I'm infected outgoing outgoing.. please help

[pudit]

Here is DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Administrator at 16:06:22 on 2012-07-30

Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2046.740 [GMT 7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\LClock\LClock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

"C:\WINDOWS\system32\svchost.exe"

C:\Program Files\Windows Media Player\wmplayer.exe

D:\sofware\FSCapturePortable\FSCapturePortable.exe

D:\sofware\FSCapturePortable\App\FSCapture\FSCapture.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.pudit.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: AcroIEHelperStub: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - Adobe PDF Link Helper

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [LClock] c:\program files\lclock\LClock.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [VisualTooltip] c:\program files\utilities\visualtooltip\VisualToolTip.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [<NO NAME>]

mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

dRun: [LClock] c:\program files\lclock\LClock.exe

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bluetooth.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\3.0.271\SSScheduler.exe

dPolicies-explorer: NoSMHelp = 1 (0x1)

IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306120888343

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306120862875

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://cctvbanchang.dyndns.org:81/AVC_AX_742.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 203.144.206.29 203.144.206.49

TCP: Interfaces\{B4F9DBA7-92D1-4CC4-A04E-E9F118EB5675} : DhcpNameServer = 203.144.206.29 203.144.206.49

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

mASetup: {34A19196-274E-4D75-9D30-D7A45A0A4178} - "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

mASetup: {6B9228DA-9C15-419e-856C-19E768A13BDC} - "%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - HIDEC /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\62haq9ke.default\

FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-20 11608]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-5-20 340136]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-20 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-20 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-5-20 428200]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-20 66616]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-4 655944]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-4 22344]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-31 10064]

S2 zuggdnqd;zuggdnqd;c:\windows\system32\drivers\zuggdnqd.sys [2011-6-29 101376]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]

S3 Agerpd;Agerpd; [x]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.271\McCHSvc.exe [2012-3-13 237272]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2011-7-29 9472]

.

=============== Created Last 30 ================

.

2012-07-30 02:09:28 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan

2012-07-30 02:09:18 -------- d-----w- c:\program files\McAfee Security Scan

2012-07-08 00:26:50 43008 ----a-r- c:\windows\system32\drivers\rimsptsk.sys

2012-07-08 00:26:49 90112 ----a-r- c:\windows\system32\snymsico.dll

.

==================== Find3M ====================

.

2012-07-28 02:05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-28 02:05:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 06:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 08:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 08:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 08:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 08:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 08:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 08:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 08:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 08:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 16:07:09.76 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 18/5/2554 19:32:57

System Uptime: 30/7/2555 10:56:00 (6 hours ago)

.

Motherboard: Acer, Inc. | | Nestos

Processor: Intel® Pentium® Dual CPU T2410 @ 2.00GHz | U2E1 | 1999/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 39 GiB total, 19.745 GiB free.

D: is FIXED (NTFS) - 110 GiB total, 50.169 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_011D1025&REV_12\4&28718C8C&0&4AF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_011D1025&REV_12\4&28718C8C&0&4AF0

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_011D1025&REV_12\4&28718C8C&0&4CF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_011D1025&REV_12\4&28718C8C&0&4CF0

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description:

Device ID: ACPI\WEC1023\4&7EDBEB0&0

Manufacturer:

Name:

PNP Device ID: ACPI\WEC1023\4&7EDBEB0&0

Service:

.

==== System Restore Points ===================

.

RP272: 19/6/2555 7:58:02 - System Checkpoint

RP273: 20/6/2555 9:19:12 - System Checkpoint

RP274: 21/6/2555 10:03:23 - System Checkpoint

RP275: 22/6/2555 10:27:19 - System Checkpoint

RP276: 23/6/2555 10:37:17 - System Checkpoint

RP277: 25/6/2555 9:33:55 - System Checkpoint

RP278: 26/6/2555 10:15:20 - System Checkpoint

RP279: 26/6/2555 13:36:27 - Removed Broadcom Gigabit Integrated Controller.

RP280: 26/6/2555 13:52:18 - Installed Broadcom Gigabit Integrated Controller.

