PDA

View Full Version : Variant of TrojanDownloader.Agent



whistler
2009-10-25, 23:51
I have something on my machine that I can't get rid of. Hard drive space seems to be getting used up. Spybot, MalwareBytes, & Eset all have found something different. I remove them and something else creeps in a few days later. I need advice from an expert.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:12 PM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Omega Research\Program\orschd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Secunia\PSI\psi.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/!%20Upload/TT_slim_open.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: 255.255.255.255 hcurltest5
O1 - Hosts: 255.255.255.255 vnsjs1.1stworks.com
O1 - Hosts: 74.208.77.54 hcurltest1
O1 - Hosts: 82.165.161.232 hcurltest2
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Omega Research Task Scheduler.lnk = C:\Program Files\Omega Research\Program\orschd.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 9930 bytes

Blade81
2009-10-29, 12:26
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

whistler
2009-10-29, 13:22
Here you go. Thank you very much.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DDS (Ver_09-10-26.01) - NTFSx86
Run by Bob at 6:16:57.75 on Thu 10/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1356 [GMT -5:00]

AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Omega Research\Program\orschd.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Secunia\PSI\psi.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Documents and Settings\Bob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file:///C:/!%20Upload/TT_slim_open.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DriverMax_RESTART]
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\omegar~1.lnk - c:\program files\omega research\program\orschd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-4-17 17264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-5 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-5 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-29 297752]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
S4 Fipemeatuwn;Fipemeatuwn; [x]

=============== Created Last 30 ================

2009-10-25 21:41:18 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-25 20:36:59 0 d-----w- c:\program files\ESET
2009-10-24 00:07:32 55387 ----a-w- C:\TT091026.gif
2009-10-24 00:07:05 66889 ----a-w- C:\TT091026.png
2009-10-23 15:37:44 0 d-----w- c:\program files\yywwtm
2009-10-22 23:07:56 55205 ----a-w- C:\TT091023.gif
2009-10-22 23:07:39 66957 ----a-w- C:\TT091023.png
2009-10-21 22:56:53 55096 ----a-w- C:\TT091022.gif
2009-10-21 22:56:38 65314 ----a-w- C:\TT091022.png
2009-10-20 23:44:53 55381 ----a-w- C:\TT091021.gif
2009-10-20 23:44:35 67144 ----a-w- C:\TT091021.png
2009-10-19 22:18:32 55051 ----a-w- C:\TT091020.gif
2009-10-19 22:18:16 63983 ----a-w- C:\TT091020.png
2009-10-17 14:28:27 104512 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-10-16 22:45:50 55164 ----a-w- C:\TT091019.gif
2009-10-16 22:45:32 64967 ----a-w- C:\TT091019.png
2009-10-15 22:35:52 55341 ----a-w- C:\TT091016.gif
2009-10-15 22:35:36 65395 ----a-w- C:\TT091016.png
2009-10-14 22:41:29 55302 ----a-w- C:\TT091015.gif
2009-10-14 22:41:12 64188 ----a-w- C:\TT091015.png
2009-10-13 22:32:35 55504 ----a-w- C:\TT091014.gif
2009-10-13 22:32:18 66089 ----a-w- C:\TT091014.png
2009-10-13 10:36:46 6 ----a-w- c:\windows\WS_FTP.EXT
2009-10-13 10:36:46 0 ----a-w- c:\windows\WS_FTP.CNV
2009-10-12 22:47:41 55194 ----a-w- C:\TT091013.gif
2009-10-12 22:47:19 65674 ----a-w- C:\TT091013.png
2009-10-10 15:57:41 53286 ----a-w- C:\TT091012b.png
2009-10-10 00:11:06 46299 ----a-w- C:\TT091012.gif
2009-10-10 00:10:44 53286 ----a-w- C:\TT091012.png
2009-10-09 13:19:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-08 22:39:40 55061 ----a-w- C:\TT091009.gif
2009-10-08 22:39:21 63511 ----a-w- C:\TT091009.png
2009-10-08 19:26:22 0 d-----w- c:\program files\Feed Editor
2009-10-07 22:12:57 55197 ----a-w- C:\TT091008.gif
2009-10-07 22:12:42 63865 ----a-w- C:\TT091008.png
2009-10-06 22:37:19 55501 ----a-w- C:\TT091007.gif
2009-10-06 22:36:51 64981 ----a-w- C:\TT091007.png
2009-10-06 13:13:05 0 d-----w- c:\program files\IZArc
2009-10-05 22:12:28 55268 ----a-w- C:\TT091006.gif
2009-10-05 22:12:10 64976 ----a-w- C:\TT091006.png
2009-10-03 16:43:23 258048 ----a-w- c:\windows\SetACL.exe
2009-10-02 23:05:27 55275 ----a-w- C:\TT091005.gif
2009-10-02 23:05:11 66682 ----a-w- C:\TT091005.png
2009-10-02 20:47:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Altova
2009-10-01 22:24:24 55236 ----a-w- C:\TT091002.gif
2009-10-01 22:23:54 66014 ----a-w- C:\TT091002.png
2009-09-30 23:35:49 55202 ----a-w- C:\TT091001.gif
2009-09-30 23:35:30 65884 ----a-w- C:\TT091001.png
2009-09-29 22:17:58 55416 ----a-w- C:\TT090930.gif
2009-09-29 22:17:37 67096 ----a-w- C:\TT090930.png
2009-09-29 16:13:13 0 d-----w- C:\tidy

