 205 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33394218.bat 2011-06-28 03:20:08 -------- d-----w- C:\Microsoft 2011-06-28 03:17:39 -------- d-----w- C:\Adobe 2011-06-28 03:08:18 -------- d-----w- C:\BlueFlare Antivirus 2011-06-28 03:05:53 -------- d--h--w- C:\$AVG 2011-06-16 07:29:08 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras 2011-06-16 07:02:41 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 01:22:25 105472 -c----w- c:\windows\system32\dllcache\mup.sys . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys . ============= FINISH: 19:23:04.03 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/22/2007 12:45:51 AM System Uptime: 7/13/2011 6:56:31 PM (1 hours ago) . Motherboard: Dell Inc. | | 0WG855 Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 233 GiB total, 168.887 GiB free. D: is CDROM () E: is CDROM (CDFS) H: is Removable I: is Removable J: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\82BE3821D100 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\82BE3821D100 Service: NIC1394 . ==== System Restore Points =================== . RP1298: 4/16/2011 7:44:24 AM - Software Distribution Service 3.0 RP1299: 4/17/2011 3:00:17 AM - Software Distribution Service 3.0 RP1300: 4/19/2011 10:07:36 AM - System Checkpoint RP1301: 4/20/2011 10:46:05 AM - System Checkpoint RP1302: 4/21/2011 11:46:05 AM - System Checkpoint RP1303: 4/22/2011 3:00:14 AM - Software Distribution Service 3.0 RP1304: 4/24/2011 10:18:42 PM - System Checkpoint RP1305: 4/25/2011 10:49:51 PM - System Checkpoint RP1306: 4/27/2011 12:01:51 AM - System Checkpoint RP1307: 4/28/2011 3:00:15 AM - Software Distribution Service 3.0 RP1308: 4/29/2011 8:07:28 AM - System Checkpoint RP1309: 4/30/2011 8:33:11 AM - System Checkpoint RP1310: 5/1/2011 8:58:27 AM - System Checkpoint RP1311: 5/2/2011 9:36:44 AM - System Checkpoint RP1312: 5/3/2011 9:56:01 AM - System Checkpoint RP1313: 5/5/2011 7:53:19 AM - System Checkpoint RP1314: 5/6/2011 8:00:03 AM - System Checkpoint RP1315: 5/6/2011 9:08:29 AM - Avg Update RP1316: 5/7/2011 9:44:22 AM - System Checkpoint RP1317: 5/8/2011 10:56:22 AM - System Checkpoint RP1318: 5/9/2011 11:44:22 AM - System Checkpoint RP1319: 5/10/2011 9:10:04 AM - Avg Update RP1320: 5/12/2011 8:21:47 PM - Avg Update RP1321: 5/13/2011 3:00:33 AM - Software Distribution Service 3.0 RP1322: 5/14/2011 3:31:50 AM - System Checkpoint RP1323: 5/15/2011 3:32:02 AM - System Checkpoint RP1324: 5/17/2011 10:12:12 AM - Configured Microsoft Office Professional 2007 Trial RP1325: 5/18/2011 11:23:20 AM - System Checkpoint RP1326: 5/19/2011 12:23:21 PM - System Checkpoint RP1327: 5/20/2011 1:14:44 PM - System Checkpoint RP1328: 5/20/2011 6:27:02 PM - Avg Update RP1329: 5/21/2011 6:54:04 PM - System Checkpoint RP1330: 5/22/2011 11:56:20 PM - System Checkpoint RP1331: 5/23/2011 11:59:26 PM - System Checkpoint RP1332: 5/25/2011 12:02:02 AM - System Checkpoint RP1333: 5/26/2011 1:02:03 AM - System Checkpoint RP1334: 5/27/2011 1:51:07 AM - System Checkpoint RP1335: 5/28/2011 2:48:04 AM - System Checkpoint RP1336: 5/30/2011 5:13:49 PM - System Checkpoint RP1337: 5/31/2011 5:17:01 PM - System Checkpoint RP1338: 6/2/2011 8:49:14 AM - System Checkpoint RP1339: 6/3/2011 9:17:11 AM - System Checkpoint RP1340: 6/4/2011 9:37:07 AM - System Checkpoint RP1341: 6/5/2011 10:37:07 AM - System Checkpoint RP1342: 6/6/2011 10:48:57 AM - System Checkpoint RP1343: 6/7/2011 12:00:57 PM - System Checkpoint RP1344: 6/8/2011 12:39:04 PM - System Checkpoint RP1345: 6/9/2011 1:01:04 PM - System Checkpoint RP1346: 6/10/2011 2:01:04 PM - System Checkpoint RP1347: 6/11/2011 2:53:15 PM - System Checkpoint RP1348: 6/12/2011 3:41:15 PM - System Checkpoint RP1349: 6/14/2011 9:32:45 PM - System Checkpoint RP1350: 6/15/2011 10:26:09 PM - System Checkpoint RP1351: 6/16/2011 3:00:23 AM - Software Distribution Service 3.0 RP1352: 6/17/2011 8:01:14 PM - System Checkpoint RP1353: 6/18/2011 8:35:14 PM - System Checkpoint RP1354: 6/20/2011 7:42:40 PM - System Checkpoint RP1355: 6/21/2011 8:25:26 PM - System Checkpoint RP1356: 6/22/2011 9:19:21 PM - System Checkpoint RP1357: 6/24/2011 8:03:51 AM - System Checkpoint RP1358: 6/25/2011 8:07:44 PM - Software Distribution Service 3.0 RP1359: 6/28/2011 9:46:13 PM - System Checkpoint RP1360: 6/29/2011 7:12:04 PM - Restore Operation RP1361: 6/29/2011 10:45:47 PM - Restore Operation RP1362: 6/29/2011 10:48:33 PM - Restore Operation RP1363: 6/30/2011 7:44:47 PM - Configured Microsoft Office Professional 2007 Trial RP1364: 6/30/2011 7:46:51 PM - Removed Microsoft Office Professional 2007 Trial RP1365: 7/1/2011 7:56:43 PM - System Checkpoint RP1366: 7/2/2011 8:13:13 PM - System Checkpoint RP1367: 7/5/2011 9:10:34 PM - System Checkpoint RP1368: 7/6/2011 9:30:43 PM - System Checkpoint RP1369: 7/7/2011 9:44:14 PM - System Checkpoint RP1370: 7/8/2011 10:30:43 PM - System Checkpoint RP1371: 7/9/2011 11:02:58 PM - System Checkpoint RP1372: 7/10/2011 9:16:30 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 RP1373: 7/10/2011 9:16:40 AM - Installed AVG 2011 RP1374: 7/10/2011 9:17:25 AM - Removed AVG Free 9.0 RP1375: 7/10/2011 9:24:25 AM - Installed AVG 2011 RP1376: 7/11/2011 8:40:01 PM - System Checkpoint RP1377: 7/12/2011 9:30:27 PM - System Checkpoint RP1378: 7/13/2011 6:59:58 PM - Removed AVG 2011 RP1379: 7/13/2011 7:01:39 PM - Removed AVG 2011 RP1380: 7/13/2011 7:09:11 PM - Removed AVG 2011 . ==== Installed Programs ====================== . "Nero SoundTrax Help 3ivx MPEG-4 5.0.1 Decoder (remove only) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.3.0 Advertising Center Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2011 BlackBerry Desktop Software 5.0 Bonjour Brother HL-5340D BUM Canon Camera Access Library Canon Camera Support Core Library Canon MP Drivers 6.0 Canon MP Navigator 1.0 Canon RAW Image Task for ZoomBrowser EX Canon ScanGear Starter Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Easy-PhotoPrint Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CASIO USB Driver V1.0.8003.1229 Cisco Connect Citrix Presentation Server Client - Web Only Dell Resource CD DellConnect DolbyFiles Easy-WebPrint Garmin Communicator Plugin Garmin USB Drivers Garmin WebUpdater High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ImagXpress Intel® PRO Network Connections Drivers iTunes J2SE Runtime Environment 5.0 Update 11 Japanese Fonts Support For Adobe Reader 8 Java 6 Update 17 KODAK EASYSHARE Gallery Easy Upload, v2.1 KODAK EASYSHARE Gallery Upload ActiveX Control Korean Language Support LG USB Modem driver LimeWire PRO 5.0.11 Logitech Harmony Remote Software 7 Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes' Anti-Malware version 1.51.0.1200 Menu Templates - Starter Kit Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Movie Templates - Starter Kit Mozilla Firefox 5.0 (x86 en-US) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) muvee Plugin 1.0 Nero 9 Nero Burning ROM Help Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Help Nero InfoTool Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress NeroLiveGadget NeroLiveGadget Help neroxml Nikon Message Center NVIDIA Drivers OGA Notifier 2.0.0048.0 OmniPage SE 2.0 PictureProject PictureProject In Touch 1.0 PictureProject In Touch Downloader 1.0 Presto! PageManager 6.03 QuickTime Remote Control USB Driver SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SigmaTel Audio Skype Toolbars Skype 5.3 Smilebox SoundTrax Spybot - Search & Destroy Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) V CAST Media Manager V CAST Music with Rhapsody WebFldrs XP Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Presentation Foundation Windows XP Service Pack 3 WinZip 12.0 XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 7/6/2011 7:38:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm 7/13/2011 7:03:13 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 7/13/2011 6:53:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH 7/11/2011 7:23:47 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 7/10/2011 2:59:37 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. 7/10/2011 2:58:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/10/2011 2:49:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm PCTSD . ==== End Of File ===========================
  12. New DDS.txt and Attach.txt are below: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Run by Andrew & Una at 8:29:16 on 2011-07-13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1269 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Brownie\brpjp04a.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [uIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini" mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: dpw.com\newyork DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174537892913 DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{F029A846-7AAF-4804-AF6B-F8F5DD0D83F9} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\andrew & una\application data\mozilla\firefox\profiles\7tcgmxqx.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55333 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-20 366640] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-20 22712] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . =============== Created Last 30 ================ . 