Spybot and HJT won't run

TassieWarrior · Nov 15, 2009

I think i have a malware problem and it isn't letting me run spybot, Something has changed the file names in the folder with what looks like (HGFDFTDYDFGYTDT) that! i have been through renaming the .scr and .exe files and it then will allow spybot to open and let me do anything except when you go to check for problems, it then just closes spybot and when you go to re open spybot it comes up with a windows box that says either the file is write-protected or the user does not have permission to access this file,
I then downloaded HJT and installed it alright i did a scan and save and it got halfway through it and the program shutdown and then now when you go to reopen it it comes up with the same box as with spybot. What can i do now please?

TassieWarrior · Nov 15, 2009

I was able to get a win32kdiag log, well part of it anyway, i will post it up here, hopefully it may help

Blade81 · Nov 22, 2009

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

TassieWarrior · Nov 23, 2009

This is the log file you requested, thank you for helping

Volume in drive C has no label.
Volume Serial Number is B8E0-0EAF

Directory of C:\WINDOWS\$NtServicePackUninstall$

28/02/2006 11:00 PM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

28/02/2006 11:00 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

28/02/2006 11:00 PM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 11:12 AM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 11:12 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 11:11 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

14/04/2008 11:12 AM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

14/04/2008 11:12 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

14/04/2008 11:11 AM 61,952 eventlog.dll
3 File(s) 650,240 bytes

Total Files Listed:
9 File(s) 1,937,920 bytes
0 Dir(s) 12,910,960,640 bytes free

Blade81 · Nov 23, 2009

Hi again

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
Code:
```
Files to move:
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll|C:\WINDOWS\system32\eventlog.dll
```
In the avenger window, click the Paste Script from Clipboard,

button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

TassieWarrior · Nov 24, 2009

Here is the log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\ServicePackFiles\i386\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Blade81 · Nov 24, 2009

Good. Let's continue.

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

TassieWarrior · Nov 24, 2009

the requsted logs

Running from: C:\Documents and Settings\Daddy\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Daddy\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10B.tmp\ZAP10B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10B.tmp\ZAP10B.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11F.tmp\ZAP11F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11F.tmp\ZAP11F.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP134.tmp\ZAP134.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP134.tmp\ZAP134.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20A.tmp\ZAP20A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20A.tmp\ZAP20A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BC.tmp\ZAP2BC.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BC.tmp\ZAP2BC.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

Found mount point : C:\WINDOWS\temp\0ded3eab-b941-4455-81d3-51ab90b4c063\0ded3eab-b941-4455-81d3-51ab90b4c063

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\0ded3eab-b941-4455-81d3-51ab90b4c063\0ded3eab-b941-4455-81d3-51ab90b4c063

Found mount point : C:\WINDOWS\temp\7ea24853-aeda-4ef8-9bbf-1fc9dd16f9dc\7ea24853-aeda-4ef8-9bbf-1fc9dd16f9dc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\7ea24853-aeda-4ef8-9bbf-1fc9dd16f9dc\7ea24853-aeda-4ef8-9bbf-1fc9dd16f9dc

Found mount point : C:\WINDOWS\temp\96907fcd-7dd1-4633-8931-2d8e5865706a\96907fcd-7dd1-4633-8931-2d8e5865706a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\96907fcd-7dd1-4633-8931-2d8e5865706a\96907fcd-7dd1-4633-8931-2d8e5865706a

Found mount point : C:\WINDOWS\temp\c8dd9e49-b1b0-424e-9763-b77c1de0589b\c8dd9e49-b1b0-424e-9763-b77c1de0589b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\c8dd9e49-b1b0-424e-9763-b77c1de0589b\c8dd9e49-b1b0-424e-9763-b77c1de0589b

Found mount point : C:\WINDOWS\temp\f681da11-17af-4ab4-8797-bd79291e258f\f681da11-17af-4ab4-8797-bd79291e258f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\f681da11-17af-4ab4-8797-bd79291e258f\f681da11-17af-4ab4-8797-bd79291e258f

Found mount point : C:\WINDOWS\temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\Google Toolbar\Google Toolbar

Found mount point : C:\WINDOWS\temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\History\Results\Results

Found mount point : C:\WINDOWS\temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\RtSigs\Data\Data

Found mount point : C:\WINDOWS\temp\WDF13.tmp\WDF13.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\WDF13.tmp\WDF13.tmp

Found mount point : C:\WINDOWS\temp\WDFE.tmp\WDFE.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\temp\WDFE.tmp\WDFE.tmp

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303

Finished!

TassieWarrior · Nov 24, 2009

DDS (Ver_09-09-29.01) - NTFSx86
Run by Daddy at 22:33:47.70 on Tue 24/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2823 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Daddy\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025&prod=0&mode=1&app=inclient&version=7.0.473.000&lang=en&locale=en-AU&date=-86400&link_id=4&dest=try_product&lic=j5hvqhisiu3s4he7bhx644bu4g0
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\daddy\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bigpond.com\my
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-8 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 108552]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-9-3 78104]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys --> c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [?]
S1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\avgascln.sys --> c:\windows\system32\drivers\AvgAsCln.sys [?]
S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe --> c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [?]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-12 297752]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-28 152576]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-11-16 09:11 <DIR> --d-h--- c:\windows\PIF
2009-11-16 09:01 <DIR> --d----- c:\docume~1\daddy\applic~1\Malwarebytes
2009-11-16 09:01 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 09:01 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-11-16 09:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 09:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-15 16:54 <DIR> --d----- c:\program files\Trend Micro
2009-11-08 22:22 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-11-08 20:27 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-11-08 20:21 <DIR> --d----- c:\docume~1\daddy\applic~1\AVG8
2009-11-08 20:21 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-11-03 22:25 <DIR> --d----- C:\$AVG
2009-11-03 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-11-03 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-11-03 12:39 <DIR> --d----- C:\ProgramData
2009-10-28 14:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alawar Stargaze