==================== Find3M ====================

2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
2009-09-28 18:20:43 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-26 17:57:34 25768 -c--a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 14:40:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-05 09:01:48 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-11-01 13:23:31 4783104 -c--a-w- c:\program files\Subscribers.xls

============= FINISH: 6:17:22.73 ===============













UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/2/2009 11:22:35 AM
System Uptime: 10/29/2009 6:11:33 AM (0 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2194/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 0.658 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP189: 10/28/2009 5:32:40 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware 2007
Adobe Acrobat 6.0.1 Professional
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe SVG Viewer 3.0
AnyDVD
Apple Software Update
AVG Anti-Rootkit Free
AVG Free 8.5
Cliprex DS DVD Player
CloneCD
CloneDVD2
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
Dell Driver Reset Tool
Dell Resource CD
DriverAgent by eSupport.com
DriverMax 5
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
EPSON Web-To-Page
EVEREST Home Edition v2.20
GoToMeeting 4.0.0.320
HijackThis 2.0.2
hotComm Lite®
hotComm® CL
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HTML Guardian 7
ImageMixer for Sony
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
IZArc 4.0 beta 1
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 97, Professional Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB936181)
My Lockbox 1.2 for Windows 2000/XP
NinjaTrader 6
Norton Ghost
Pixie 3.1 (remove only)
QuickTime
Realtek High Definition Audio Driver
Roxio Update Manager
Secunia PSI
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.0
Smart Defrag 1.20
SnagIt 7
Sonic Activation Module
Sony USB Driver
Spell Checker For OE 2.1
Spybot - Search & Destroy
Total Recorder 7.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

10/25/2009 3:10:33 PM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 001AA09BE454 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
10/23/2009 11:09:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/23/2009 11:08:42 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/23/2009 11:07:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVG Anti-Rootkit AvgArCln AvgLdx86 AvgMfx86 AvgTdiX ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/23/2009 11:07:24 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2009 11:07:24 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2009 11:07:24 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2009 11:07:24 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2009 11:07:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/23/2009 11:07:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/23/2009 11:01:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVG Anti-Rootkit AvgArCln

==== End Of File ===========================

Blade81
2009-10-29, 15:32
Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

whistler
2009-10-29, 16:16
Here is the ComboFix log. I tried to disable ThreatFire before running ComboFix, but was unable (unwilling) to exit ComboFix to verify. Let me know if you think I should remove ThreatFire and then run ComboFix again.

