Cant install/ run Malwarebytes after getting Trojan

[seankga]

OK I have been fighting this thing for a couple days now trying to get something working with almost no success.

I am running WinXP, CA Etrust Antivirus and for extra protection I have AVG free version. I had Malwarebytes installed but would not run until this morning.

My computer got a Trojan horse Pakes.CKF and the Spyware Protect 2009. At first it was just annoying with the on top pop ups Spyware Protect 2009, and also one for Google INstaller that is still poping up. I also cannot boot into Windows every time. Sometimes as soon as I hit OK after entering my password it just stays on the blue screen, other times I see my desktop wallpaper and that is all. When that happens I can run things from Taskmanager.

I scanned with both virus scanners, Etrust apparently was not up to date because it did not find anything. AVG found the Trojan but would not clean it. Later on Etrust found and cleaned it once I got it updated. The popups are gone and I am getting a clean scan.

However, I cannot install or run any spyware removal tools. I cannot even go to their websites. I have been able to download them through Download.com, but when trying to go to the websites I get a blank page. I can go to other webpages unless they involve spyware removal.

I already had Malwarebytes installed, but it would not run. ONe note here is that when I try and run it the process shows up in Task Manager. Through Download.com I have redownloaded the Malwarebytes install and it will not do anything. Spybot installed, but will not run. Adaware installed but would not run. This morning I removed Malwarebytes to reinstall because now I can boot into Windows almost every time, so its looking better but Malwarebytes would not install. I also tried Hijackthis with the same results, download from Download.com and try to install with no results.

I tried this yesterday and it worked, but today it will not. CMD /C SC QUERY >C:\MYSERVICES.TXT | NOTEPAD C:\MYSERVICES.TXT I will post the results from yesterday below.

I have disabled both virus scans by following these instructions

"Click on START - RUN and type in SERVICES.MSC and click OK

Then scroll down through the entire list and look for ALL services with the word Etrust and AVG in the list.

Write down on a piece of paper their current STARTUP TYPE setting. ie. AUTO, MANUAL, DISABLED

Then set all of those with the word McAfee in them to DISABLED and reboot your computer and attempt to install MBAM again."

I did the things here http://www.malwarebytes.org/forums/index.php?showtopic=2936

Logs from yesterday - not sure why when I run this today it just brings up a blank txt document.

SERVICE_NAME: ALG

DISPLAY_NAME: Application Layer Gateway Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Apple Mobile Device

DISPLAY_NAME: Apple Mobile Device

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: AudioSrv

DISPLAY_NAME: Windows Audio

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: avg8wd

DISPLAY_NAME: AVG Free8 WatchDog

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Browser

DISPLAY_NAME: Computer Browser

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: CryptSvc

DISPLAY_NAME: Cryptographic Services

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: DAMaint

DISPLAY_NAME: Desktop Authority Maintenance Service

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: DcomLaunch

DISPLAY_NAME: DCOM Server Process Launcher

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: DesktopAuthority

DISPLAY_NAME: Desktop Authority Service

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Dhcp

DISPLAY_NAME: DHCP Client

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Dnscache

DISPLAY_NAME: DNS Client

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ERSvc

DISPLAY_NAME: Error Reporting Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Eventlog

DISPLAY_NAME: Event Log

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: EventSystem

DISPLAY_NAME: COM+ Event System

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: EvtEng

DISPLAY_NAME: Intel® PROSet/Wireless Event Log

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: helpsvc

DISPLAY_NAME: Help and Support

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: HidServ

DISPLAY_NAME: HID Input Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: InoRPC

DISPLAY_NAME: eTrust Antivirus RPC Server

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: InoRT

DISPLAY_NAME: eTrust Antivirus Realtime Server

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: InoTask

DISPLAY_NAME: eTrust Antivirus Job Server

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: JavaQuickStarterService

DISPLAY_NAME: Java Quick Starter

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: lanmanserver

DISPLAY_NAME: Server

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: lanmanworkstation

DISPLAY_NAME: Workstation

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: LmHosts

DISPLAY_NAME: TCP/IP NetBIOS Helper

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Messenger

DISPLAY_NAME: Messenger

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Netlogon

DISPLAY_NAME: Net Logon

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Netman

DISPLAY_NAME: Network Connections

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Nla

DISPLAY_NAME: Network Location Awareness (NLA)