2011-07-10 13:53:18 -------- d-----w- c:\documents and settings\andrew & una\local settings\application data\Threat Expert 2011-07-10 13:28:16 -------- d-----w- c:\documents and settings\andrew & una\application data\AVG10 2011-07-10 13:24:51 -------- d-----w- c:\windows\system32\drivers\AVG 2011-07-10 13:24:51 -------- d-----w- c:\documents and settings\all users\application data\AVG10 2011-07-10 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-07-10 13:11:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-10 13:10:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-07-10 13:10:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-07-10 13:10:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-07-10 13:10:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-07-10 13:10:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-07-10 13:10:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-07-10 13:10:25 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-07-10 13:10:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-07-09 22:53:23 -------- d-----w- c:\program files\PC Tools Security 2011-07-09 22:51:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-07-06 00:19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-07-06 00:19:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2011-06-29 23:35:25 711728 ----a-w- c:\windows\is-3J77F.exe 2011-06-29 23:34:06 354 ----a-w- C:\fix.reg 2011-06-29 09:24:26 179 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33448921.bat 2011-06-29 09:24:14 177 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33436921.bat 2011-06-29 09:23:52 139 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33415171.bat 2011-06-29 09:23:31 205 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33394218.bat 2011-06-28 03:20:08 -------- d-----w- C:\Microsoft 2011-06-28 03:17:39 -------- d-----w- C:\Adobe 2011-06-28 03:08:18 -------- d-----w- C:\BlueFlare Antivirus 2011-06-28 03:05:53 -------- d--h--w- C:\$AVG 2011-06-16 07:29:08 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras 2011-06-16 07:02:41 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 01:22:25 105472 -c----w- c:\windows\system32\dllcache\mup.sys . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys . ============= FINISH: 8:31:04.46 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/22/2007 12:45:51 AM System Uptime: 7/13/2011 8:24:43 AM (0 hours ago) . Motherboard: Dell Inc. | | 0WG855 Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 233 GiB total, 168.937 GiB free. D: is CDROM () E: is CDROM (CDFS) H: is Removable I: is Removable J: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\82BE3821D100 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\82BE3821D100 Service: NIC1394 . ==== System Restore Points =================== . RP1298: 4/16/2011 7:44:24 AM - Software Distribution Service 3.0 RP1299: 4/17/2011 3:00:17 AM - Software Distribution Service 3.0 RP1300: 4/19/2011 10:07:36 AM - System Checkpoint RP1301: 4/20/2011 10:46:05 AM - System Checkpoint RP1302: 4/21/2011 11:46:05 AM - System Checkpoint RP1303: 4/22/2011 3:00:14 AM - Software Distribution Service 3.0 RP1304: 4/24/2011 10:18:42 PM - System Checkpoint RP1305: 4/25/2011 10:49:51 PM - System Checkpoint RP1306: 4/27/2011 12:01:51 AM - System Checkpoint RP1307: 4/28/2011 3:00:15 AM - Software Distribution Service 3.0 RP1308: 4/29/2011 8:07:28 AM - System Checkpoint RP1309: 4/30/2011 8:33:11 AM - System Checkpoint RP1310: 5/1/2011 8:58:27 AM - System Checkpoint RP1311: 5/2/2011 9:36:44 AM - System Checkpoint RP1312: 5/3/2011 9:56:01 AM - System Checkpoint RP1313: 5/5/2011 7:53:19 AM - System Checkpoint RP1314: 5/6/2011 8:00:03 AM - System Checkpoint RP1315: 5/6/2011 9:08:29 AM - Avg Update RP1316: 5/7/2011 9:44:22 AM - System Checkpoint RP1317: 5/8/2011 10:56:22 AM - System Checkpoint RP1318: 5/9/2011 11:44:22 AM - System Checkpoint RP1319: 5/10/2011 9:10:04 AM - Avg Update RP1320: 5/12/2011 8:21:47 PM - Avg Update RP1321: 5/13/2011 3:00:33 AM - Software Distribution Service 3.0 RP1322: 5/14/2011 3:31:50 AM - System Checkpoint RP1323: 5/15/2011 3:32:02 AM - System Checkpoint RP1324: 5/17/2011 10:12:12 AM - Configured Microsoft Office Professional 2007 Trial RP1325: 5/18/2011 11:23:20 AM - System Checkpoint RP1326: 5/19/2011 12:23:21 PM - System Checkpoint RP1327: 5/20/2011 1:14:44 PM - System Checkpoint RP1328: 5/20/2011 6:27:02 PM - Avg Update RP1329: 5/21/2011 6:54:04 PM - System Checkpoint RP1330: 5/22/2011 11:56:20 PM - System Checkpoint RP1331: 5/23/2011 11:59:26 PM - System Checkpoint RP1332: 5/25/2011 12:02:02 AM - System Checkpoint RP1333: 5/26/2011 1:02:03 AM - System Checkpoint RP1334: 5/27/2011 1:51:07 AM - System Checkpoint RP1335: 5/28/2011 2:48:04 AM - System Checkpoint RP1336: 5/30/2011 5:13:49 PM - System Checkpoint RP1337: 5/31/2011 5:17:01 PM - System Checkpoint RP1338: 6/2/2011 8:49:14 AM - System Checkpoint RP1339: 6/3/2011 9:17:11 AM - System Checkpoint RP1340: 6/4/2011 9:37:07 AM - System Checkpoint RP1341: 6/5/2011 10:37:07 AM - System Checkpoint RP1342: 6/6/2011 10:48:57 AM - System Checkpoint RP1343: 6/7/2011 12:00:57 PM - System Checkpoint RP1344: 6/8/2011 12:39:04 PM - System Checkpoint RP1345: 6/9/2011 1:01:04 PM - System Checkpoint RP1346: 6/10/2011 2:01:04 PM - System Checkpoint RP1347: 6/11/2011 2:53:15 PM - System Checkpoint RP1348: 6/12/2011 3:41:15 PM - System Checkpoint RP1349: 6/14/2011 9:32:45 PM - System Checkpoint RP1350: 6/15/2011 10:26:09 PM - System Checkpoint RP1351: 6/16/2011 3:00:23 AM - Software Distribution Service 3.0 RP1352: 6/17/2011 8:01:14 PM - System Checkpoint RP1353: 6/18/2011 8:35:14 PM - System Checkpoint RP1354: 6/20/2011 7:42:40 PM - System Checkpoint RP1355: 6/21/2011 8:25:26 PM - System Checkpoint RP1356: 6/22/2011 9:19:21 PM - System Checkpoint RP1357: 6/24/2011 8:03:51 AM - System Checkpoint RP1358: 6/25/2011 8:07:44 PM - Software Distribution Service 3.0 RP1359: 6/28/2011 9:46:13 PM - System Checkpoint RP1360: 6/29/2011 7:12:04 PM - Restore Operation RP1361: 6/29/2011 10:45:47 PM - Restore Operation RP1362: 6/29/2011 10:48:33 PM - Restore Operation RP1363: 6/30/2011 7:44:47 PM - Configured Microsoft Office Professional 2007 Trial RP1364: 6/30/2011 7:46:51 PM - Removed Microsoft Office Professional 2007 Trial RP1365: 7/1/2011 7:56:43 PM - System Checkpoint RP1366: 7/2/2011 8:13:13 PM - System Checkpoint RP1367: 7/5/2011 9:10:34 PM - System Checkpoint RP1368: 7/6/2011 9:30:43 PM - System Checkpoint RP1369: 7/7/2011 9:44:14 PM - System Checkpoint RP1370: 7/8/2011 10:30:43 PM - System Checkpoint RP1371: 7/9/2011 11:02:58 PM - System Checkpoint RP1372: 7/10/2011 9:16:30 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 RP1373: 7/10/2011 9:16:40 AM - Installed AVG 2011 RP1374: 7/10/2011 9:17:25 AM - Removed AVG Free 9.0 RP1375: 7/10/2011 9:24:25 AM - Installed AVG 2011 RP1376: 7/11/2011 8:40:01 PM - System Checkpoint RP1377: 7/12/2011 9:30:27 PM - System Checkpoint . ==== Installed Programs ====================== . "Nero SoundTrax Help 3ivx MPEG-4 5.0.1 Decoder (remove only) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.3.0 Advertising Center Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2011 BlackBerry Desktop Software 5.0 Bonjour Brother HL-5340D BUM Canon Camera Access Library Canon Camera Support Core Library Canon MP Drivers 6.0 Canon MP Navigator 1.0 Canon RAW Image Task for ZoomBrowser EX Canon ScanGear Starter Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Easy-PhotoPrint Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CASIO USB Driver V1.0.8003.1229 Cisco Connect Citrix Presentation Server Client - Web Only Dell Resource CD DellConnect DolbyFiles Easy-WebPrint Garmin Communicator Plugin Garmin USB Drivers Garmin WebUpdater High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ImagXpress Intel® PRO Network Connections Drivers iTunes J2SE Runtime Environment 5.0 Update 11 Japanese Fonts Support For Adobe Reader 8 Java 6 Update 17 KODAK EASYSHARE Gallery Easy Upload, v2.1 KODAK EASYSHARE Gallery Upload ActiveX Control Korean Language Support LG USB Modem driver LimeWire PRO 5.0.11 Logitech Harmony Remote Software 7 Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes' Anti-Malware version 1.51.0.1200 Menu Templates - Starter Kit Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Movie Templates - Starter Kit Mozilla Firefox 5.0 (x86 en-US) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) muvee Plugin 1.0 Nero 9 Nero Burning ROM Help Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Help Nero InfoTool Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress NeroLiveGadget NeroLiveGadget Help neroxml Nikon Message Center NVIDIA Drivers OGA Notifier 2.0.0048.0 OmniPage SE 2.0 PictureProject PictureProject In Touch 1.0 PictureProject In Touch Downloader 1.0 Presto! PageManager 6.03 QuickTime Remote Control USB Driver SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SigmaTel Audio Skype Toolbars Skype™ 5.3 Smilebox SoundTrax Spybot - Search & Destroy Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) V CAST Media Manager V CAST Music with Rhapsody WebFldrs XP Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Presentation Foundation Windows XP Service Pack 3 WinZip 12.0 XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 7/6/2011 7:38:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm 7/11/2011 7:23:47 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 7/10/2011 2:51:49 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. 7/10/2011 2:49:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/10/2011 2:49:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm PCTSD . ==== End Of File ===========================