Thank you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 09-10-28.08 - Bob 10/29/2009 9:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1185 [GMT -5:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Mozilla Firefox\extensions\{6D2C307C-A6A7-4689-9030-45A986B1CD42}
c:\program files\Mozilla Firefox\extensions\{6D2C307C-A6A7-4689-9030-45A986B1CD42}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6D2C307C-A6A7-4689-9030-45A986B1CD42}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{6D2C307C-A6A7-4689-9030-45A986B1CD42}\install.rdf
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\OGACheckControl.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-25 21:41 . 2009-10-25 21:41 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-25 20:36 . 2009-10-25 20:36 -------- d-----w- c:\program files\ESET
2009-10-23 16:33 . 2009-10-23 16:33 -------- d-----w- c:\documents and settings\Administrator.INSPIRON\Application Data\Malwarebytes
2009-10-23 16:07 . 2009-10-23 16:07 -------- d-sh--w- c:\documents and settings\Administrator.INSPIRON\IETldCache
2009-10-23 15:37 . 2009-10-23 16:32 -------- d-----w- c:\program files\yywwtm
2009-10-17 14:28 . 2009-10-17 14:28 104512 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-10-09 13:19 . 2009-10-09 15:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-08 19:26 . 2009-10-25 20:03 -------- d-----w- c:\program files\Feed Editor
2009-10-06 13:13 . 2009-10-06 13:13 -------- d-----w- c:\program files\IZArc
2009-10-03 16:43 . 2009-10-03 16:43 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
2009-10-03 16:43 . 2009-10-03 16:43 258048 ----a-w- c:\windows\SetACL.exe
2009-10-02 20:47 . 2009-10-03 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Altova
2009-09-29 16:13 . 2009-09-29 17:14 -------- d-----w- C:\tidy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 13:02 . 2008-01-13 18:58 -------- d-----w- c:\documents and settings\Bob\Application Data\skypePM
2009-10-28 22:41 . 2008-01-13 23:51 1033 ----a-w- c:\windows\nsreg.dat
2009-10-28 17:23 . 2009-04-29 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 12:12 . 2008-02-11 00:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 12:13 . 2008-01-24 14:32 -------- d-----w- c:\documents and settings\Bob\Application Data\AdobeUM
2009-10-18 12:40 . 2009-01-19 01:20 -------- d-----w- c:\documents and settings\Bob\Application Data\Move Networks
2009-10-12 17:00 . 2008-01-13 18:56 -------- d-----w- c:\documents and settings\Bob\Application Data\Skype
2009-10-04 14:53 . 2009-05-29 13:42 -------- d-----w- c:\program files\HTML Guardian 7
2009-09-28 18:20 . 2009-09-28 18:20 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-27 20:04 . 2009-09-13 15:21 -------- d-----w- c:\program files\Winamp
2009-09-27 20:03 . 2008-02-22 15:07 -------- d-----w- c:\program files\Java
2009-09-27 20:01 . 2008-01-13 17:15 -------- d-----w- c:\program files\Crazy Browser
2009-09-26 17:57 . 2009-09-26 17:57 25768 -c--a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-23 16:31 . 2009-06-29 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-04-29 01:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-04-29 01:08 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 11:00 . 2009-04-08 19:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 15:02 . 2009-08-29 15:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-29 08:08 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 14:40 . 2009-05-05 11:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 14:40 . 2009-05-05 11:15 335240 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 14:40 . 2009-05-05 11:15 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 22:38 . 2008-01-13 18:45 18024 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-04 10:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-11-01 13:23 . 2008-11-01 13:23 4783104 -c--a-w- c:\program files\Subscribers.xls
2009-08-20 23:58 . 2009-08-20 23:58 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-08-20 23:58 . 2009-08-20 23:58 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-08-20 23:58 . 2009-08-20 23:58 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-10-19 3087296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-27 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-29 413696]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-05 16859648]

c:\documents and settings\Bob\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-24 110592]
Omega Research Task Scheduler.lnk - c:\program files\Omega Research\Program\orschd.exe [2008-3-19 148480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 14:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\NinjaTrader 6\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [4/17/2008 8:49 PM 17264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/5/2009 6:15 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/5/2009 6:15 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 9:03 AM 297752]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 6:03 AM 7808]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [5/10/2009 4:26 PM 127496]
S4 Fipemeatuwn;Fipemeatuwn; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:06]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-08 14:27]

2009-10-20 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-20 14:22]

2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{1FF685FF-AF79-4E0B-A492-555956BF9C7C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/!%20Upload/TT_slim_open.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-AVGantiRootkit - c:\program files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-hotComm Lite® - c:\progra~1\1stWORKS\HOTCOM~1\CFG\UNWISE.EXE
AddRemove-Spell Checker For OE 2.1 - c:\program files\Common Files\Microsoft Shared\proof\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 09:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\wkep

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll AnyDVD.sys atapi.sys spmz.sys >>UNKNOWN [0x8A3B4938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB89C9F16 AnyDVD.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB89CAA7E AnyDVD.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DFBB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
Completion time: 2009-10-29 9:09
ComboFix-quarantined-files.txt 2009-10-29 14:09

