Another click.giftload problem - :(

**nicks_scotland** · 2011-04-04, 12:32

Sorry it's taken me so long to reply.

Computer seems to be taking an age to do anything just now as well :(

Logs below....

*********************
Combofix

ComboFix 11-04-01.01 - user 02/04/2011 17:35:31.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2015.1525 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-01 11:49 . 2011-04-02 08:29 -------- d-----w- c:\windows\$XNTUninstall643$
2011-03-31 16:26 . 2011-03-31 16:26 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-03-31 09:15 . 2011-03-31 09:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-31 09:09 . 2011-03-31 09:09 -------- d-----w- c:\program files\ERUNT
2011-03-31 08:49 . 2006-10-12 03:10 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2011-03-31 08:21 . 2011-03-31 08:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft Help
2011-03-29 15:32 . 2011-03-29 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-29 15:32 . 2011-03-29 15:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-23 11:00 . 2011-03-23 11:00 -------- d-----w- c:\program files\Common Files\L&H
2011-03-23 10:59 . 2011-03-23 10:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-03-23 10:57 . 2011-03-23 10:57 -------- d-----w- c:\program files\Microsoft.NET
2011-03-23 10:55 . 2011-03-23 10:55 -------- d-----r- C:\MSOCache
2011-03-23 09:51 . 2006-10-26 19:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-03-23 09:51 . 2006-10-26 19:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-03-23 09:45 . 2011-03-26 09:37 -------- d-----w- c:\program files\Microsoft Works
2011-03-23 09:18 . 2011-03-23 09:18 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Microsoft Help
2011-03-23 09:18 . 2011-03-31 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-03-21 14:01 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-21 14:01 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-03-21 14:01 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-21 14:01 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-03-21 14:01 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-21 14:01 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-21 14:01 . 2011-03-21 14:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-21 13:45 . 2011-03-21 13:46 -------- d-----w- c:\documents and settings\user\Application Data\DivX
2011-03-21 13:43 . 2011-03-21 13:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-03-21 13:38 . 2011-03-21 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-03-21 13:33 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-21 13:33 . 2011-03-21 13:33 -------- d-----w- c:\program files\XP Codec Pack
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 08:00 . 2008-12-17 17:22 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-13 08:47 . 2010-07-02 08:20 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2008-08-27 14:12 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2008-08-27 14:12 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2008-08-27 14:12 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2008-08-27 14:12 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2008-08-27 14:12 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2008-08-27 14:12 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2008-08-27 14:12 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2008-08-27 14:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2004-09-02 49152]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"MBoxUtil Clean"="c:\program files\KONICA MINOLTA\BOX Utility\BoxUtil.exe" [2004-03-22 614400]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Rapid.LNK - c:\qaddress\Rapid32.315\qarapidn.exe [2007-9-21 465408]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-3-25 331776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Nicola\\odds\\utorrent.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24/09/2009 06:40 19592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/08/2008 15:12 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/08/2008 15:12 17744]
R3 EUCR;ENE USB Mass Storage;c:\windows\system32\drivers\EUCR6SK.sys [13/05/2005 05:09 40576]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 12:27 135664]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24/09/2009 14:38 22528]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/06/2009 15:01 25480]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30/11/2007 12:27 558592]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 10:48]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 11:27]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\e26cpkhm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 17:44
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2640)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-02 17:48:43
ComboFix-quarantined-files.txt 2011-04-02 16:48
ComboFix2.txt 2011-04-02 14:45
.
Pre-Run: 59,263,418,368 bytes free
Post-Run: 59,251,220,480 bytes free
.
- - End Of File - - 6DEF61B10CA637D5960FE1517BE9DADF
*******************

