I think I am going mad. My webhost claims i have a trojan/keylogger installed. I ran AVG and it did come up with an error that looked dodgy. So I decided to back up outlook email data and some folders. i.e. docs, pictures etc

I formatted computer. Installed a fresh copy of AVG, Malwarebytes, PeerGuardian and Peerblock, as well as both versions of Spybot Search and Destroy. I have run all of these which say I am clean. But after intense reading for the past few days, i've decided to come here.

My websites are still getting hacked even though I've changed computer. (I will create a second thread for next computer when this issue resolved.)

My second computer is a Netbook. So I DID use the USB mouse and wireless USB keyboard that I had plugged into the desktop. I didn't think this would be an issue, but mentioning in case it is.

Hijakthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:14:51 PM, on 9/20/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Paint.NET\PaintDotNet.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Stephen\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" -nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347279295796
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 9221 bytes

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Stephen at 19:20:21 on 2012-09-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.1293 [GMT 10:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Paint.NET\PaintDotNet.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Stephen\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TWCU] "c:\program files\tp-link\tp-link wireless client utility\TWCU.exe" -nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347279295796
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{C606F787-1E2B-4E80-98ED-71E79432A284} : DhcpNameServer = 10.0.0.138
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: SDWinLogon - SDWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\stephen\application data\mozilla\firefox\profiles\aq9ydxfx.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1ba1d223-80ef-4c01-bec4-a629244dac38%7D&mid=&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-09-05%2015%3A31%3A50&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301920]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-9-17 105832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-17 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-17 676936]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-9-18 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-9-18 1358360]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-9-6 935008]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-9-4 285152]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-17 22856]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-9-17 19056]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-9-4 50704]
.
=============== Created Last 30 ================
.
2012-09-18 03:56:33 -------- d-----w- c:\documents and settings\stephen\application data\Malwarebytes
2012-09-18 03:32:12 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-09-18 03:32:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-09-18 03:01:02 -------- d-----w- c:\windows\system32\LogFiles
2012-09-17 12:11:17 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-09-17 12:11:14 -------- d-----w- c:\program files\Security Task Manager
2012-09-17 12:07:18 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Apple Computer
2012-09-17 12:06:52 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-17 12:05:12 -------- d-----w- c:\program files\iPod
2012-09-17 12:05:06 -------- d-----w- c:\program files\iTunes
2012-09-17 12:05:06 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-17 12:04:31 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Apple
2012-09-17 12:03:32 -------- d-----w- c:\program files\Bonjour
2012-09-17 10:57:05 -------- d-----w- c:\program files\PeerBlock
2012-09-17 10:03:51 -------- d-sh--w- c:\documents and settings\stephen\IECompatCache
2012-09-17 08:11:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-17 08:11:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-17 08:11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 08:06:58 -------- d-----w- c:\program files\HitmanPro
2012-09-17 08:06:41 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-09-17 07:03:15 -------- d-----w- c:\program files\PeerGuardian2
2012-09-16 03:50:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-11 03:20:22 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Sun
2012-09-11 01:24:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-11 01:24:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-11 01:24:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-11 01:23:51 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-10 05:40:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-10 05:40:41 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-09-07 10:07:42 50250 ----a-w- c:\program files\common files\microsoft shared\proof\Uninstal.exe
2012-09-07 04:59:53 -------- d-----w- c:\documents and settings\stephen\application data\AVG
2012-09-07 04:59:13 -------- d-----w- c:\documents and settings\all users\application data\AVG
2012-09-07 04:59:03 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-07 03:41:38 -------- d-----w- c:\windows\system32\XPSViewer
2012-09-07 03:41:13 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-09-07 03:40:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-09-07 03:40:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-09-07 03:40:58 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-09-07 03:40:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-09-07 03:40:58 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-09-07 03:40:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-09-07 03:40:58 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-09-07 03:40:58 117760 ------w- c:\windows\system32\prntvpt.dll
2012-09-07 00:43:04 -------- d-----w- c:\program files\Paint.NET
2012-09-07 00:43:01 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Paint.NET
2012-09-06 23:18:06 -------- d-----w- c:\program files\EditPlus 3
2012-09-06 23:18:06 -------- d-----w- c:\documents and settings\stephen\application data\EditPlus 3
2012-09-06 07:03:33 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-09-06 07:03:33 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-09-06 07:03:33 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-09-06 07:03:33 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-09-06 07:03:33 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-09-06 07:03:33 6144 ----a-w- c:\windows\system32\kbd101c.dll