RP281: 27/6/2555 19:01:00 - System Checkpoint

RP282: 28/6/2555 5:32:21 - Software Distribution Service 3.0

RP283: 29/6/2555 6:23:01 - System Checkpoint

RP284: 1/7/2555 8:17:17 - System Checkpoint

RP285: 2/7/2555 8:57:24 - System Checkpoint

RP286: 3/7/2555 10:24:05 - System Checkpoint

RP287: 4/7/2555 10:25:26 - System Checkpoint

RP288: 6/7/2555 18:08:00 - System Checkpoint

RP289: 8/7/2555 8:05:04 - System Checkpoint

RP290: 9/7/2555 8:08:41 - System Checkpoint

RP291: 10/7/2555 14:40:55 - System Checkpoint

RP292: 11/7/2555 16:49:17 - System Checkpoint

RP293: 12/7/2555 20:28:00 - Software Distribution Service 3.0

RP294: 14/7/2555 10:47:22 - System Checkpoint

RP295: 14/7/2555 12:49:26 - Software Distribution Service 3.0

RP296: 14/7/2555 12:57:34 - Software Distribution Service 3.0

RP297: 14/7/2555 12:59:21 - Software Distribution Service 3.0

RP298: 15/7/2555 14:27:56 - System Checkpoint

RP299: 16/7/2555 15:19:14 - System Checkpoint

RP300: 17/7/2555 17:29:46 - System Checkpoint

RP301: 19/7/2555 15:22:07 - System Checkpoint

RP302: 21/7/2555 10:16:09 - System Checkpoint

RP303: 24/7/2555 8:17:32 - System Checkpoint

RP304: 25/7/2555 10:13:36 - System Checkpoint

RP305: 26/7/2555 12:24:10 - System Checkpoint

RP306: 28/7/2555 10:07:53 - System Checkpoint

RP307: 29/7/2555 14:23:46 - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS

Adobe Reader X (10.1.3)

Advanced GIF Animator 3.0

Agere Systems HDA Modem

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Artisteer 2

Artisteer 3

Ask Toolbar

Avira AntiVir Premium

Bonjour

Broadcom Driver v4.170.25.12_Foxconn Installation Program

Broadcom Gigabit Integrated Controller

Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn

Camtasia Studio 5

Camtasia Studio 6

Camtasia Studio 7

Canon CanoScan Toolbox 4.1

Canon iP1900 series Printer Driver

Canon iP2700 series Printer Driver

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

CCleaner

CPL All-in-One

CutePDF Writer 2.8

Drive Space Indicator

DVD Decrypter (Remove Only)

eBook Pack Express 1.75 Build 20070830

FileZilla Client 3.5.3

Foxit Reader

Funky Python

Golf Clubmaking Software

Google Chrome

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Instant Video Articles v1.03

iTunes

Java Auto Updater

Java 6 Update 22

Java 6 Update 5

LClock

Magic Article Rewriter

Magic Article Submitter

Magic Tokens Database

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

Micro Niche Finder 5.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 1.1 SP1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Thai) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Thai) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (Thai) 2007

Microsoft Office InfoPath MUI (Thai) 2007

Microsoft Office OneNote MUI (Thai) 2007

Microsoft Office Outlook MUI (Thai) 2007

Microsoft Office PowerPoint MUI (Thai) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Thai) 2007

Microsoft Office Proofing (Thai) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Thai) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (Thai) 2007

Microsoft Office Word MUI (Thai) 2007

Microsoft Software Update for Web Folders (Thai) 12

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual J# 1.1 Redistributable Package

Microsoft Visual J# 2.0 Redistributable

Microsoft Visual J# 2.0 Redistributable Package

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

NVIDIA Drivers

OmniPage SE

OpenOffice.org 3.3

PADexpress v1.51

PADGen 3.1.1.50

PDF2EXE Pro 3.0.0.777

QuickTime

Realtek High Definition Audio Driver

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Software Update for Web Folders

TextPad 5

TreePad Lite 4.3

Trojan Remover 6.8.2

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

Unlocker 1.8.5

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VAIOXP

VeryPDF PDF2Word v2.0

Vista

Vista Drive Indicator!

Vista System Properties

WIDCOMM Bluetooth Software

Windows Driver Package - Intel (NETw4x32) net (10/31/2007 11.5.0.34)

Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37)

Windows Driver Package - Intel net (10/31/2007 11.5.0.34)

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Sidebar

Windows XP Service Pack 3

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

30/7/2555 9:27:50, error: nv [43] - The system sleep operation failed

28/7/2555 18:16:13, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001E6891826D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

28/7/2555 11:31:47, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 44:6D:57:41:AF:7D. Network operations on this system may be disrupted as a result.

27/7/2555 9:31:29, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001E6891826D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

27/7/2555 8:10:38, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

27/7/2555 7:29:14, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm ssmdrv

27/7/2555 7:27:57, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

24/7/2555 5:59:12, error: Service Control Manager [7000] - The zuggdnqd service failed to start due to the following error: Incorrect function.