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: PlugPlay

DISPLAY_NAME: Plug and Play

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: PolicyAgent

DISPLAY_NAME: IPSEC Services

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ProtectedStorage

DISPLAY_NAME: Protected Storage

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RasMan

DISPLAY_NAME: Remote Access Connection Manager

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RegSrvc

DISPLAY_NAME: Intel® PROSet/Wireless Registry Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RemoteRegistry

DISPLAY_NAME: Remote Registry

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RpcSs

DISPLAY_NAME: Remote Procedure Call (RPC)

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: S24EventMonitor

DISPLAY_NAME: Intel® PROSet/Wireless Service

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SamSs

DISPLAY_NAME: Security Accounts Manager

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SCardSvr

DISPLAY_NAME: Smart Card

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Schedule

DISPLAY_NAME: Task Scheduler

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: seclogon

DISPLAY_NAME: Secondary Logon

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SENS

DISPLAY_NAME: System Event Notification

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SharedAccess

DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ShellHWDetection

DISPLAY_NAME: Shell Hardware Detection

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Spooler

DISPLAY_NAME: Print Spooler

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: srservice

DISPLAY_NAME: System Restore Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SSDPSRV

DISPLAY_NAME: SSDP Discovery Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: stisvc

DISPLAY_NAME: Windows Image Acquisition (WIA)

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: TapiSrv

DISPLAY_NAME: Telephony

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: TermService

DISPLAY_NAME: Terminal Services

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Themes

DISPLAY_NAME: Themes

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: TrkWks

DISPLAY_NAME: Distributed Link Tracking Client

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: W32Time

DISPLAY_NAME: Windows Time

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WebClient

DISPLAY_NAME: WebClient

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: winmgmt

DISPLAY_NAME: Windows Management Instrumentation

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WLANKEEPER

DISPLAY_NAME: Intel® PROSet/Wireless SSO Service

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: wltrysvc

DISPLAY_NAME: Dell Wireless WLAN Tray Service

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: wuauserv

DISPLAY_NAME: Automatic Updates

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WudfSvc

DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

Thanks

[AdvancedSetup]

Please try to download and run this. Copy and burn to CD from a friends computer if you need to.

Please visit this webpage for instructions for downloading ComboFix to your

DESKTOP

:

how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run

ComboFix.exe

on your DESKTOP and not from any other folder.

Also,

DO NOT

click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

ComboFix.exe

ComboFix.exe

ComboFix.exe

Note:

The

Windows Recovery Console

will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click
  Yes
  to allow ComboFix to continue scanning for malware.
  
  
• When the tool is finished, it will produce a report for you.
  
  
• Please post the
  C:\ComboFix.txt
  along with a
  new HijackThis log
  so we may continue cleaning the system.
  
  

[seankga]

OK, I followed those instructions and was able to get the Recovery Console installed. I got ComboFix downloaded fine, but it will not run. I am not clicking anything to see if it runs while I am reporting this.

Thanks

[seankga]

While I am waiting on the next response I wanted to try installing other programs. I had no issue installing a DVD Ripper program and MWSnap, a screenshot program. There is something in here keeping it from installing helpful programs. I have personally never seen anything like this.

[AdvancedSetup]

Please download and try running this: randmbam.exe

It will try to create random names and shortcuts for MBAM if you have it installed already. If this does not work, and renaming Combofix doesn't work in Normal mode or in Safe Mode then you'll probably need to run this.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

• Download the
  Avira AntiVir Rescue System
  from
  here
• Place a blank CD in your burner and double-click on the downloaded file.
  
  
• The program will automatically burn the CD for you.
  
  
• Place the burned CD into the affected computer and start the computer from this CD.
  
  
• On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
  
  
• Click on the
  Configuration
  button.
  