  13. In case you were asking for me to paste the attach.txt file previously attached, it is below. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/22/2007 12:45:51 AM System Uptime: 7/10/2011 4:39:42 PM (0 hours ago) . Motherboard: Dell Inc. | | 0WG855 Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Microprocessor | 1861/1066mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 233 GiB total, 168.889 GiB free. D: is CDROM () E: is CDROM (CDFS) H: is Removable I: is Removable J: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\82BE3821D100 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\82BE3821D100 Service: NIC1394 . ==== System Restore Points =================== . RP1296: 4/11/2011 10:17:48 PM - System Checkpoint RP1297: 4/12/2011 10:23:35 PM - System Checkpoint RP1298: 4/16/2011 7:44:24 AM - Software Distribution Service 3.0 RP1299: 4/17/2011 3:00:17 AM - Software Distribution Service 3.0 RP1300: 4/19/2011 10:07:36 AM - System Checkpoint RP1301: 4/20/2011 10:46:05 AM - System Checkpoint RP1302: 4/21/2011 11:46:05 AM - System Checkpoint RP1303: 4/22/2011 3:00:14 AM - Software Distribution Service 3.0 RP1304: 4/24/2011 10:18:42 PM - System Checkpoint RP1305: 4/25/2011 10:49:51 PM - System Checkpoint RP1306: 4/27/2011 12:01:51 AM - System Checkpoint RP1307: 4/28/2011 3:00:15 AM - Software Distribution Service 3.0 RP1308: 4/29/2011 8:07:28 AM - System Checkpoint RP1309: 4/30/2011 8:33:11 AM - System Checkpoint RP1310: 5/1/2011 8:58:27 AM - System Checkpoint RP1311: 5/2/2011 9:36:44 AM - System Checkpoint RP1312: 5/3/2011 9:56:01 AM - System Checkpoint RP1313: 5/5/2011 7:53:19 AM - System Checkpoint RP1314: 5/6/2011 8:00:03 AM - System Checkpoint RP1315: 5/6/2011 9:08:29 AM - Avg Update RP1316: 5/7/2011 9:44:22 AM - System Checkpoint RP1317: 5/8/2011 10:56:22 AM - System Checkpoint RP1318: 5/9/2011 11:44:22 AM - System Checkpoint RP1319: 5/10/2011 9:10:04 AM - Avg Update RP1320: 5/12/2011 8:21:47 PM - Avg Update RP1321: 5/13/2011 3:00:33 AM - Software Distribution Service 3.0 RP1322: 5/14/2011 3:31:50 AM - System Checkpoint RP1323: 5/15/2011 3:32:02 AM - System Checkpoint RP1324: 5/17/2011 10:12:12 AM - Configured Microsoft Office Professional 2007 Trial RP1325: 5/18/2011 11:23:20 AM - System Checkpoint RP1326: 5/19/2011 12:23:21 PM - System Checkpoint RP1327: 5/20/2011 1:14:44 PM - System Checkpoint RP1328: 5/20/2011 6:27:02 PM - Avg Update RP1329: 5/21/2011 6:54:04 PM - System Checkpoint RP1330: 5/22/2011 11:56:20 PM - System Checkpoint RP1331: 5/23/2011 11:59:26 PM - System Checkpoint RP1332: 5/25/2011 12:02:02 AM - System Checkpoint RP1333: 5/26/2011 1:02:03 AM - System Checkpoint RP1334: 5/27/2011 1:51:07 AM - System Checkpoint RP1335: 5/28/2011 2:48:04 AM - System Checkpoint RP1336: 5/30/2011 5:13:49 PM - System Checkpoint RP1337: 5/31/2011 5:17:01 PM - System Checkpoint RP1338: 6/2/2011 8:49:14 AM - System Checkpoint RP1339: 6/3/2011 9:17:11 AM - System Checkpoint RP1340: 6/4/2011 9:37:07 AM - System Checkpoint RP1341: 6/5/2011 10:37:07 AM - System Checkpoint RP1342: 6/6/2011 10:48:57 AM - System Checkpoint RP1343: 6/7/2011 12:00:57 PM - System Checkpoint RP1344: 6/8/2011 12:39:04 PM - System Checkpoint RP1345: 6/9/2011 1:01:04 PM - System Checkpoint RP1346: 6/10/2011 2:01:04 PM - System Checkpoint RP1347: 6/11/2011 2:53:15 PM - System Checkpoint RP1348: 6/12/2011 3:41:15 PM - System Checkpoint RP1349: 6/14/2011 9:32:45 PM - System Checkpoint RP1350: 6/15/2011 10:26:09 PM - System Checkpoint RP1351: 6/16/2011 3:00:23 AM - Software Distribution Service 3.0 RP1352: 6/17/2011 8:01:14 PM - System Checkpoint RP1353: 6/18/2011 8:35:14 PM - System Checkpoint RP1354: 6/20/2011 7:42:40 PM - System Checkpoint RP1355: 6/21/2011 8:25:26 PM - System Checkpoint RP1356: 6/22/2011 9:19:21 PM - System Checkpoint RP1357: 6/24/2011 8:03:51 AM - System Checkpoint RP1358: 6/25/2011 8:07:44 PM - Software Distribution Service 3.0 RP1359: 6/28/2011 9:46:13 PM - System Checkpoint RP1360: 6/29/2011 7:12:04 PM - Restore Operation RP1361: 6/29/2011 10:45:47 PM - Restore Operation RP1362: 6/29/2011 10:48:33 PM - Restore Operation RP1363: 6/30/2011 7:44:47 PM - Configured Microsoft Office Professional 2007 Trial RP1364: 6/30/2011 7:46:51 PM - Removed Microsoft Office