==================== Find3M ====================

2009-11-03 22:24 12,464 a------- c:\windows\system32\avgrsstx(2).dll
2009-09-12 01:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-05 08:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 19:08 916,480 a------- c:\windows\system32\wininet.dll
2008-09-16 21:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat
2008-09-16 21:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 22:34:01.98 ===============

TassieWarrior · Nov 24, 2009

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/07/2008 6:50:23 PM
System Uptime: 24/11/2009 10:06:28 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-M52S-S3P
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket M2 | 3013/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 12.467 GiB free.
D: is CDROM ()
F: is Removable
G: is CDROM ()
H: is FIXED (NTFS) - 466 GiB total, 412.593 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E51
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6120 classic
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6120 classic
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

RP394: 24/11/2009 10:31:16 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Abdio Free MP4 Player (Free)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Barbie(TM) Diaries High School Mystery
Bookworm Adventures 2 (remove only)
Bookworm Adventures: The Monkey King (remove only)
Cars Demo
Collapse! Crunch
Critical Update for Windows Media Player 11 (KB959772)
DigitImg
Disney-Pixar Ratatouille Demo
Disney-Pixar WALL-E
DVD Shrink 3.2
Eureka's 1000 Games
Farm Frenzy 2 (remove only)
Farm Frenzy 3 (remove only)
ffdshow [rev 2202] [2008-10-10]
Free DVD Creator version 2.0
FW LiveUpdate
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Memories Disc
HP Software Update
iWin Games (remove only)
iWin Toolbar
Java(TM) 6 Update 12
Java(TM) 6 Update 4
Java(TM) 6 Update 7
K-Lite Codec Pack 4.9.0 (Standard)
Logitech QuickCam
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 7 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
overland
PC Connectivity Solution
Photosmart 140,240,7200,7600,7700,7900 Series
Picture Package Music Transfer
PS7900
PSShortcuts
PSUsage
QFolder
RealArcade
Realtek Card Reader
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Rugrats in Paris
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Seagate*DiscWizard
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Shockwave
Sony Picture Utility
SpecOps
Spybot - Search & Destroy
The Sims 2
The Sims 2 Glamour Life Stuff
The Sims 2 University
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6d
WebFldrs XP
Webshots Desktop
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

24/11/2009 10:31:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'addins' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
23/11/2009 9:46:45 PM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 960000 milliseconds: Restart the service.
23/11/2009 9:44:24 PM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
23/11/2009 9:39:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVG Anti-Spyware Driver AvgAsCln
23/11/2009 9:39:14 PM, error: Service Control Manager [7024] - The AVG8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
23/11/2009 9:39:14 PM, error: Service Control Manager [7001] - The AVG8 E-mail Scanner service depends on the AVG8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
23/11/2009 9:39:14 PM, error: Service Control Manager [7000] - The AVG Anti-Spyware Guard service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Blade81 · Nov 24, 2009

Hi,

Download this file to c:\program files folder. Then goto the folder and drag'n'drop spybot - search & destroy folder to Inherit file.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

TassieWarrior · Nov 25, 2009

ComboFix 09-11-24.04 - Daddy 25/11/2009 20:21.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2960 [GMT 11:00]
Running from: c:\documents and settings\Daddy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\iWin\tbiWi1.dll
c:\program files\SGPSA