  
  • Select
    Scan all files
  • Select
    Try to repair infected files
    and
    Rename files, if they cannot be removed
    
    
  • Select
    Scan for dialers
    
    
  • Select
    Scan for joke programs (Jokes)
    
    
  • Select
    Scan for games
    
    
  • Select
    Scan for spyware (SPR)
    
    
  [*]
  Click on
  Virus scanner
  [*]
  Click on
  Start scanner
  at the bottom of the screen
  [*]
  Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Screen resolution problems

Please see the post

here

if you're unable to view the entire screen of Avira.

[seankga]

OK, I still could not run Mbam at first, but was able to rename combofix and it worked. It deleted a bunch of files. After it was done I was able to run mbam. Here is the Mbam log:

Malwarebytes' Anti-Malware 1.34

Database version: 1854

Windows 5.1.2600 Service Pack 3

2009-03-16 11:14:18

mbam-log-2009-03-16 (11-14-18).txt

Scan type: Full Scan (C:\|)

Objects scanned: 202367

Time elapsed: 50 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACivxepatn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClutosupq.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrtqsqmtw.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwefqrssj.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwoekwqqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

I ran Mbam again after it found those infections and the second time it found nothing.

The combo fix log info is below. Hopefully I am all done.

ComboFix 09-03-15.01 - skelley 2009-03-16 10:01:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.622 [GMT -4:00]

Running from: c:\documents and settings\skelley\Desktop\stupid.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\skelley\Application Data\Google\mcscrlp32.dll

c:\windows\f49f4daa.dat

c:\windows\system32\drivers\UACfuxdqbrp.sys

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\lowsec\user.ds.lll

c:\windows\system32\sdra64.exe

c:\windows\system32\uacinit.dll

c:\windows\system32\UACivxepatn.dll

c:\windows\system32\UACltoarlar.log

c:\windows\system32\UAClutosupq.dll

c:\windows\system32\UACrtqsqmtw.dll

c:\windows\system32\UACsjenxdap.log

c:\windows\system32\UACtmiawgfm.log

c:\windows\system32\UACwefqrssj.dll

c:\windows\system32\UACwoekwqqp.dll

c:\windows\system32\UACwxjoepap.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))

.

2009-03-16 09:47 . 2009-03-16 09:47 <DIR> d-------- C:\123456789

2009-03-16 09:40 . 2009-03-16 09:44 <DIR> d-------- C:\renoFix

2009-03-16 09:25 . 2009-03-16 09:25 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\HotSync

2009-03-16 09:24 . 2008-06-04 23:47 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\Intel

2009-03-16 09:24 . 2009-03-16 09:25 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\AVGTOOLBAR

2009-03-16 09:24 . 2009-03-16 09:24 <DIR> d-------- c:\documents and settings\administrator.DOMAIN

2009-03-13 10:49 . 2005-11-21 01:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL

2009-03-13 10:49 . 2005-11-21 01:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS

2009-03-11 10:23 . 2009-03-11 10:23 21,622 --a------ c:\windows\system32\AAWService_2009_03_11_10_23_58.dmp

2009-03-11 00:46 . 2009-03-11 16:40 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-03-11 00:46 . 2009-03-11 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-10 23:39 . 2009-03-11 15:03 <DIR> d-------- c:\program files\Lavasoft

2009-03-10 23:39 . 2009-03-11 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-03-10 22:52 . 2009-03-10 22:52 <DIR> d-------- C:\31.6.6389

2009-03-10 15:05 . 2009-03-10 15:05 1,152 --a------ c:\windows\system32\windrv.sys

2009-03-10 15:01 . 2009-03-10 15:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PKWARE

2009-03-10 00:02 . 2008-06-04 23:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel

2009-03-10 00:02 . 2009-03-10 00:02 <DIR> d-------- c:\documents and settings\Administrator

2009-03-09 21:46 . 2009-03-11 14:57 <DIR> d-------- c:\program files\Enigma Software Group

2009-03-05 17:53 . 2009-03-16 10:12 <DIR> d-------- c:\program files\DNA

2009-03-05 17:53 . 2009-03-16 10:12 <DIR> d-------- c:\documents and settings\skelley\Application Data\DNA