ESET

ComboFix 11-04-01.01 - user 02/04/2011 17:35:31.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2015.1525 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-01 11:49 . 2011-04-02 08:29 -------- d-----w- c:\windows\$XNTUninstall643$
2011-03-31 16:26 . 2011-03-31 16:26 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-03-31 09:15 . 2011-03-31 09:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-31 09:09 . 2011-03-31 09:09 -------- d-----w- c:\program files\ERUNT
2011-03-31 08:49 . 2006-10-12 03:10 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2011-03-31 08:21 . 2011-03-31 08:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft Help
2011-03-29 15:32 . 2011-03-29 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-29 15:32 . 2011-03-29 15:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-23 11:00 . 2011-03-23 11:00 -------- d-----w- c:\program files\Common Files\L&H
2011-03-23 10:59 . 2011-03-23 10:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-03-23 10:57 . 2011-03-23 10:57 -------- d-----w- c:\program files\Microsoft.NET
2011-03-23 10:55 . 2011-03-23 10:55 -------- d-----r- C:\MSOCache
2011-03-23 09:51 . 2006-10-26 19:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-03-23 09:51 . 2006-10-26 19:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-03-23 09:45 . 2011-03-26 09:37 -------- d-----w- c:\program files\Microsoft Works
2011-03-23 09:18 . 2011-03-23 09:18 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Microsoft Help
2011-03-23 09:18 . 2011-03-31 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-03-21 14:01 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-21 14:01 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-03-21 14:01 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-21 14:01 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-03-21 14:01 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-21 14:01 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-21 14:01 . 2011-03-21 14:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-21 13:45 . 2011-03-21 13:46 -------- d-----w- c:\documents and settings\user\Application Data\DivX
2011-03-21 13:43 . 2011-03-21 13:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-03-21 13:38 . 2011-03-21 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-03-21 13:33 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-21 13:33 . 2011-03-21 13:33 -------- d-----w- c:\program files\XP Codec Pack
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 08:00 . 2008-12-17 17:22 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-13 08:47 . 2010-07-02 08:20 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2008-08-27 14:12 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2008-08-27 14:12 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2008-08-27 14:12 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2008-08-27 14:12 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2008-08-27 14:12 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2008-08-27 14:12 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2008-08-27 14:12 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2008-08-27 14:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2004-09-02 49152]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"MBoxUtil Clean"="c:\program files\KONICA MINOLTA\BOX Utility\BoxUtil.exe" [2004-03-22 614400]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Rapid.LNK - c:\qaddress\Rapid32.315\qarapidn.exe [2007-9-21 465408]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-3-25 331776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Nicola\\odds\\utorrent.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24/09/2009 06:40 19592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/08/2008 15:12 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/08/2008 15:12 17744]
R3 EUCR;ENE USB Mass Storage;c:\windows\system32\drivers\EUCR6SK.sys [13/05/2005 05:09 40576]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 12:27 135664]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24/09/2009 14:38 22528]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/06/2009 15:01 25480]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30/11/2007 12:27 558592]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 10:48]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 11:27]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\e26cpkhm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 17:44
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2640)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-02 17:48:43
ComboFix-quarantined-files.txt 2011-04-02 16:48
ComboFix2.txt 2011-04-02 14:45
.
Pre-Run: 59,263,418,368 bytes free
Post-Run: 59,251,220,480 bytes free
.
- - End Of File - - 6DEF61B10CA637D5960FE1517BE9DADF

**********************

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 11:23:14.12 on 04/04/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2015.1563 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\dds(3).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [scheduler_monitor] c:\program files\reaconverter 5.5 pro\init_scheduler.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [MBoxUtil Clean] c:\program files\konica minolta\box utility\BoxUtil.exe /clean
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rapid.lnk - c:\qaddress\rapid32.315\qarapidn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\msoffice\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\mahjong escape - ancient japan\images\stg_drm.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://almcam2.lofer.at:1003//activex/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\mahjong escape - ancient japan\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\e26cpkhm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\e26cpkhm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\e26cpkhm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\user\application data\facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\user\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-9-24 19592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-8-27 294608]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-27 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-18 40384]
R3 EUCR;ENE USB Mass Storage;c:\windows\system32\drivers\EUCR6SK.sys [2005-5-13 40576]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-9-24 22528]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-6-17 25480]
S3 rcp_service;ReaConverter scheduler service;c:\program files\reaconverter 5.5 pro\rcp_scheduler.exe [2007-11-30 558592]
.
=============== Created Last 30 ================
.
2011-04-02 17:16:34 -------- d-----w- c:\program files\ESET
2011-04-02 17:10:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 17:10:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 17:10:36 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-02 14:32:37 -------- d-sha-r- C:\cmdcons
2011-04-02 14:24:08 98816 ----a-w- c:\windows\sed.exe
2011-04-02 14:24:08 89088 ----a-w- c:\windows\MBR.exe
2011-04-02 14:24:08 256512 ----a-w- c:\windows\PEV.exe
2011-04-02 14:24:08 161792 ----a-w- c:\windows\SWREG.exe
2011-04-01 11:49:27 -------- d-----w- c:\windows\$XNTUninstall643$
2011-03-29 15:32:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-29 15:32:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-23 11:00:25 -------- d-----w- c:\program files\common files\L&H
2011-03-23 10:59:50 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-03-23 09:51:09 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-03-23 09:51:08 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-03-23 09:18:28 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Microsoft Help
2011-03-21 14:01:36 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-21 14:01:23 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-03-21 14:01:22 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-21 14:01:22 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-03-21 14:01:21 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-21 14:01:21 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-21 14:01:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-21 13:43:00 -------- d-----w- c:\program files\common files\DivX Shared
2011-03-21 13:38:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-21 13:33:42 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-21 13:33:25 -------- d-----w- c:\program files\XP Codec Pack
.
==================== Find3M ====================
.
2011-02-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 11:24:57.92 ===============