24/7/2555 5:59:12, error: Service Control Manager [7000] - The helpsvc service failed to start due to the following error: The system cannot find the file specified.

24/7/2555 5:58:03, error: Dhcp [1002] - The IP address lease 192.168.1.42 for the Network Card with network address 001E6891826D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

[Maniac]

Hello pudit and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall Ask Toolbar .

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log

[pudit]

Hi Maniac

I can't perform scan because my PC is hang not movement

see attached pictures

Thanks

Turk

[Maniac]

Please try these tips and let me know:

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=417944entry417944

[pudit]

Here is scan result with safemode

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-30 20:57:42

-----------------------------

20:57:42.625 OS Version: Windows 5.1.2600 Service Pack 3

20:57:42.625 Number of processors: 2 586 0xF0D

20:57:42.625 ComputerName: TURKPUIGREAT UserName:

20:57:44.578 Initialize success

20:58:05.953 AVAST engine defs: 12073000

20:58:07.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

20:58:07.531 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3

20:58:07.562 Disk 0 MBR read successfully

20:58:07.593 Disk 0 MBR scan

20:58:07.656 Disk 0 Windows XP default MBR code

20:58:07.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63

20:58:07.718 Disk 0 Partition - 00 0F Extended LBA 112619 MB offset 81915435

20:58:07.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 112619 MB offset 81915498

20:58:07.781 Disk 0 scanning sectors +312560640

20:58:07.890 Disk 0 scanning C:\WINDOWS\system32\drivers

20:58:16.703 File: C:\WINDOWS\system32\drivers\zuggdnqd.sys **INFECTED** Win32:Rootkit-gen [Rtk]

20:58:16.765 Disk 0 trace - called modules:

20:58:16.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

20:58:17.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a77eab8]

20:58:17.296 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a818198]

20:58:17.531 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a791940]

20:58:18.078 AVAST engine scan C:\WINDOWS

20:58:23.359 AVAST engine scan C:\WINDOWS\system32

21:00:34.343 AVAST engine scan C:\WINDOWS\system32\drivers

21:00:45.812 File: C:\WINDOWS\system32\drivers\zuggdnqd.sys **INFECTED** Win32:Rootkit-gen [Rtk]

21:00:46.796 AVAST engine scan C:\Documents and Settings\Administrator

21:02:08.218 AVAST engine scan C:\Documents and Settings\All Users

21:02:41.406 Scan finished successfully

21:02:56.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"

21:02:56.640 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.30.06

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Administrator :: TURKPUIGREAT [administrator]

Protection: Disabled

30/7/2555 21:03:40

mbam-log-2012-07-30 (21-03-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 186363

Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\Topckit (PUP.Topckit) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Program Files\Topckit (PUP.Topckit) -> Quarantined and deleted successfully.

Files Detected: 2

C:\Documents and Settings\All Users\Application Data\COMMON.DATA (Malware.Trace) -> No action taken.

C:\Program Files\Topckit\Topckit_2012.exe (PUP.Topckit) -> Quarantined and deleted successfully.

(end)

[Maniac]

Do you experience any problem in Normal mode with scanning?

[pudit]

Yes, I still have problem with normal mode. It freeze

Thanks

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[pudit]

Hi

Here is log file. Run with safe mode

Thanks

ComboFix 12-08-05.02 - Administrator 08/06/2012 9:18.4.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2046.1627 [GMT 7:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\DFRB4.tmp

c:\documents and settings\All Users\Application Data\common.data

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\_000017_.tmp.dll

c:\windows\system32\_000018_.tmp.dll

c:\windows\system32\_000019_.tmp.dll

c:\windows\system32\msconfig.exe

c:\windows\system32\SET988.tmp

c:\windows\system32\SET989.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))

.

.