2009-03-04 09:37 . 2009-03-16 09:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-04 09:37 . 2009-03-04 09:37 <DIR> d-------- c:\documents and settings\skelley\Application Data\Malwarebytes

2009-03-04 09:37 . 2009-03-04 09:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-04 09:37 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-04 09:37 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-02 17:29 . 2009-03-02 17:29 <DIR> d-------- c:\program files\Opera

2009-02-21 03:44 . 2009-02-21 03:45 <DIR> d-------- C:\0bdcdda7fbb2ea5367e69b75

2009-02-21 03:30 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-02-21 03:04 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-02-21 03:02 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-02-21 03:01 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-21 03:01 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-21 03:01 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2009-02-21 03:01 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-02-21 03:00 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-02-21 03:00 . 2008-05-01 10:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2009-02-21 02:59 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-02-21 02:57 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-02-21 02:57 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-02-21 02:40 . 2004-08-04 06:00 221,184 --a------ c:\windows\system32\wmpns.dll

2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\scripting

2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\en

2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\bits

2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\l2schemas

2009-02-21 02:19 . 2009-02-21 02:19 <DIR> d-------- c:\windows\ServicePackFiles

2009-02-21 01:49 . 2004-08-03 23:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys

2009-02-21 01:27 . 2008-10-16 15:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-02-21 01:27 . 2008-10-16 15:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-02-21 01:27 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-02-21 01:27 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

2009-02-21 01:27 . 2008-10-16 15:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui

2009-02-21 01:20 . 2009-02-21 02:38 <DIR> d-------- C:\4604f652beba65845e8ead18d6e313

2009-02-17 16:45 . 2009-02-17 16:45 <DIR> d-------- c:\program files\MSECache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-16 13:59 --------- d-----w c:\program files\DesktopAuthority

2009-03-11 19:13 --------- d-----w c:\program files\Google

2009-03-10 07:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-03-01 20:37 --------- d-----w c:\documents and settings\skelley\Application Data\Nvu

2009-02-25 20:01 --------- d-----w c:\program files\Paint.NET

2009-02-06 21:18 --------- d-----w c:\documents and settings\skelley\Application Data\FileZilla

2009-02-06 06:49 --------- d-----w c:\program files\FileZilla

2009-02-04 17:26 --------- d-----w c:\program files\IrfanView

2009-02-04 13:55 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-03 19:42 --------- d-----w c:\documents and settings\skelley\Application Data\VSRevoGroup

2009-01-30 16:52 --------- d-----w c:\documents and settings\skelley\Application Data\OpenOffice.org

2009-01-30 16:46 --------- d-----w c:\program files\OpenOffice.org 3

2009-01-30 16:46 --------- d-----w c:\program files\JRE

2009-01-30 16:42 --------- d-----w c:\program files\OpenOffice.org 2.4

2009-01-30 16:16 --------- d-----w c:\documents and settings\skelley\Application Data\CoreFTP

2009-01-30 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP

2009-01-30 16:12 --------- d-----w c:\program files\FileZilla FTP Client

2009-01-30 15:13 --------- d-----w c:\documents and settings\skelley\Application Data\OpenOffice.org2

2009-01-29 22:19 --------- d-----w c:\program files\MSBuild

2009-01-29 22:14 --------- d-----w c:\program files\Reference Assemblies

2009-01-29 19:32 --------- d-----w c:\program files\PhotoScape

2009-01-29 19:29 --------- d-----w c:\documents and settings\skelley\Application Data\gtk-2.0

2009-01-29 19:04 --------- d-----w c:\program files\GIMP-2.0

2009-01-23 20:49 --------- d-----w c:\documents and settings\skelley\Application Data\SecondLife

2009-01-23 16:13 --------- d-----w c:\program files\Support Tools

2009-01-23 16:13 --------- d-----w c:\program files\Nvu

2009-01-23 16:06 --------- d-----w c:\program files\VS Revo Group

2009-01-21 16:26 --------- d-----w c:\documents and settings\skelley\Application Data\ACSTechnologies

2008-12-27 08:03 89,480 ----a-w c:\documents and settings\skelley\Application Data\GDIPFONTCACHEV1.DAT