2012-09-06 07:03:33 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-09-06 07:03:33 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-09-06 07:03:31 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-09-06 07:03:31 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-09-06 07:03:30 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-09-06 07:03:30 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-09-06 05:04:58 -------- d-----w- c:\windows\system32\cache
2012-09-06 04:33:53 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Google
2012-09-06 03:54:43 -------- d-sh--w- c:\documents and settings\stephen\PrivacIE
2012-09-06 01:03:42 -------- d-sh--w- c:\documents and settings\stephen\IETldCache
2012-09-06 00:32:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-06 00:31:56 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-09-06 00:31:27 -------- d-----w- c:\windows\ie8updates
2012-09-06 00:31:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-09-06 00:31:22 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-09-06 00:31:22 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-09-06 00:31:22 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-09-06 00:31:22 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-09-06 00:31:22 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-09-06 00:31:22 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-09-06 00:28:42 -------- dc-h--w- c:\windows\ie8
2012-09-05 23:56:16 -------- d-----w- c:\documents and settings\stephen\application data\OpenOffice.org
2012-09-05 23:38:01 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Temp
2012-09-05 23:38:01 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Adobe
2012-09-05 23:31:50 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-09-05 23:29:16 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-09-05 23:29:07 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-09-05 23:29:07 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-09-05 23:29:06 2192640 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-09-05 23:29:06 2069120 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-09-05 23:29:06 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-09-05 23:28:53 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-09-05 23:28:50 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-05 23:28:50 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-05 23:27:14 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-09-05 23:25:06 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-09-05 23:24:40 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-09-05 23:23:35 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-09-05 23:22:59 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-09-05 23:22:32 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-09-05 23:21:00 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-09-05 23:20:23 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-09-05 23:20:23 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-09-05 23:19:48 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-09-05 23:19:48 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-09-05 23:19:48 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-09-05 23:19:48 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-09-05 23:19:48 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-09-05 23:19:48 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-09-05 23:19:47 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-09-05 23:19:27 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-09-05 23:16:49 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-09-05 23:16:36 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-09-05 23:16:33 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-09-05 23:16:16 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-09-05 23:13:17 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-09-05 23:12:33 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-09-05 23:11:58 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-09-05 12:07:44 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-09-05 12:07:43 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-09-05 12:07:09 -------- d-----w- c:\windows\system32\PreInstall
2012-09-05 10:24:49 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-09-05 09:21:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 09:21:37 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 09:17:06 -------- d-----w- c:\program files\Filezila
2012-09-05 07:42:16 -------- d--h--r- C:\AHCache
2012-09-05 07:41:24 -------- d-----w- c:\program files\OpenOffice.org 3
2012-09-05 07:31:11 -------- d-----w- c:\program files\OpenOffice
2012-09-05 07:14:02 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-09-05 07:14:02 79872 ------w- c:\windows\system32\msxml6r.dll
2012-09-05 07:14:02 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-09-05 07:14:02 1372672 ------w- c:\windows\system32\msxml6.dll
2012-09-05 07:09:10 -------- d-----w- c:\windows\ServicePackFiles
2012-09-05 07:08:32 294912 ------w- c:\program files\windows media player\dlimport.exe
2012-09-05 07:08:22 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-09-05 07:01:24 19569 ----a-w- c:\windows\002884_.tmp
2012-09-05 07:01:22 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-09-05 07:01:18 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-09-05 05:46:34 -------- d-----w- c:\program files\Audacity
2012-09-05 05:44:28 -------- d-----r- c:\program files\Skype
2012-09-05 05:35:23 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Mozilla
2012-09-05 05:32:50 -------- d-----w- c:\documents and settings\stephen\application data\AVG2012
2012-09-05 05:32:17 -------- d-----w- c:\documents and settings\stephen\local settings\application data\AVG Secure Search
2012-09-05 05:32:15 -------- d-----w- c:\documents and settings\stephen\local settings\application data\Identities
2012-09-05 05:31:54 -------- d-----w- c:\documents and settings\stephen\application data\AVG Secure Search
2012-09-05 05:31:51 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-09-05 05:31:45 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-09-05 05:31:44 -------- d-----w- c:\program files\AVG Secure Search
2012-09-05 05:29:01 -------- d--h--w- C:\$AVG
2012-09-05 05:29:01 -------- d-----w- c:\windows\system32\drivers\AVG
2012-09-05 05:29:01 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-09-05 05:28:37 -------- d-----w- c:\program files\AVG
2012-09-05 05:26:06 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-09-05 05:26:06 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2012-08-24 05:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-21 03:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-25 17:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 19:26:04.94 ===============