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-25 09:00 . 2009-11-25 09:00 389120 ----a-w- c:\windows\system32\CF26019.exe
2009-11-25 08:17 . 2009-11-25 08:17 85504 ----a-w- c:\program files\Inherit.exe
2009-11-15 22:11 . 2009-11-24 11:31 -------- d--h--w- c:\windows\PIF
2009-11-15 22:01 . 2009-11-15 22:01 -------- d-----w- c:\documents and settings\Daddy\Application Data\Malwarebytes
2009-11-15 22:01 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 22:01 . 2009-11-15 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 22:01 . 2009-11-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-15 22:01 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 05:54 . 2009-11-15 05:54 -------- d-----w- c:\program files\Trend Micro
2009-11-08 11:22 . 2009-11-15 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 09:57 . 2009-11-08 09:57 79488 ----a-w- c:\documents and settings\Daddy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-08 09:27 . 2009-11-08 09:27 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-08 09:21 . 2009-11-08 09:21 -------- d-----w- c:\documents and settings\Daddy\Application Data\AVG8
2009-11-08 09:21 . 2009-11-08 09:21 -------- d-----w- C:\$AVG8.VAULT$
2009-11-04 03:08 . 2009-11-04 03:09 -------- d-----w- c:\documents and settings\Mummy\Application Data\MissTeriTale3
2009-11-03 11:25 . 2009-11-03 11:28 -------- d-----w- C:\$AVG
2009-11-03 11:24 . 2009-11-07 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-03 11:24 . 2009-11-08 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-03 01:39 . 2009-11-03 01:39 -------- d-----w- C:\ProgramData
2009-11-02 21:44 . 2009-10-04 07:51 3510552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-01 11:36 . 2009-11-01 11:36 -------- d-----w- c:\documents and settings\Mummy\Application Data\Magic Academy 2
2009-10-28 03:52 . 2009-10-28 03:52 -------- d-----w- c:\documents and settings\Mummy\Local Settings\Application Data\STARGAZE_IMAGE_CACHE
2009-10-28 03:52 . 2009-10-28 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 09:29 . 2009-09-13 06:45 -------- d-----w- c:\program files\iWin Games
2009-11-25 09:29 . 2008-09-25 03:40 -------- d-----w- c:\program files\iWin
2009-11-25 09:13 . 2008-07-08 03:05 -------- d-----w- c:\program files\AVG
2009-11-25 09:09 . 2008-07-08 10:36 24056 ----a-w- c:\documents and settings\Daddy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-24 10:44 . 2009-10-19 08:54 0 ----a-w- c:\windows\win32k.sys
2009-11-15 05:04 . 2008-07-13 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-08 11:18 . 2008-07-30 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-11-08 11:10 . 2008-08-18 05:23 -------- d-----w- c:\program files\MSN Games
2009-11-08 11:10 . 2008-09-08 06:35 -------- d-----w- c:\program files\Super Granny 3
2009-11-08 11:10 . 2008-12-28 08:05 -------- d-----w- c:\program files\Alawar
2009-11-08 11:09 . 2009-01-22 04:09 -------- d-----w- c:\program files\Snowy Treasure Hunter 3
2009-11-08 11:09 . 2008-09-08 06:35 -------- d-----w- c:\program files\Snowy Treasure Hunter 2
2009-11-08 11:09 . 2008-09-25 02:39 -------- d-----w- c:\program files\MumboJumbo
2009-11-08 11:08 . 2008-09-25 03:44 -------- d-----w- c:\program files\iWin.com
2009-11-08 11:05 . 2008-09-25 03:04 -------- d-----w- c:\program files\Fatman Adventures
2009-11-08 11:04 . 2008-09-25 02:37 -------- d-----w- c:\program files\Double Digger
2009-11-08 11:03 . 2008-09-01 02:56 -------- d-----w- c:\program files\Brave Dwarves Back For Treasures
2009-11-08 11:02 . 2008-11-23 07:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 10:56 . 2008-07-13 04:48 -------- d-----w- c:\program files\fuck off
2009-11-07 11:19 . 2008-07-08 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-04 03:44 . 2008-08-18 05:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 11:24 . 2008-07-08 03:06 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2009-10-23 02:39 . 2008-12-15 01:24 -------- d-----w- c:\documents and settings\Mummy\Application Data\EleFun Games
2009-10-19 02:09 . 2009-09-30 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-10-19 01:08 . 2009-10-19 01:08 -------- d-----w- c:\documents and settings\Mummy\Application Data\Alawar
2009-10-19 01:00 . 2009-01-19 22:38 -------- d-----w- c:\documents and settings\Mummy\Application Data\Meridian93
2009-10-19 00:24 . 2009-10-19 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MythPeople
2009-10-16 23:27 . 2009-10-16 23:28 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-13 03:13 . 2009-10-13 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Becky Brogan
2009-10-09 02:20 . 2009-10-09 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS
2009-10-06 10:42 . 2009-10-06 10:42 152576 ----a-w- c:\documents and settings\Daddy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-04 07:51 . 2009-10-20 22:30 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-04 07:49 . 2009-10-08 06:28 1142552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-09-30 02:05 . 2009-09-30 02:05 -------- d-----w- c:\documents and settings\Mummy\Application Data\Merscom
2009-09-26 11:45 . 2009-09-26 11:45 -------- d-----w- c:\documents and settings\Mummy\Application Data\FlyWheelGames
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-24 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Daddy\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-7-20 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2008-11-2 1757]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 00:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHUPD05"=c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" /hide
"Name of App"=c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/07/2008 2:06 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/07/2008 2:06 PM 108552]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [3/09/2009 4:30 AM 78104]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [24/06/2008 7:56 PM 431384]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/07/2008 1:43 PM 297752]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [28/07/2009 8:39 PM 152576]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 05:05]

2009-11-15 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-11-08 04:31]

2009-11-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-11-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025&prod=0&mode=1&app=inclient&version=7.0.473.000&lang=en&locale=en-AU&date=-86400&link_id=4&dest=try_product&lic=j5hvqhisiu3s4he7bhx644bu4g0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bigpond.com\my
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
SafeBoot-AVG Anti-Spyware Driver
AddRemove-Collapse! Crunch - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-RealArcade - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1908)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\Webshots\webshots.scr
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
.
**************************************************************************
.
Completion time: 2009-11-25 20:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-25 09:45
ComboFix2.txt 2008-09-16 09:41

Pre-Run: 13,357,010,944 bytes free
Post-Run: 14,445,318,144 bytes free

- - End Of File - - 23F55B13A206101EF4C5369462083B9D

Blade81 · Nov 25, 2009

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Code:

Rootkit::
c:\windows\win32k.sys
DirLook::
c:\program files\fuck off
DDS::
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Disable AVG properly, close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and shockwave entries and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

TassieWarrior · Nov 26, 2009

Hi again, when i ran combofix it tells me that avg is running but the only reference i can find of avg is 1 folder in program files with only a few files in it, it won't allow me to uninstall it or turn it off, it seemingly doesn't exist??