2008-06-26 18:58 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Google Update"="c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-05 321344]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]

"Desktop Authority GUI"="c:\program files\DesktopAuthority\ragui.exe" [2005-03-24 409600]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143360]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]

"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2004-02-15 622661]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]

"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"PKWARE Certificate Proxy Client"="c:\progra~1\PKWARE\PKZIPW\pkpcsr.exe" [2008-08-04 238928]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\skelley\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-04 09:55 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2000:TCP"= 2000:TCP:DA Remote Management

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 325128]

R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\DesktopAuthority\rainfo.sys [2008-06-04 6400]

R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\DesktopAuthority\ramaint.exe [2008-06-04 49152]

R2 DesktopAuthority;Desktop Authority Service;c:\program files\DesktopAuthority\DesktopAuthority.exe [2008-06-04 1081344]

R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-06-04 2944]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-26 29744]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1576e50c-3ba6-11dd-b848-0015c559bbd9}]

\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe

\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60d8d77-c668-11dd-b95a-0015c559bbd9}]

\Shell\AutoRun\command - E:\setupSNK.exe

.

Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1580436667-1202660629-1282.job

- c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 08:56]

.

- - - - ORPHANS REMOVED - - - -

BHO-{C9C42510-9B21-41c1-9DCD-8382A2D07C61} - (no file)

HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe

.

------- Supplementary Scan -------

.

uStart Page = file://rsbc1/intranet/index.htm

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\skelley\Application Data\Mozilla\Firefox\Profiles\hwcek3z2.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-16 10:13:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\windows\system32\scardsvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\windows\system32\SLAgent.exe

.

**************************************************************************

.

Completion time: 2009-03-16 10:16:43 - machine was rebooted [skelley]

ComboFix-quarantined-files.txt 2009-03-16 14:16:40

Pre-Run: 32,336,429,056 bytes free

Post-Run: 32,718,430,208 bytes free

244

[AdvancedSetup]

Good. Please run the following scanner.

Download

DDS

and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click

dds.scr

to run the tool.

When done, the

DDS.txt

will open.

Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt
   
   

• Save both reports to your desktop
• Please include the following logs in your next reply:
  DDS.txt
  and
  Attach.txt
  
  

[seankga]

Here they are, thanks.

DDS.txt:

DDS (Ver_09-03-16.01) - NTFSx86

Run by skelley at 9:34:02.35 on 2009-03-18

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.532 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\DesktopAuthority\RaMaint.exe

C:\Program Files\DesktopAuthority\DesktopAuthority.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\slagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DesktopAuthority\ragui.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcrobatInfo.exe

C:\Documents and Settings\skelley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file://rsbc1/intranet/index.htm

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - No File

BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\skelley\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Desktop Authority GUI] "c:\program files\desktopauthority\ragui.exe"

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper

mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

StartupFolder: c:\docume~1\skelley\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.roswellstreet.com/XTSAC.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235193978000

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://remote.roswellstreet.com/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\pkmcdo.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\skelley\applic~1\mozilla\firefox\profiles\hwcek3z2.default\

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\skelley\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-24 325128]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-24 27656]

R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\desktopauthority\rainfo.sys [2008-6-4 6400]

R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\desktopauthority\ramaint.exe [2008-6-4 49152]

R2 DesktopAuthority;Desktop Authority Service;c:\program files\desktopauthority\DesktopAuthority.exe [2008-6-4 1081344]

R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-6-4 2944]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-26 29744]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-4 298264]

=============== Created Last 30 ================

2009-03-16 21:42 113,847 a----r-- c:\windows\system32\drivers\Apfiltr.sys

2009-03-16 21:42 95,511 a----r-- c:\windows\system32\Vxdif.dll

2009-03-16 21:42 <DIR> --d----- c:\program files\Apoint

2009-03-16 15:47 <DIR> --d----- c:\program files\Trend Micro

2009-03-16 09:49 161,792 a------- c:\windows\SWREG.exe

2009-03-16 09:49 98,816 a------- c:\windows\sed.exe

2009-03-16 09:47 <DIR> --d----- C:\123456789

2009-03-16 09:40 <DIR> --d----- C:\renoFix

2009-03-13 10:49 45,056 a------- c:\windows\system32\WNASPI32.DLL

2009-03-13 10:49 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS

2009-03-13 09:20 <DIR> --dshr-- C:\cmdcons

2009-03-13 09:20 <DIR> --d----- c:\windows\setup.pss

2009-03-13 09:20 <DIR> --d----- c:\windows\setupupd

2009-03-11 10:23 21,622 a------- c:\windows\system32\AAWService_2009_03_11_10_23_58.dmp