Professional 2007 Trial RP1365: 7/1/2011 7:56:43 PM - System Checkpoint RP1366: 7/2/2011 8:13:13 PM - System Checkpoint RP1367: 7/5/2011 9:10:34 PM - System Checkpoint RP1368: 7/6/2011 9:30:43 PM - System Checkpoint RP1369: 7/7/2011 9:44:14 PM - System Checkpoint RP1370: 7/8/2011 10:30:43 PM - System Checkpoint RP1371: 7/9/2011 11:02:58 PM - System Checkpoint RP1372: 7/10/2011 9:16:30 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 RP1373: 7/10/2011 9:16:40 AM - Installed AVG 2011 RP1374: 7/10/2011 9:17:25 AM - Removed AVG Free 9.0 RP1375: 7/10/2011 9:24:25 AM - Installed AVG 2011 . ==== Installed Programs ====================== . "Nero SoundTrax Help 3ivx MPEG-4 5.0.1 Decoder (remove only) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.3.0 Advertising Center Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2011 BlackBerry Desktop Software 5.0 Bonjour Brother HL-5340D Browser Defender 3.0 BUM Canon Camera Access Library Canon Camera Support Core Library Canon MP Drivers 6.0 Canon MP Navigator 1.0 Canon RAW Image Task for ZoomBrowser EX Canon ScanGear Starter Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Easy-PhotoPrint Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CASIO USB Driver V1.0.8003.1229 Cisco Connect Citrix Presentation Server Client - Web Only Dell Resource CD DellConnect DolbyFiles Easy-WebPrint Garmin Communicator Plugin Garmin USB Drivers Garmin WebUpdater High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ImagXpress Intel® PRO Network Connections Drivers iTunes J2SE Runtime Environment 5.0 Update 11 Japanese Fonts Support For Adobe Reader 8 Java 6 Update 17 KODAK EASYSHARE Gallery Easy Upload, v2.1 KODAK EASYSHARE Gallery Upload ActiveX Control Korean Language Support LG USB Modem driver LimeWire PRO 5.0.11 Logitech Harmony Remote Software 7 Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes' Anti-Malware version 1.51.0.1200 Menu Templates - Starter Kit Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Movie Templates - Starter Kit Mozilla Firefox 5.0 (x86 en-US) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) muvee Plugin 1.0 Nero 9 Nero Burning ROM Help Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Help Nero InfoTool Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress NeroLiveGadget NeroLiveGadget Help neroxml Nikon Message Center NVIDIA Drivers OGA Notifier 2.0.0048.0 OmniPage SE 2.0 PictureProject PictureProject In Touch 1.0 PictureProject In Touch Downloader 1.0 Presto! PageManager 6.03 QuickTime Remote Control USB Driver SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SigmaTel Audio Skype Toolbars Skype™ 5.3 Smilebox SoundTrax Spybot - Search & Destroy Spyware Doctor 8.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) V CAST Media Manager V CAST Music with Rhapsody WebFldrs XP Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Presentation Foundation Windows XP Service Pack 3 WinZip 12.0 XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 7/6/2011 7:33:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/5/2011 9:16:04 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. 7/5/2011 10:36:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm 7/10/2011 2:49:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm PCTSD . ==== End Of File ===========================
  14. Thanks. I followed your instructions. Just fyi, the proxy settings were already set to "no proxy." The original virus I had caused that problem but the subsequent infections have not changed the proxy settings. Also, I should have mentioned that the virus prevents me from turning on Automatic Updates for Windows. I tried to download directly from Microsoft's website, but the virus is apparently blocking me from accessing that specific web page. I can get to other websites that I want. Prior to getting your email, I had already downloaded the latest version of Malwarebytes, ran it, and found the virus came back. I removed it with Malwarebytes. Since getting your email, there were no new versions of Malwarebytes, and I re-ran a quick scan, results below. I am still getting redirected from websites and still can't turn on Automatic Updates. Please let me know what is next. Thanks in advance. * * * Here was the most recent Malwarebytes log, followed by the one that ID'd and removed the virus earlier today, followed by my AVG Resident Shield scan detection: Most recent Malwarebytes quick scan: Database version: 7092 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/12/2011 8:42:14 PM mbam-log-2011-07-12 (20-42-14).txt Scan type: Quick scan Objects scanned: 186440 Time elapsed: 13 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the scan that picked up the virus earlier today (full scan): Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7092 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/12/2011 8:12:00 PM mbam-log-2011-07-12 (20-12-00).txt Scan type: Quick scan Objects scanned: 186244 Time elapsed: 14 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\andrew & una\local settings\Temp\jar_cache1875157683955176062.