ComboFix 09-11-24.04 - Daddy 26/11/2009 10:28.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.3031 [GMT 11:00]
Running from: c:\documents and settings\Daddy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Daddy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-25 23:16 . 2009-11-25 23:16 -------- d-----w- c:\program files\Java
2009-11-25 23:15 . 2009-11-25 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-25 23:15 . 2009-11-25 23:15 152576 ----a-w- c:\documents and settings\Daddy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 22:54 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Daddy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-25 22:54 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-25 22:54 . 2009-11-25 22:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-25 22:52 . 2009-11-25 22:52 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-25 22:52 . 2009-11-25 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-25 09:00 . 2009-11-25 09:00 389120 ----a-w- c:\windows\system32\CF26019.exe
2009-11-25 08:17 . 2009-11-25 08:17 85504 ----a-w- c:\program files\Inherit.exe
2009-11-15 22:11 . 2009-11-24 11:31 -------- d--h--w- c:\windows\PIF
2009-11-15 22:01 . 2009-11-15 22:01 -------- d-----w- c:\documents and settings\Daddy\Application Data\Malwarebytes
2009-11-15 22:01 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 22:01 . 2009-11-15 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 22:01 . 2009-11-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-15 22:01 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 05:54 . 2009-11-15 05:54 -------- d-----w- c:\program files\Trend Micro
2009-11-08 11:22 . 2009-11-15 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 09:57 . 2009-11-08 09:57 79488 ----a-w- c:\documents and settings\Daddy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-08 09:27 . 2009-11-08 09:27 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-08 09:21 . 2009-11-08 09:21 -------- d-----w- c:\documents and settings\Daddy\Application Data\AVG8
2009-11-08 09:21 . 2009-11-08 09:21 -------- d-----w- C:\$AVG8.VAULT$
2009-11-04 03:08 . 2009-11-04 03:09 -------- d-----w- c:\documents and settings\Mummy\Application Data\MissTeriTale3
2009-11-03 11:25 . 2009-11-03 11:28 -------- d-----w- C:\$AVG
2009-11-03 11:24 . 2009-11-07 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-03 11:24 . 2009-11-08 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-03 01:39 . 2009-11-03 01:39 -------- d-----w- C:\ProgramData
2009-11-02 21:44 . 2009-10-04 07:51 3510552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-01 11:36 . 2009-11-01 11:36 -------- d-----w- c:\documents and settings\Mummy\Application Data\Magic Academy 2
2009-10-28 03:52 . 2009-10-28 03:52 -------- d-----w- c:\documents and settings\Mummy\Local Settings\Application Data\STARGAZE_IMAGE_CACHE
2009-10-28 03:52 . 2009-10-28 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 23:16 . 2008-12-03 07:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-25 22:56 . 2008-07-10 12:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-25 09:29 . 2009-09-13 06:45 -------- d-----w- c:\program files\iWin Games
2009-11-25 09:29 . 2008-09-25 03:40 -------- d-----w- c:\program files\iWin
2009-11-25 09:13 . 2008-07-08 03:05 -------- d-----w- c:\program files\AVG
2009-11-25 09:09 . 2008-07-08 10:36 24056 ----a-w- c:\documents and settings\Daddy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-15 05:04 . 2008-07-13 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-08 11:18 . 2008-07-30 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-11-08 11:10 . 2008-08-18 05:23 -------- d-----w- c:\program files\MSN Games
2009-11-08 11:10 . 2008-09-08 06:35 -------- d-----w- c:\program files\Super Granny 3
2009-11-08 11:10 . 2008-12-28 08:05 -------- d-----w- c:\program files\Alawar
2009-11-08 11:09 . 2009-01-22 04:09 -------- d-----w- c:\program files\Snowy Treasure Hunter 3
2009-11-08 11:09 . 2008-09-08 06:35 -------- d-----w- c:\program files\Snowy Treasure Hunter 2
2009-11-08 11:09 . 2008-09-25 02:39 -------- d-----w- c:\program files\MumboJumbo
2009-11-08 11:08 . 2008-09-25 03:44 -------- d-----w- c:\program files\iWin.com
2009-11-08 11:05 . 2008-09-25 03:04 -------- d-----w- c:\program files\Fatman Adventures
2009-11-08 11:04 . 2008-09-25 02:37 -------- d-----w- c:\program files\Double Digger
2009-11-08 11:03 . 2008-09-01 02:56 -------- d-----w- c:\program files\Brave Dwarves Back For Treasures
2009-11-08 11:02 . 2008-11-23 07:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 10:56 . 2008-07-13 04:48 -------- d-----w- c:\program files\fuck off
2009-11-07 11:19 . 2008-07-08 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-04 03:44 . 2008-08-18 05:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 11:24 . 2008-07-08 03:06 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2009-10-23 02:39 . 2008-12-15 01:24 -------- d-----w- c:\documents and settings\Mummy\Application Data\EleFun Games
2009-10-19 02:09 . 2009-09-30 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-10-19 01:08 . 2009-10-19 01:08 -------- d-----w- c:\documents and settings\Mummy\Application Data\Alawar
2009-10-19 01:00 . 2009-01-19 22:38 -------- d-----w- c:\documents and settings\Mummy\Application Data\Meridian93
2009-10-19 00:24 . 2009-10-19 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MythPeople
2009-10-16 23:27 . 2009-10-16 23:28 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-13 03:13 . 2009-10-13 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Becky Brogan
2009-10-09 02:20 . 2009-10-09 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS
2009-10-06 10:42 . 2009-10-06 10:42 152576 ----a-w- c:\documents and settings\Daddy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-04 07:51 . 2009-10-20 22:30 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-04 07:49 . 2009-10-08 06:28 1142552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-09-30 02:05 . 2009-09-30 02:05 -------- d-----w- c:\documents and settings\Mummy\Application Data\Merscom
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\fuck off ----

2008-07-13 04:48 . 2008-01-28 01:43 5146448 --sha-r- c:\program files\fuck off\LGLVMLYWNBLRPT.scr
2008-07-13 04:48 . 2008-07-30 04:45 4891984 --sha-r- c:\program files\fuck off\SpybotSD.exe