2009-03-11 00:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2009-03-11 00:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-03-10 23:39 <DIR> --d----- c:\program files\Lavasoft

2009-03-10 22:52 <DIR> --d----- C:\31.6.6389

2009-03-10 15:05 1,152 a------- c:\windows\system32\windrv.sys

2009-03-09 21:46 <DIR> --d----- c:\program files\Enigma Software Group

2009-03-05 17:53 <DIR> --d----- c:\program files\DNA

2009-03-05 17:53 <DIR> --d----- c:\docume~1\skelley\applic~1\DNA

2009-03-04 09:37 <DIR> --d----- c:\docume~1\skelley\applic~1\Malwarebytes

2009-03-04 09:37 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-03-04 09:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-04 09:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-03-04 09:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-02-21 03:44 <DIR> --d----- C:\0bdcdda7fbb2ea5367e69b75

2009-02-21 03:30 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

2009-02-21 03:04 333,952 -c------ c:\windows\system32\dllcache\srv.sys

2009-02-21 03:02 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-02-21 03:01 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2009-02-21 03:01 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

2009-02-21 03:01 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-21 03:01 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-21 03:00 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys

2009-02-21 03:00 331,776 -c------ c:\windows\system32\dllcache\msadce.dll

2009-02-21 02:59 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll

2009-02-21 02:57 272,128 -c------ c:\windows\system32\dllcache\bthport.sys

2009-02-21 02:57 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys

2009-02-21 02:40 221,184 a------- c:\windows\system32\wmpns.dll

2009-02-21 02:26 <DIR> --d----- c:\windows\system32\scripting

2009-02-21 02:26 <DIR> --d----- c:\windows\l2schemas

2009-02-21 02:26 <DIR> --d----- c:\windows\system32\en

2009-02-21 02:26 <DIR> --d----- c:\windows\system32\bits

2009-02-21 02:19 <DIR> --d----- c:\windows\ServicePackFiles

2009-02-21 02:15 <DIR> --d----- c:\windows\network diagnostic

2009-02-21 01:49 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys

2009-02-21 01:27 31,768 a------- c:\windows\system32\wucltui.dll.mui

2009-02-21 01:27 18,456 a------- c:\windows\system32\wuaueng.dll.mui

2009-02-21 01:27 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-02-21 01:27 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui

2009-02-21 01:27 23,576 a------- c:\windows\system32\wuapi.dll.mui

2009-02-21 01:20 <DIR> --d----- C:\4604f652beba65845e8ead18d6e313

2009-02-17 16:45 <DIR> --d----- c:\program files\MSECache

==================== Find3M ====================

2009-02-21 02:31 88,579 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-02-04 09:55 325,128 a------- c:\windows\system32\drivers\avgldx86.sys

2009-02-04 09:55 10,520 a------- c:\windows\system32\avgrsstx.dll

2008-12-27 04:03 89,480 a------- c:\docume~1\skelley\applic~1\GDIPFONTCACHEV1.DAT

2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 9:34:38.94 ===============

Attach.txt

Attach.txt

[miekiemoes]

Hi,

Your logs look OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

[seankga]

Seems like everything is back to normal except my clock is on 24hr not am and pm.

Thanks for all the help.

[miekiemoes]

except my clock is on 24hr not am and pm.

Have you uninstalled Combofix?

If you did and it didn't adjust your clock settings, then, Go to start > run and type: intl.cpl

Hit enter

The Regional Settings properties should open now.

Under the tab Regional options > standards and formats, from the dropdown list, choose your region > click apply and ok.

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.