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\andrew & una\local settings\Temp\jar_cache722322918722206046.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\andrew & una\local settings\application data\ctl._dl (Trojan.FakeAlert) -> Quarantined and deleted successfully. Finally, here is my AVG log, which detected suspicious activity, for whatever it is worth: Resident Shield detection Infection;"Object";"Result";"Detection time";"Object Type";"Process" Virus found JS/Agent;"c:\Documents and Settings\Andrew & Una\Local Settings\Temporary Internet Files\Content.IE5\5YOIWVJE\java_trust[1].htm";"Moved to Virus Vault";"7/12/2011, 8:33:20 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" Virus found JS/Agent;"c:\Documents and Settings\Andrew & Una\Local Settings\Temporary Internet Files\Content.IE5\5YOIWVJE\java_trust[1].htm";"Object is inaccessible.";"7/12/2011, 6:27:52 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" Trojan horse Generic23.AYLL;"c:\System Volume Information\_restore{773B7E7F-0214-4084-BD5B-0E2B383584BA}\RP1367\A0139628.exe";"Moved to Virus Vault";"7/10/2011, 5:51:39 PM";"file";"C:\Program Files\PC Tools Security\pctsSvc.exe" Trojan horse Generic23.AYLL;"c:\System Volume Information\_restore{773B7E7F-0214-4084-BD5B-0E2B383584BA}\RP1367\A0139628.exe";"Object is inaccessible.";"7/10/2011, 4:04:15 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" Trojan horse Generic23.AYLL;"c:\System Volume Information\_restore{773B7E7F-0214-4084-BD5B-0E2B383584BA}\RP1367\A0139628.exe";"Object is inaccessible.";"7/10/2011, 11:41:23 AM";"file";"C:\Program Files\PC Tools Security\pctsSvc.exe"
  15. About a week and a half ago, my desktop was infected with XP Security 2012. I was able to remove it by identifying and renaming the 3 letter exe file (changed it to ._dl) and then fixing the registry and then running Malwarebytes, which then purported to remove the virus. After the removal, while the XP Security 2012 warnings didn't pop up anymore, my Google searches kept diverting to other websites. A few days later, XP 2012 came back; I removed it again. Then I started getting "Resident Shield Alert" and "AVG Resident Shield Alert" warnings, and then XP 2012 came back again. I was able to remove them with Malwarebytes. Clearly this sucker is lurking somewhere in my computer, and I have run a host of virus scans, which cannot identify the virus when it is temporarily dormant, only to pop up again in a few days. Here is some of the log info. Please let me know if you need anymore information, and thanks so much in advance. --Andrew From DDS.txt (Malwarebytes log below; attach.txt is zipped and attached as requested). I ran the GMER Rootkit Scanner several times but the program just stops and closes and I have no option to save the log. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Run by Andrew & Una at 16:41:58 on 2011-07-10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1117 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\PC Tools Security\pctsGui.exe C:\Program Files\PC Tools Security\BDT\FGuard.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Brownie\brpjp04a.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\PC Tools Security\pctsSvc.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\AVG\AVG10\avgchsvx.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:55333 uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [uIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini" mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll Trusted Zone: dpw.com\newyork DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174537892913 DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{F029A846-7AAF-4804-AF6B-F8F5DD0D83F9} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\andrew & una\application data\mozilla\firefox\profiles\7tcgmxqx.