((((((((((((((((((((((((((((( SnapShot@2009-11-25_09.37.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-25 23:42 . 2009-11-25 23:42 16384 c:\windows\temp\Perflib_Perfdata_7c0.dat
- 2008-07-08 10:13 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-08 10:13 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2009-11-25 22:59 . 2009-11-25 22:59 89101 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-11-25 22:58 . 2009-11-25 22:58 87618 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- 2008-07-11 11:44 . 2008-06-17 06:11 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-10-29 05:45 . 2009-10-29 05:45 67000 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2009-11-25 22:54 . 2009-11-25 22:54 21504 c:\windows\Installer\69efd.msi
+ 2009-11-25 22:54 . 2009-11-25 22:54 27648 c:\windows\Installer\69ef7.msi
+ 2009-11-25 10:17 . 2009-11-25 10:17 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
- 2008-07-11 11:44 . 2008-06-17 06:13 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-11-25 23:16 . 2009-11-25 23:16 149280 c:\windows\system32\javaws.exe
+ 2009-11-25 23:16 . 2009-11-25 23:16 145184 c:\windows\system32\javaw.exe
+ 2009-11-25 23:16 . 2009-11-25 23:16 145184 c:\windows\system32\java.exe
+ 2009-10-29 04:55 . 2009-10-29 04:55 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2008-07-11 11:44 . 2008-06-17 06:15 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1152602.exe
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
- 2008-07-11 11:44 . 2008-06-17 06:15 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-11-25 10:17 . 2009-11-25 10:17 429568 c:\windows\Installer\26248e.msi
+ 2009-07-20 13:03 . 2009-07-20 13:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-09 11:00 . 2009-07-30 23:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-20 13:05 . 2009-07-20 13:05 1348432 c:\windows\system32\msxml4.dll
+ 2006-02-28 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2008-09-09 11:00 . 2009-07-30 23:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-12 06:22 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
- 2008-07-11 11:44 . 2008-06-17 05:36 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-11-25 22:56 . 2009-11-25 22:56 3940352 c:\windows\Installer\69f03.msi
+ 2009-11-25 23:16 . 2009-11-25 23:16 1757696 c:\windows\Installer\25ee3.msi
+ 2009-07-17 09:12 . 2009-07-17 09:12 1962160 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-24 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Daddy\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-7-20 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2008-11-2 1757]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 00:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHUPD05"=c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" /hide
"Name of App"=c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/07/2008 2:06 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/07/2008 2:06 PM 108552]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [3/09/2009 4:30 AM 78104]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [24/06/2008 7:56 PM 431384]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/07/2008 1:43 PM 297752]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [28/07/2009 8:39 PM 152576]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 05:05]

2009-11-15 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-11-08 04:31]

2009-11-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-11-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025&prod=0&mode=1&app=inclient&version=7.0.473.000&lang=en&locale=en-AU&date=-86400&link_id=4&dest=try_product&lic=j5hvqhisiu3s4he7bhx644bu4g0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bigpond.com\my
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 10:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\Webshots\webshots.scr
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
.
**************************************************************************
.
Completion time: 2009-11-26 10:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-25 23:55
ComboFix2.txt 2009-11-25 09:45
ComboFix3.txt 2008-09-16 09:41

Pre-Run: 13,963,673,600 bytes free
Post-Run: 13,940,662,272 bytes free

- - End Of File - - EDCB3423938CBFC4E7ED7ACE53AEEE2E

TassieWarrior · Nov 26, 2009

Here is 2 kaspersky logs for critical and my computer scans

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, November 26, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, November 26, 2009 01:04:09
Records in database: 3291379
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 184964
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:40:24

File name / Threat / Threats count
C:\Documents and Settings\Daddy\My Documents\Cdvd.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ak 1

Selected area has been scanned.

Kaspersky critical area scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, November 26, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, November 26, 2009 01:04:09
Records in database: 3291379
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Daddy\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Objects scanned: 81721
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:06:25

No threats found. Scanned area is clean.

Selected area has been scanned.

TassieWarrior · Nov 26, 2009

Fresh dds.txt log

DDS (Ver_09-09-29.01) - NTFSx86
Run by Daddy at 17:39:02.03 on Thu 26/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2685 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Daddy\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025&prod=0&mode=1&app=inclient&version=7.0.473.000&lang=en&locale=en-AU&date=-86400&link_id=4&dest=try_product&lic=j5hvqhisiu3s4he7bhx644bu4g0
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\daddy\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: bigpond.com\my
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-8 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 108552]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-9-3 78104]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys --> c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [?]
S1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\avgascln.sys --> c:\windows\system32\drivers\AvgAsCln.sys [?]
S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe --> c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [?]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-12 297752]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-28 152576]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-11-26 10:27 <DIR> --d----- C:\ComboFix
2009-11-26 10:16 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-25 20:17 <DIR> a-dshr-- C:\cmdcons
2009-11-25 20:14 260,608 a------- c:\windows\PEV.exe
2009-11-25 20:14 77,312 a------- c:\windows\MBR.exe
2009-11-25 20:00 389,120 a------- c:\windows\system32\CF26019.exe
2009-11-25 19:17 85,504 a------- c:\program files\Inherit.exe
2009-11-16 09:11 <DIR> --d-h--- c:\windows\PIF
2009-11-16 09:01 <DIR> --d----- c:\docume~1\daddy\applic~1\Malwarebytes
2009-11-16 09:01 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 09:01 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-11-16 09:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 09:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-15 16:54 <DIR> --d----- c:\program files\Trend Micro
2009-11-08 22:22 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-11-08 20:27 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-11-08 20:21 <DIR> --d----- c:\docume~1\daddy\applic~1\AVG8
2009-11-08 20:21 <DIR> --d----- C:\$AVG8.VAULT$
2009-11-03 22:25 <DIR> --d----- C:\$AVG
2009-11-03 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-11-03 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-11-03 12:39 <DIR> --d----- C:\ProgramData
2009-10-28 14:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alawar Stargaze

==================== Find3M ====================

2009-11-26 10:16 411,368 a------- c:\windows\system32\deploytk.dll
2009-11-03 22:24 12,464 a------- c:\windows\system32\avgrsstx(2).dll
2009-09-12 01:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-05 08:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 19:08 916,480 -------- c:\windows\system32\wininet.dll
2008-09-16 21:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat
2008-09-16 21:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 17:39:19.39 ===============

Blade81 · Nov 26, 2009

Hi,

Try this AVG remover.