2012-07-31 23:45 . 2012-07-31 23:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-30 13:52 . 2012-07-30 13:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Topckit

2012-07-30 02:10 . 2012-07-30 02:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2012-07-08 00:26 . 2007-07-30 18:42 43008 ----a-r- c:\windows\system32\drivers\rimsptsk.sys

2012-07-08 00:26 . 2004-09-04 11:00 90112 ----a-r- c:\windows\system32\snymsico.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 01:04 . 2012-04-04 23:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-04 01:04 . 2011-05-18 13:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 06:46 . 2011-07-04 06:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19 . 2007-11-28 06:34 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2009-08-19 10:07 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2007-11-28 06:34 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2007-11-28 06:29 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 08:19 . 2001-08-23 20:00 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 08:19 . 2011-05-18 12:27 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 08:19 . 2011-05-18 12:27 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 08:19 . 2011-05-18 12:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 08:19 . 2001-08-23 20:00 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 08:19 . 2011-05-23 03:21 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 08:19 . 2011-05-18 12:27 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 08:19 . 2011-05-18 12:27 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 08:19 . 2007-11-28 06:35 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 08:19 . 2007-11-28 06:33 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 08:19 . 2001-08-23 20:00 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 08:19 . 2011-05-18 12:27 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 08:19 . 2011-05-18 12:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 08:18 . 2007-11-28 06:34 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 08:18 . 2007-11-28 06:34 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 08:18 . 2001-08-23 20:00 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-04 00:56 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2007-11-28 06:34 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2004-08-04 00:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 14:42 . 2004-08-04 00:56 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 11:38 . 2004-08-03 22:59 385024 ----a-w- c:\windows\system32\html.iec

2012-07-29 03:43 . 2011-05-19 23:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

[-] 2007-11-28 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\system32\usp10.dll

.

[-] 2007-11-28 06:31 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"VisualTooltip"="c:\program files\Utilities\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-24 8433664]

"nwiz"="nwiz.exe" [2007-06-24 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-24 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-17 53248]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-20 281768]

"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-05-17 1230848]

"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-07 128512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DriveSpace"=c:\program files\Drive Space Indicator\DrvSpace.exe

"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"%windir%\explorer.exe"= %windir%\explorer.exe

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [20/5/2554 7:41 340136]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/5/2554 7:41 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [20/5/2554 7:41 428200]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/7/2554 13:53 655944]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [8/12/2554 23:34 1527104]

S2 zuggdnqd;zuggdnqd;c:\windows\system32\drivers\zuggdnqd.sys [29/6/2554 9:23 101376]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/4/2555 6:34 250056]

S3 Agerpd;Agerpd; [x]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/7/2554 13:53 22344]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/8/2555 6:45 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2555 19:34 113120]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [29/7/2554 12:25 9472]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [31/5/2554 14:03 10064]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

2004-08-04 00:56 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

2004-08-04 00:56 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:04]

.

2012-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:57]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1202660629-839522115-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-19 00:16]

.

2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1202660629-839522115-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-19 00:16]

.

2012-08-06 c:\windows\Tasks\User_Feed_Synchronization-{0AC78C17-56EC-49E5-A9B2-2B402427B2E2}.job

- c:\windows\system32\msfeedssync.exe [2011-05-18 21:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.pudit.com/

uInternet Settings,ProxyOverride = *.local

IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 203.144.206.29 203.144.206.49

DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://cctvbanchang.dyndns.org:81/AVC_AX_742.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\62haq9ke.default\

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-zuggdnqd

HKLM_ActiveSetup-{D58F39FF-953E-4F45-898F-59F243B9A523} - HIDEC

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-06 09:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-583907252-1202660629-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,e6,b3,9f,6a,70,1d,41,a4,d5,b0,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,e6,b3,9f,6a,70,1d,41,a4,d5,b0,\

.

Completion time: 2012-08-06 09:23:58

ComboFix-quarantined-files.txt 2012-08-06 02:23

.

Pre-Run: 21,027,536,896 bytes free

Post-Run: 21,722,152,960 bytes free

.

- - End Of File - - D8CF43527DD069213C76B23A372CF37D

[Maniac]

Please open www.virustotal.com and upload one by one the following files:

c:\windows\system32\usp10.dll

c:\windows\system32\mspmsnsv.dll

Wait until scan finished and then copy/paste the URL in your next reply here.

[pudit]

SHA256: 95e6990e718ac70b28fa6d988efac32c1ad19b2f2daf524ce3546db5b6889073 File name: usp10.dll Detection ratio: 0 / 42 Analysis date: 2012-08-07 02:37:40 UTC ( 0 minutes ago ) SHA256: f776d2680bd3407307b7072626f78460361fc5bc38623c9e16f394d300ab25de SHA1: c61095f51df41e64b3f034458958c918f0d6f8a8 MD5: c51b4a5c05a5475708e3c81c7765b71d File size: 26.5 KB ( 27136 bytes ) File name: mspmsnsv.dll File type: Win32 DLL Detection ratio: 0 / 42 Analysis date: 2012-08-07 02:41:04 UTC ( 0 minutes ago )

[Maniac]

Good, thanks!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!