Really hoping someone can confirm or deny if I am hit.

Thanks

Sorry I forgot to add AVG secure search isn't letting me to a lot of pages. I was just checking a site through their search wanting to click on trendhunter.com link and was pointed to http://rc12.overture.com/d/sr/?xargs=15KPjg1n9St5auwuf0L_iXEbqUkwwBk5XH-8IcfZhwbN1XhABpJfYuPa7By_VIYO1k53vTyPac-qRiOqz2n_mUEQ6QQU2IGufpjdjJlc5jcvrjSZEe2-9zgfy4y4suik4WGsKDSfeoz7jBIdPvbilGr8lUokjbv64srpvjh6ccBuuc1VB87Q2MLJgSvPp1tfz5e5dRDvYVdcaG1GHRbs8RnYk10rjnfT5Bd3a9_-4wsdq8FAs8t_-LcY4f6PL8_tbNK-HrzZFTalLCvfli_k-byF-t-Q..

Ontop of this a few weeks ago I was having issues with Chrome redirecting me to GBoxApp search. I uninstalled Chrome.

hi,

Your post is a few days old. If you still need help simply reply back.

thanks for the reply.

I still think I maybe infected.

Is a updated malwarebytes coming up clean after a full scan?
We will get another download to use.

Download Tdsskiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
let it run. You may be prompted to reboot your machine afterwards. It will create a log file on your desktop. Please post the log file.

Not to jump ahead or anything, but since you mentioned websites, this is a good reference topic to read through. (http://25yearsofprogramming.com/blog/20070705.htm) Lets confirm that your machine is clean first.

Hey, Thanks. TDS is one of the first things I tried. I have installed again and added Boot Sectors, Loaded Modules and Verify digital signatures and Detect TDLFS file system. 3 objects were found which weren't picked up before.

I have quarantined them as per attachment.

Sorry, yes. Malware bytes is coming up clean

Those unsigned files flagged by tdsskiller do not mean they are malware related.
We will get another download to use, its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the combofix log in your reply.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