Pre-Run: 620,982,272 bytes free
Post-Run: 904,245,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 55C570A6F77BEBD83E9B968DC6C4A934

whistler
2009-10-29, 16:20
Here is the second DDS.txt file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DDS (Ver_09-10-26.01) - NTFSx86
Run by Bob at 9:19:08.06 on Thu 10/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1148 [GMT -5:00]

AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Omega Research\Program\orschd.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Secunia\PSI\psi.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Bob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file:///C:/!%20Upload/TT_slim_open.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\omegar~1.lnk - c:\program files\omega research\program\orschd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-4-17 17264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-5 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-5 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-29 297752]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
S4 Fipemeatuwn;Fipemeatuwn; [x]

=============== Created Last 30 ================

2009-10-29 14:00:46 0 d-sha-r- C:\cmdcons
2009-10-29 13:59:51 98816 ----a-w- c:\windows\sed.exe
2009-10-29 13:59:51 77312 ----a-w- c:\windows\MBR.exe
2009-10-29 13:59:51 236544 ----a-w- c:\windows\PEV.exe
2009-10-29 13:59:51 161792 ----a-w- c:\windows\SWREG.exe
2009-10-29 13:59:45 0 d-----w- C:\ComboFix
2009-10-25 21:41:18 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-25 20:36:59 0 d-----w- c:\program files\ESET
2009-10-24 00:07:32 55387 ----a-w- C:\TT091026.gif
2009-10-24 00:07:05 66889 ----a-w- C:\TT091026.png
2009-10-23 15:37:44 0 d-----w- c:\program files\yywwtm
2009-10-22 23:07:56 55205 ----a-w- C:\TT091023.gif
2009-10-22 23:07:39 66957 ----a-w- C:\TT091023.png
2009-10-21 22:56:53 55096 ----a-w- C:\TT091022.gif
2009-10-21 22:56:38 65314 ----a-w- C:\TT091022.png
2009-10-20 23:44:53 55381 ----a-w- C:\TT091021.gif
2009-10-20 23:44:35 67144 ----a-w- C:\TT091021.png
2009-10-19 22:18:32 55051 ----a-w- C:\TT091020.gif
2009-10-19 22:18:16 63983 ----a-w- C:\TT091020.png
2009-10-17 14:28:27 104512 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-10-16 22:45:50 55164 ----a-w- C:\TT091019.gif
2009-10-16 22:45:32 64967 ----a-w- C:\TT091019.png
2009-10-15 22:35:52 55341 ----a-w- C:\TT091016.gif
2009-10-15 22:35:36 65395 ----a-w- C:\TT091016.png
2009-10-14 22:41:29 55302 ----a-w- C:\TT091015.gif
2009-10-14 22:41:12 64188 ----a-w- C:\TT091015.png
2009-10-13 22:32:35 55504 ----a-w- C:\TT091014.gif
2009-10-13 22:32:18 66089 ----a-w- C:\TT091014.png
2009-10-13 10:36:46 6 ----a-w- c:\windows\WS_FTP.EXT
2009-10-13 10:36:46 0 ----a-w- c:\windows\WS_FTP.CNV
2009-10-12 22:47:41 55194 ----a-w- C:\TT091013.gif
2009-10-12 22:47:19 65674 ----a-w- C:\TT091013.png
2009-10-10 15:57:41 53286 ----a-w- C:\TT091012b.png
2009-10-10 00:11:06 46299 ----a-w- C:\TT091012.gif
2009-10-10 00:10:44 53286 ----a-w- C:\TT091012.png
2009-10-09 13:19:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-08 22:39:40 55061 ----a-w- C:\TT091009.gif
2009-10-08 22:39:21 63511 ----a-w- C:\TT091009.png
2009-10-08 19:26:22 0 d-----w- c:\program files\Feed Editor
2009-10-07 22:12:57 55197 ----a-w- C:\TT091008.gif
2009-10-07 22:12:42 63865 ----a-w- C:\TT091008.png
2009-10-06 22:37:19 55501 ----a-w- C:\TT091007.gif
2009-10-06 22:36:51 64981 ----a-w- C:\TT091007.png
2009-10-06 13:13:05 0 d-----w- c:\program files\IZArc
2009-10-05 22:12:28 55268 ----a-w- C:\TT091006.gif
2009-10-05 22:12:10 64976 ----a-w- C:\TT091006.png
2009-10-03 16:43:23 258048 ----a-w- c:\windows\SetACL.exe
2009-10-02 23:05:27 55275 ----a-w- C:\TT091005.gif
2009-10-02 23:05:11 66682 ----a-w- C:\TT091005.png
2009-10-02 20:47:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Altova
2009-10-01 22:24:24 55236 ----a-w- C:\TT091002.gif
2009-10-01 22:23:54 66014 ----a-w- C:\TT091002.png
2009-09-30 23:35:49 55202 ----a-w- C:\TT091001.gif
2009-09-30 23:35:30 65884 ----a-w- C:\TT091001.png
2009-09-29 22:17:58 55416 ----a-w- C:\TT090930.gif
2009-09-29 22:17:37 67096 ----a-w- C:\TT090930.png
2009-09-29 16:13:13 0 d-----w- C:\tidy