****************

**nicks_scotland** · 2011-04-04, 12:53

Oops and Sorry, I seem to have pasted the combofix log twice instead of the eset log.

eset below:
C:\Documents and Settings\All Users\Application Data\SecTaskMan\mbdwt.dll.q_E6D8004_q a variant of Win32/Adware.Lifze.R application
C:\Qoobox\Quarantine\C\WINDOWS\sedmgac.dll.vir a variant of Win32/Cimag.GN trojan
C:\System Volume Information\_restore{F930169F-4B0C-43D4-9D10-C9462D70F0A9}\RP1644\A0455312.dll a variant of Win32/Adware.Lifze.R application
C:\System Volume Information\_restore{F930169F-4B0C-43D4-9D10-C9462D70F0A9}\RP1645\A0456423.dll a variant of Win32/Cimag.GN trojan

**Blade81** · 2011-04-04, 15:33

Hi again,

Delete C:\Documents and Settings\All Users\Application Data\SecTaskMan\mbdwt.dll.q_E6D8004_q file.

Is some specific operation slow there? Windows XP service pack 3 and Windows Internet Explorer 8 should be installed.

**nicks_scotland** · 2011-04-04, 16:13

Hi,

I've deleted that file. The speed of the computer has gone mostly back to normal after I rebooted.

The only thing that I've noticed is slower than usual is waiting for it to populate the list when I click on "add remove programs". But it does show the list after a wee bit.

I don't use ie, I use firefox and it's fine now.

Anything else you think I need to do?

Cheers again for the help, so much appreciated. :D

**nicks_scotland** · 2011-04-04, 16:14

Hrm, seems I only have service pack 2. You're saying I should update, right?

**Blade81** · 2011-04-04, 16:22

Hrm, seems I only have service pack 2. You're saying I should update, right?

Yes, and Windows Internet Explorer 8 too.

Before that uninstall ComboFix though:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

**nicks_scotland** · 2011-04-04, 17:58

Aaargh!! Sp3 seems to have completely disabled my wireless/network card.

Just looking for updated drivers for it on another computer! :(

**nicks_scotland** · 2011-04-04, 21:28

Oh dear. I want to swear but I won't!!

None of the drivers or the fixes worked to get my wireless/network router working again, so I uninstalled sp3!!

But now my computer won't boot up at all, not in normal mode, not in safe mode and not to the last known good configuration. It gets so far, windows screen comes up, flash of blue then it seems like the power goes and starts booting again!

Help!! X

**Blade81** · 2011-04-05, 07:27

I wish you hadn't tried anything to fix that wireless problem. Now it's really difficult if you can't make the system boot. Only chance at this point is likely to have Windows XP Home installation disk and try repair installation with that.

**nicks_scotland** · 2011-04-05, 11:31

I was browsing around last night looking for advice on what to do and someone somewhere mentioned that it was the USB connections that were causing the boot loop.

I unplugged all the usb things and connected a ps2 mouse, managed to uninstall and reinstall all the USB controllers and the computer now boots up fine and I can use my usb mouse/keyboard again.

Now the problem I seem to have is I can't get onto the internet! It finds the wireless connection, I'm connected to it (can access other computer on network). Just no internet connectivity!

So now searching on how to fix that - any help would be much appreciated althought this is now a completely different problem from the virus stuff that you helped me with.

Not a good week so far!!!

Thread: Another click.giftload problem - :(

Thread Tools

Display

Posting Permissions