TassieWarrior · Nov 26, 2009

This is the log from the avgremover program, has it removed it?

2009-11-26 07:15:50,265 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:15:50,281 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:15:50,281 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2009-11-26 07:15:50,281 WARN AvgDir param empty.
2009-11-26 07:15:50,281 WARN AvgDataDir param empty.
2009-11-26 07:15:57,500 INFO AvgRemover runs in attempt number 1
2009-11-26 07:15:57,500 INFO ***** Services *****
2009-11-26 07:15:57,500 INFO Processing service avg8emc
2009-11-26 07:15:57,500 INFO Service avg8emc is not running
2009-11-26 07:15:57,500 DEBUG Service avg8emc Delete
2009-11-26 07:15:57,500 DEBUG Service avg8emc RegCleanup
2009-11-26 07:15:57,500 INFO Processing service avgfws8
2009-11-26 07:15:57,515 INFO Service avgfws8 is not installed
2009-11-26 07:15:57,515 DEBUG Service avgfws8 RegCleanup
2009-11-26 07:15:57,515 DEBUG Registry keys for service avgfws8 are not present
2009-11-26 07:15:57,515 INFO Processing service avg8wd
2009-11-26 07:15:57,515 DEBUG Service avg8wd BeforeStop
2009-11-26 07:15:57,562 WARN Service avg8wd Failed to SetStoppable command (error: e0010127)
2009-11-26 07:15:57,562 DEBUG Service avg8wd BeforeStop failed
2009-11-26 07:15:57,562 INFO Service avg8wd is not running
2009-11-26 07:15:57,562 DEBUG Service avg8wd Delete
2009-11-26 07:15:57,562 DEBUG Service avg8wd RegCleanup
2009-11-26 07:15:57,562 INFO Processing service AvgWFPx
2009-11-26 07:15:57,562 INFO Service AvgWFPx is not installed
2009-11-26 07:15:57,562 DEBUG Service AvgWFPx RegCleanup
2009-11-26 07:15:57,562 DEBUG Registry keys for service AvgWFPx are not present
2009-11-26 07:15:57,562 INFO Processing service AvgWFPa
2009-11-26 07:15:57,562 INFO Service AvgWFPa is not installed
2009-11-26 07:15:57,562 DEBUG Service AvgWFPa RegCleanup
2009-11-26 07:15:57,562 DEBUG Registry keys for service AvgWFPa are not present
2009-11-26 07:15:57,562 INFO Processing service AvgMfx86
2009-11-26 07:15:57,562 DEBUG Service AvgMfx86 Stop
2009-11-26 07:17:17,812 DEBUG Service AvgMfx86 Stop failed (error: e0010031), RESTART planned
2009-11-26 07:17:17,812 DEBUG Service AvgMfx86 Stop failed
2009-11-26 07:17:17,812 DEBUG Service AvgMfx86 Delete
2009-11-26 07:17:41,921 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:17:41,921 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:17:41,921 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2009-11-26 07:17:41,921 WARN AvgDir param empty.
2009-11-26 07:17:41,921 WARN AvgDataDir param empty.
2009-11-26 07:17:43,515 INFO AvgRemover runs in attempt number 1
2009-11-26 07:17:43,515 INFO ***** Services *****
2009-11-26 07:17:43,515 INFO Processing service avg8emc
2009-11-26 07:17:43,515 INFO Service avg8emc is not installed
2009-11-26 07:17:43,515 DEBUG Service avg8emc RegCleanup
2009-11-26 07:17:43,515 DEBUG Registry keys for service avg8emc are not present
2009-11-26 07:17:43,515 INFO Processing service avgfws8
2009-11-26 07:17:43,515 INFO Service avgfws8 is not installed
2009-11-26 07:17:43,515 DEBUG Service avgfws8 RegCleanup
2009-11-26 07:17:43,515 DEBUG Registry keys for service avgfws8 are not present
2009-11-26 07:17:43,515 INFO Processing service avg8wd
2009-11-26 07:17:43,515 INFO Service avg8wd is not installed
2009-11-26 07:17:43,515 DEBUG Service avg8wd RegCleanup
2009-11-26 07:17:43,515 DEBUG Registry keys for service avg8wd are not present
2009-11-26 07:17:43,515 INFO Processing service AvgWFPx
2009-11-26 07:17:43,515 INFO Service AvgWFPx is not installed
2009-11-26 07:17:43,515 DEBUG Service AvgWFPx RegCleanup
2009-11-26 07:17:43,515 DEBUG Registry keys for service AvgWFPx are not present
2009-11-26 07:17:43,515 INFO Processing service AvgWFPa
2009-11-26 07:17:43,515 INFO Service AvgWFPa is not installed
2009-11-26 07:17:43,515 DEBUG Service AvgWFPa RegCleanup
2009-11-26 07:17:43,515 DEBUG Registry keys for service AvgWFPa are not present
2009-11-26 07:17:43,515 INFO Processing service AvgMfx86
2009-11-26 07:17:43,515 DEBUG Service AvgMfx86 Stop
2009-11-26 07:18:02,234 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:18:02,234 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:18:02,234 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2009-11-26 07:18:02,234 WARN AvgDir param empty.
2009-11-26 07:18:02,234 WARN AvgDataDir param empty.
2009-11-26 07:18:03,484 INFO AvgRemover runs in attempt number 1
2009-11-26 07:18:03,484 INFO ***** Services *****
2009-11-26 07:18:03,484 INFO Processing service avg8emc
2009-11-26 07:18:03,484 INFO Service avg8emc is not installed
2009-11-26 07:18:03,484 DEBUG Service avg8emc RegCleanup
2009-11-26 07:18:03,484 DEBUG Registry keys for service avg8emc are not present
2009-11-26 07:18:03,484 INFO Processing service avgfws8
2009-11-26 07:18:03,484 INFO Service avgfws8 is not installed