==================== Find3M ====================

2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
2009-09-28 18:20:43 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-26 17:57:34 25768 -c--a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 14:40:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-05 09:01:48 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-11-01 13:23:31 4783104 -c--a-w- c:\program files\Subscribers.xls

============= FINISH: 9:19:17.21 ===============

Blade81
2009-10-29, 18:18
Hi again,

Are you familiar with all those .gif and .png files like C:\TT091023.gif & C:\TT091023.png in your c: drive?


Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\wkep
Folder::
c:\program files\yywwtm
Driver::
Fipemeatuwn
DDS::
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall Daemon Tools Toolbar if not installed on purpose.


Do you still use Adobe Acrobat 6 actively? Is it used for anything else than converting files to PDFs?


Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Still issues?

whistler
2009-10-29, 21:01
Yes, I am aware of all of the C:\TT091023.gif & C:\TT091023.png files on my c: drive, as I created them.

I have NOT uninstalled Daemon Tools as I use it every day.

I do NOT use Adobe Acrobat 6 for anything other than converting files to PDF. Are you recommending getting rid of it and using something else for making PDF files?

Flash has been removed an re-installed with a fresh version.

I ran ATF Cleaner.

ComboFix, DDS, and Eset logs are below.

The computer seems to be running normally.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 09-10-28.08 - Bob 10/29/2009 11:49.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1191 [GMT -5:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}

FILE ::
"C:\wkep"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\yywwtm
C:\wkep

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Fipemeatuwn


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-25 21:41 . 2009-10-25 21:41 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-25 20:36 . 2009-10-25 20:36 -------- d-----w- c:\program files\ESET
2009-10-23 16:33 . 2009-10-23 16:33 -------- d-----w- c:\documents and settings\Administrator.INSPIRON\Application Data\Malwarebytes
2009-10-23 16:07 . 2009-10-23 16:07 -------- d-sh--w- c:\documents and settings\Administrator.INSPIRON\IETldCache
2009-10-17 14:28 . 2009-10-17 14:28 104512 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-10-09 13:19 . 2009-10-09 15:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-08 19:26 . 2009-10-25 20:03 -------- d-----w- c:\program files\Feed Editor
2009-10-06 13:13 . 2009-10-06 13:13 -------- d-----w- c:\program files\IZArc
2009-10-03 16:43 . 2009-10-03 16:43 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
2009-10-03 16:43 . 2009-10-03 16:43 258048 ----a-w- c:\windows\SetACL.exe
2009-10-02 20:47 . 2009-10-03 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Altova