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55333 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-9 263888] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-9 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-9 656320] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-7-9 233976] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-7-9 337872] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-20 366640] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-7-9 371472] R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-7-9 1117144] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-20 22712] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-20 39984] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] . =============== Created Last 30 ================ . 2011-07-10 18:45:15 352256 ----a-w- c:\documents and settings\andrew & una\local settings\application data\ctl._dl 2011-07-10 13:53:18 -------- d-----w- c:\documents and settings\andrew & una\local settings\application data\Threat Expert 2011-07-10 13:28:16 -------- d-----w- c:\documents and settings\andrew & una\application data\AVG10 2011-07-10 13:24:51 -------- d-----w- c:\windows\system32\drivers\AVG 2011-07-10 13:24:51 -------- d-----w- c:\documents and settings\all users\application data\AVG10 2011-07-10 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-07-10 13:11:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-10 13:10:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-07-10 13:10:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-07-10 13:10:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-07-10 13:10:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-07-10 13:10:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-07-10 13:10:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-07-10 13:10:25 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-07-10 13:10:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-07-09 22:55:05 767952 ----a-w- c:\windows\BDTSupport.dll 2011-07-09 22:55:03 149456 ----a-w- c:\windows\SGDetectionTool.dll 2011-07-09 22:55:02 2078672 ----a-w- c:\windows\PCTBDCore.dll 2011-07-09 22:55:02 1533904 ----a-w- c:\windows\PCTBDRes.dll 2011-07-09 22:53:50 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-07-09 22:53:50 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-07-09 22:53:48 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-07-09 22:53:39 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-07-09 22:53:39 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-07-09 22:53:36 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2011-07-09 22:53:33 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-07-09 22:53:24 -------- d-----w- c:\program files\common files\PC Tools 2011-07-09 22:53:23 -------- d-----w- c:\program files\PC Tools Security 2011-07-09 22:51:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-07-06 00:19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-07-06 00:19:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2011-06-29 23:35:25 711728 ----a-w- c:\windows\is-3J77F.exe 2011-06-29 23:34:06 354 ----a-w- C:\fix.reg 2011-06-29 09:24:26 179 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33448921.bat 2011-06-29 09:24:14 177 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33436921.bat 2011-06-29 09:23:52 139 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33415171.bat 2011-06-29 09:23:31 205 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33394218.bat 2011-06-28 03:20:08 -------- d-----w- C:\Microsoft 2011-06-28 03:17:39 -------- d-----w- C:\Adobe 2011-06-28 03:08:18 -------- d-----w- C:\BlueFlare Antivirus 2011-06-28 03:05:53 -------- d--h--w- C:\$AVG 2011-06-16 07:29:08 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras 2011-06-16 07:02:41 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 01:22:25 105472 -c----w- c:\windows\system32\dllcache\mup.sys . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys . ============= FINISH: 16:44:22.70 =============== From Malwarebytes log (most recent): alwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7060 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/10/2011 4:29:28 PM mbam-log-2011-07-10 (16-29-28).txt Scan type: Full scan (C:\|) Objects scanned: 265458 Time elapsed: 1 hour(s), 28 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 7 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\820274501 (Trojan.FakeAlert) -> Value: 820274501 -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Andrew & Una\Local Settings\Application Data\ctl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Andrew & Una\Local Settings\Application Data\ctl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Andrew & Una\Local Settings\Application Data\ctl.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("%1"%*) Good: ("%1" %*) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\andrew & una\local settings\Temp\0.577127414324346.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.