2009-11-26 07:18:03,484 DEBUG Service avgfws8 RegCleanup
2009-11-26 07:18:03,484 DEBUG Registry keys for service avgfws8 are not present
2009-11-26 07:18:03,484 INFO Processing service avg8wd
2009-11-26 07:18:03,484 INFO Service avg8wd is not installed
2009-11-26 07:18:03,484 DEBUG Service avg8wd RegCleanup
2009-11-26 07:18:03,484 DEBUG Registry keys for service avg8wd are not present
2009-11-26 07:18:03,484 INFO Processing service AvgWFPx
2009-11-26 07:18:03,484 INFO Service AvgWFPx is not installed
2009-11-26 07:18:03,484 DEBUG Service AvgWFPx RegCleanup
2009-11-26 07:18:03,484 DEBUG Registry keys for service AvgWFPx are not present
2009-11-26 07:18:03,484 INFO Processing service AvgWFPa
2009-11-26 07:18:03,484 INFO Service AvgWFPa is not installed
2009-11-26 07:18:03,484 DEBUG Service AvgWFPa RegCleanup
2009-11-26 07:18:03,484 DEBUG Registry keys for service AvgWFPa are not present
2009-11-26 07:18:03,484 INFO Processing service AvgMfx86
2009-11-26 07:18:03,484 DEBUG Service AvgMfx86 Stop
2009-11-26 07:19:42,140 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:19:42,156 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:19:42,156 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2009-11-26 07:19:42,156 WARN AvgDir param empty.
2009-11-26 07:19:42,156 WARN AvgDataDir param empty.
2009-11-26 07:19:43,421 INFO AvgRemover runs in attempt number 1
2009-11-26 07:19:43,421 INFO ***** Services *****
2009-11-26 07:19:43,421 INFO Processing service avg8emc
2009-11-26 07:19:43,421 INFO Service avg8emc is not installed
2009-11-26 07:19:43,421 DEBUG Service avg8emc RegCleanup
2009-11-26 07:19:43,421 DEBUG Registry keys for service avg8emc are not present
2009-11-26 07:19:43,421 INFO Processing service avgfws8
2009-11-26 07:19:43,421 INFO Service avgfws8 is not installed
2009-11-26 07:19:43,421 DEBUG Service avgfws8 RegCleanup
2009-11-26 07:19:43,421 DEBUG Registry keys for service avgfws8 are not present
2009-11-26 07:19:43,421 INFO Processing service avg8wd
2009-11-26 07:19:43,421 INFO Service avg8wd is not installed
2009-11-26 07:19:43,421 DEBUG Service avg8wd RegCleanup
2009-11-26 07:19:43,421 DEBUG Registry keys for service avg8wd are not present
2009-11-26 07:19:43,437 INFO Processing service AvgWFPx
2009-11-26 07:19:43,437 INFO Service AvgWFPx is not installed
2009-11-26 07:19:43,437 DEBUG Service AvgWFPx RegCleanup
2009-11-26 07:19:43,437 DEBUG Registry keys for service AvgWFPx are not present
2009-11-26 07:19:43,437 INFO Processing service AvgWFPa
2009-11-26 07:19:43,437 INFO Service AvgWFPa is not installed
2009-11-26 07:19:43,437 DEBUG Service AvgWFPa RegCleanup
2009-11-26 07:19:43,437 DEBUG Registry keys for service AvgWFPa are not present
2009-11-26 07:19:43,437 INFO Processing service AvgMfx86
2009-11-26 07:19:43,437 DEBUG Service AvgMfx86 Stop
2009-11-26 07:21:05,265 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:21:05,265 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:21:05,265 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2009-11-26 07:21:05,265 WARN AvgDir param empty.
2009-11-26 07:21:05,265 WARN AvgDataDir param empty.
2009-11-26 07:21:06,656 INFO AvgRemover runs in attempt number 1
2009-11-26 07:21:06,656 INFO ***** Services *****
2009-11-26 07:21:06,656 INFO Processing service avg8emc
2009-11-26 07:21:06,656 INFO Service avg8emc is not installed
2009-11-26 07:21:06,656 DEBUG Service avg8emc RegCleanup
2009-11-26 07:21:06,656 DEBUG Registry keys for service avg8emc are not present
2009-11-26 07:21:06,656 INFO Processing service avgfws8
2009-11-26 07:21:06,656 INFO Service avgfws8 is not installed
2009-11-26 07:21:06,656 DEBUG Service avgfws8 RegCleanup
2009-11-26 07:21:06,656 DEBUG Registry keys for service avgfws8 are not present
2009-11-26 07:21:06,656 INFO Processing service avg8wd
2009-11-26 07:21:06,656 INFO Service avg8wd is not installed
2009-11-26 07:21:06,656 DEBUG Service avg8wd RegCleanup
2009-11-26 07:21:06,656 DEBUG Registry keys for service avg8wd are not present
2009-11-26 07:21:06,656 INFO Processing service AvgWFPx
2009-11-26 07:21:06,656 INFO Service AvgWFPx is not installed
2009-11-26 07:21:06,656 DEBUG Service AvgWFPx RegCleanup
2009-11-26 07:21:06,656 DEBUG Registry keys for service AvgWFPx are not present
2009-11-26 07:21:06,656 INFO Processing service AvgWFPa
2009-11-26 07:21:06,656 INFO Service AvgWFPa is not installed
2009-11-26 07:21:06,656 DEBUG Service AvgWFPa RegCleanup
2009-11-26 07:21:06,656 DEBUG Registry keys for service AvgWFPa are not present
2009-11-26 07:21:06,656 INFO Processing service AvgMfx86
2009-11-26 07:21:06,656 DEBUG Service AvgMfx86 Stop
2009-11-26 07:21:32,125 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:21:32,125 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-11-26 07:21:32,125 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