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 13:02 . 2008-01-13 18:58 -------- d-----w- c:\documents and settings\Bob\Application Data\skypePM
2009-10-28 22:41 . 2008-01-13 23:51 1033 ----a-w- c:\windows\nsreg.dat
2009-10-28 17:23 . 2009-04-29 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 12:12 . 2008-02-11 00:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 12:13 . 2008-01-24 14:32 -------- d-----w- c:\documents and settings\Bob\Application Data\AdobeUM
2009-10-18 12:40 . 2009-01-19 01:20 -------- d-----w- c:\documents and settings\Bob\Application Data\Move Networks
2009-10-12 17:00 . 2008-01-13 18:56 -------- d-----w- c:\documents and settings\Bob\Application Data\Skype
2009-10-04 14:53 . 2009-05-29 13:42 -------- d-----w- c:\program files\HTML Guardian 7
2009-09-28 18:20 . 2009-09-28 18:20 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-27 20:04 . 2009-09-13 15:21 -------- d-----w- c:\program files\Winamp
2009-09-27 20:03 . 2008-02-22 15:07 -------- d-----w- c:\program files\Java
2009-09-27 20:01 . 2008-01-13 17:15 -------- d-----w- c:\program files\Crazy Browser
2009-09-26 17:57 . 2009-09-26 17:57 25768 -c--a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-23 16:31 . 2009-06-29 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-04-29 01:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-04-29 01:08 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 11:00 . 2009-04-08 19:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 15:02 . 2009-08-29 15:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-29 08:08 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 14:40 . 2009-05-05 11:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 14:40 . 2009-05-05 11:15 335240 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 14:40 . 2009-05-05 11:15 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 22:38 . 2008-01-13 18:45 18024 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-04 10:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-11-01 13:23 . 2008-11-01 13:23 4783104 -c--a-w- c:\program files\Subscribers.xls
2009-08-20 23:58 . 2009-08-20 23:58 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-08-20 23:58 . 2009-08-20 23:58 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-08-20 23:58 . 2009-08-20 23:58 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-29_14.07.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 16:56 . 2009-10-29 16:56 16384 c:\windows\Temp\Perflib_Perfdata_b48.dat
+ 2009-10-29 16:54 . 2009-10-29 16:54 16384 c:\windows\Temp\Perflib_Perfdata_98.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-10-19 3087296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-27 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-29 413696]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-05 16859648]

c:\documents and settings\Bob\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-24 110592]
Omega Research Task Scheduler.lnk - c:\program files\Omega Research\Program\orschd.exe [2008-3-19 148480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 14:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\NinjaTrader 6\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [4/17/2008 8:49 PM 17264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/5/2009 6:15 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/5/2009 6:15 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 9:03 AM 297752]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 6:03 AM 7808]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [5/10/2009 4:26 PM 127496]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:06]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-08 14:27]

2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{1FF685FF-AF79-4E0B-A492-555956BF9C7C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/!%20Upload/TT_slim_open.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 11:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\wkep

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sphx.sys >>UNKNOWN [0x89DF3938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DFBB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1992)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-10-29 11:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 16:59
ComboFix2.txt 2009-10-29 14:09

Pre-Run: 916,533,248 bytes free
Post-Run: 830,730,240 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EC3298838DBCFC1E272427AE859EE6F3







DDS (Ver_09-10-26.01) - NTFSx86
Run by Bob at 13:48:57.73 on Thu 10/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1246 [GMT -5:00]

AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Omega Research\Program\orschd.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Secunia\PSI\psi.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Bob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file:///C:/!%20Upload/TT_slim_open.html
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\omegar~1.lnk - c:\program files\omega research\program\orschd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-4-17 17264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-5 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-5 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-29 297752]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]