rogramFilesDir (x86) value failed (error: e001003d)
2009-11-26 07:21:32,125 WARN AvgDir param empty.
2009-11-26 07:21:32,125 WARN AvgDataDir param empty.
2009-11-26 07:21:33,093 INFO AvgRemover runs in attempt number 1
2009-11-26 07:21:33,109 INFO ***** Services *****
2009-11-26 07:21:33,109 INFO Processing service avg8emc
2009-11-26 07:21:33,109 INFO Service avg8emc is not installed
2009-11-26 07:21:33,109 DEBUG Service avg8emc RegCleanup
2009-11-26 07:21:33,109 DEBUG Registry keys for service avg8emc are not present
2009-11-26 07:21:33,109 INFO Processing service avgfws8
2009-11-26 07:21:33,109 INFO Service avgfws8 is not installed
2009-11-26 07:21:33,109 DEBUG Service avgfws8 RegCleanup
2009-11-26 07:21:33,109 DEBUG Registry keys for service avgfws8 are not present
2009-11-26 07:21:33,109 INFO Processing service avg8wd
2009-11-26 07:21:33,109 INFO Service avg8wd is not installed
2009-11-26 07:21:33,109 DEBUG Service avg8wd RegCleanup
2009-11-26 07:21:33,109 DEBUG Registry keys for service avg8wd are not present
2009-11-26 07:21:33,109 INFO Processing service AvgWFPx
2009-11-26 07:21:33,109 INFO Service AvgWFPx is not installed
2009-11-26 07:21:33,109 DEBUG Service AvgWFPx RegCleanup
2009-11-26 07:21:33,109 DEBUG Registry keys for service AvgWFPx are not present
2009-11-26 07:21:33,109 INFO Processing service AvgWFPa
2009-11-26 07:21:33,109 INFO Service AvgWFPa is not installed
2009-11-26 07:21:33,109 DEBUG Service AvgWFPa RegCleanup
2009-11-26 07:21:33,109 DEBUG Registry keys for service AvgWFPa are not present
2009-11-26 07:21:33,109 INFO Processing service AvgMfx86
2009-11-26 07:21:33,109 DEBUG Service AvgMfx86 Stop

Blade81 · Nov 26, 2009

Post a fresh dds log taken after remover run, please.

TassieWarrior · Nov 26, 2009

DDS (Ver_09-09-29.01) - NTFSx86
Run by Daddy at 18:50:47.29 on Thu 26/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2990 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Daddy\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025&prod=0&mode=1&app=inclient&version=7.0.473.000&lang=en&locale=en-AU&date=-86400&link_id=4&dest=try_product&lic=j5hvqhisiu3s4he7bhx644bu4g0
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\daddy\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: bigpond.com\my
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 108552]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-9-3 78104]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S?1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-8 27784]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys --> c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [?]
S1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\avgascln.sys --> c:\windows\system32\drivers\AvgAsCln.sys [?]
S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe --> c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-28 152576]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-11-26 10:27 <DIR> --d----- C:\ComboFix
2009-11-26 10:16 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-25 20:17 <DIR> a-dshr-- C:\cmdcons
2009-11-25 20:14 260,608 a------- c:\windows\PEV.exe
2009-11-25 20:14 77,312 a------- c:\windows\MBR.exe
2009-11-25 20:00 389,120 a------- c:\windows\system32\CF26019.exe
2009-11-25 19:17 85,504 a------- c:\program files\Inherit.exe
2009-11-16 09:11 <DIR> --d-h--- c:\windows\PIF
2009-11-16 09:01 <DIR> --d----- c:\docume~1\daddy\applic~1\Malwarebytes
2009-11-16 09:01 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 09:01 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-11-16 09:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 09:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-15 16:54 <DIR> --d----- c:\program files\Trend Micro
2009-11-08 22:22 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-11-08 20:27 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-11-08 20:21 <DIR> --d----- c:\docume~1\daddy\applic~1\AVG8
2009-11-08 20:21 <DIR> --d----- C:\$AVG8.VAULT$
2009-11-03 22:25 <DIR> --d----- C:\$AVG
2009-11-03 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-11-03 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-11-03 12:39 <DIR> --d----- C:\ProgramData
2009-10-28 14:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alawar Stargaze

==================== Find3M ====================

2009-11-26 10:16 411,368 a------- c:\windows\system32\deploytk.dll
2009-11-03 22:24 12,464 a------- c:\windows\system32\avgrsstx(2).dll
2009-09-12 01:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-05 08:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 19:08 916,480 -------- c:\windows\system32\wininet.dll
2008-09-16 21:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat
2008-09-16 21:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 18:51:27.92 ===============

Spybot and HJT won't run

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member