=============== Created Last 30 ================

2009-10-29 17:16:17 50688 ----a-w- C:\ATF-Cleaner.exe
2009-10-29 14:00:46 0 d-sha-r- C:\cmdcons
2009-10-29 13:59:51 98816 ----a-w- c:\windows\sed.exe
2009-10-29 13:59:51 77312 ----a-w- c:\windows\MBR.exe
2009-10-29 13:59:51 236544 ----a-w- c:\windows\PEV.exe
2009-10-29 13:59:51 161792 ----a-w- c:\windows\SWREG.exe
2009-10-25 21:41:18 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-25 20:36:59 0 d-----w- c:\program files\ESET
2009-10-24 00:07:32 55387 ----a-w- C:\TT091026.gif
2009-10-24 00:07:05 66889 ----a-w- C:\TT091026.png
2009-10-22 23:07:56 55205 ----a-w- C:\TT091023.gif
2009-10-22 23:07:39 66957 ----a-w- C:\TT091023.png
2009-10-21 22:56:53 55096 ----a-w- C:\TT091022.gif
2009-10-21 22:56:38 65314 ----a-w- C:\TT091022.png
2009-10-20 23:44:53 55381 ----a-w- C:\TT091021.gif
2009-10-20 23:44:35 67144 ----a-w- C:\TT091021.png
2009-10-19 22:18:32 55051 ----a-w- C:\TT091020.gif
2009-10-19 22:18:16 63983 ----a-w- C:\TT091020.png
2009-10-17 14:28:27 104512 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-10-16 22:45:50 55164 ----a-w- C:\TT091019.gif
2009-10-16 22:45:32 64967 ----a-w- C:\TT091019.png
2009-10-15 22:35:52 55341 ----a-w- C:\TT091016.gif
2009-10-15 22:35:36 65395 ----a-w- C:\TT091016.png
2009-10-14 22:41:29 55302 ----a-w- C:\TT091015.gif
2009-10-14 22:41:12 64188 ----a-w- C:\TT091015.png
2009-10-13 22:32:35 55504 ----a-w- C:\TT091014.gif
2009-10-13 22:32:18 66089 ----a-w- C:\TT091014.png
2009-10-13 10:36:46 6 ----a-w- c:\windows\WS_FTP.EXT
2009-10-13 10:36:46 0 ----a-w- c:\windows\WS_FTP.CNV
2009-10-12 22:47:41 55194 ----a-w- C:\TT091013.gif
2009-10-12 22:47:19 65674 ----a-w- C:\TT091013.png
2009-10-10 15:57:41 53286 ----a-w- C:\TT091012b.png
2009-10-10 00:11:06 46299 ----a-w- C:\TT091012.gif
2009-10-10 00:10:44 53286 ----a-w- C:\TT091012.png
2009-10-09 13:19:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-08 22:39:40 55061 ----a-w- C:\TT091009.gif
2009-10-08 22:39:21 63511 ----a-w- C:\TT091009.png
2009-10-08 19:26:22 0 d-----w- c:\program files\Feed Editor
2009-10-07 22:12:57 55197 ----a-w- C:\TT091008.gif
2009-10-07 22:12:42 63865 ----a-w- C:\TT091008.png
2009-10-06 22:37:19 55501 ----a-w- C:\TT091007.gif
2009-10-06 22:36:51 64981 ----a-w- C:\TT091007.png
2009-10-06 13:13:05 0 d-----w- c:\program files\IZArc
2009-10-05 22:12:28 55268 ----a-w- C:\TT091006.gif
2009-10-05 22:12:10 64976 ----a-w- C:\TT091006.png
2009-10-03 16:43:23 258048 ----a-w- c:\windows\SetACL.exe
2009-10-02 23:05:27 55275 ----a-w- C:\TT091005.gif
2009-10-02 23:05:11 66682 ----a-w- C:\TT091005.png
2009-10-02 20:47:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Altova
2009-10-01 22:24:24 55236 ----a-w- C:\TT091002.gif
2009-10-01 22:23:54 66014 ----a-w- C:\TT091002.png
2009-09-30 23:35:49 55202 ----a-w- C:\TT091001.gif
2009-09-30 23:35:30 65884 ----a-w- C:\TT091001.png
2009-09-29 22:17:58 55416 ----a-w- C:\TT090930.gif
2009-09-29 22:17:37 67096 ----a-w- C:\TT090930.png

==================== Find3M ====================

2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
2009-09-28 18:20:43 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-26 17:57:34 25768 -c--a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 14:40:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-05 09:01:48 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-11-01 13:23:31 4783104 -c--a-w- c:\program files\Subscribers.xls

============= FINISH: 13:49:10.70 ===============





ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=f820244970c2ac418f31792cb333a623
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-29 06:00:01
# local_time=2009-10-29 01:00:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 97 7036667343750
# compatibility_mode=3587 62 28 94 158832401875000
# scanned=101248
# found=1
# cleaned=0
# scan_time=2241
C:\Program Files\Netscape\Navigator\Sent probably a variant of JS/Kak worm 00000000000000000000000000000000 I

Blade81
2009-10-30, 08:03
Hi,

Please monitor the situation for a few days and let me know if bad items still show up like they did when you started the topic.

whistler
2009-10-30, 14:35
OK - thank you very much for all of your help.

I 'm curious about your comment concerning Adobe Acrobat 6. Are you recommending getting rid of it and using something else for making PDF files?

Blade81
2009-10-30, 15:49
Yes, there're free PDF writers available. Link collection of those can be found here (http://pdfwriters.org/).

Blade81
2009-11-08, 16:02
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.