ComboFix 12-10-04.01 - Stephen 10/04/2012 21:32:53.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.1490 [GMT 10:00]
Running from: c:\documents and settings\Stephen\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\avgfwdx.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fa82fcafb517016d.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-09-16 03:50 . 2012-10-02 01:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-05 07:42 . 2012-09-05 07:42 -------- d-----r- C:\AHCache
2012-09-05 05:29 . 2012-09-05 05:29 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 05:43 . 2012-03-18 19:17 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-21 03:01 . 2012-08-21 03:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-25 17:21 . 2012-02-21 19:25 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-06 13:58 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-09-07 07:12 . 2012-09-07 07:12 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-06 05:04 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-09-06 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1867888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-06 1107552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-12-27 561263]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-08-30 3904536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
.
c:\documents and settings\Stephen\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301920]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [6/13/2012 3:48 AM 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [9/17/2012 6:06 PM 105832]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/17/2012 6:11 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/17/2012 6:11 PM 676936]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [9/18/2012 1:32 PM 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [9/18/2012 1:32 PM 1358360]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [9/6/2012 3:04 PM 935008]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/17/2012 6:11 PM 22856]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [9/17/2012 8:57 PM 19056]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [9/4/2012 8:32 PM 285152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2012-10-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-09-18 04:11]
.
2012-09-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-09-18 04:10]
.
2012-09-18 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-09-18 04:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\aq9ydxfx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B1ba1d223-80ef-4c01-bec4-a629244dac38%7D&mid=&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-09-05%2015%3A31%3A50&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1ba1d223-80ef-4c01-bec4-a629244dac38%7D&mid=&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-09-05%2015%3A31%3A50&sap=ku&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-16801542.sys
SafeBoot-31676349.sys
SafeBoot-94287241.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-04 21:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hitmanpro36]
"ImagePath"="\??\c:\windows\system32\drivers\hitmanpro36.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Spybot - Search & Destroy 2\SDHelper.dll
c:\program files\Spybot - Search & Destroy 2\snlBase150.bpl
c:\program files\Spybot - Search & Destroy 2\DEC150.bpl
c:\program files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
c:\program files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\acs.exe
c:\program files\HitmanPro\HitmanPro.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
.
**************************************************************************
.
Completion time: 2012-10-04 21:46:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-04 11:45
.
Pre-Run: 1,956,328,198,144 bytes free
Post-Run: 1,956,340,518,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AA8C5628AADD002002A3F46188515C9F

ok. Thanks for the info. One more download to run:

Please download aswMBR.exe to your desktop.

aswMBR (http://public.avast.com/~gmerek/aswMBR.exe)

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/4/2012 8:00:57 PM
System Uptime: 10/5/2012 8:55:30 AM (4 hours ago)
.
Motherboard: MSI | | H61M-P21 (MS-7680)
Processor: Intel Pentium III Xeon processor | SOCKET 0 | 2893/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1822.052 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_68E1&SUBSYS_30001787&REV_00\4&8F789FD&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_68E1&SUBSYS_30001787&REV_00\4&8F789FD&0&0008
Service:
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&1F984801&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&1F984801&0&0001
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_76801462&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_76801462&REV_04\3&11583659&0&B0
Service:
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_14627680&REV_1000\4&C8540DE&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_14627680&REV_1000\4&C8540DE&0&0001
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_76801462&REV_C1\4&2190C0AB&0&00E4
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_76801462&REV_C1\4&2190C0AB&0&00E4
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76801462&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76801462&REV_05\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP1: 9/4/2012 8:12:02 PM - System Checkpoint
RP2: 9/4/2012 8:32:38 PM - Installed NETGEAR WNA3100 wireless USB 2.0 adapter
RP3: 9/5/2012 3:28:35 PM - Installed AVG 2012
RP4: 9/5/2012 3:28:45 PM - Installed AVG 2012
RP5: 9/5/2012 4:36:36 PM - Installed Windows XP KB932823-v3.
RP6: 9/5/2012 4:54:22 PM - Installed Windows XP KB932823-v3.
RP7: 9/5/2012 5:01:29 PM - Installed Windows XP Service Pack 3.
RP8: 9/5/2012 5:32:57 PM - Installed Windows XP KB942288-v3.
RP9: 9/5/2012 5:41:00 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP10: 9/5/2012 5:41:22 PM - Installed OpenOffice.org 3.4.1
RP11: 9/5/2012 10:07:05 PM - Software Distribution Service 3.0
RP12: 9/6/2012 10:14:19 AM - Software Distribution Service 3.0
RP13: 9/6/2012 11:05:22 AM - Installed Windows XP WgaNotify.
RP14: 9/6/2012 5:47:03 PM - Software Distribution Service 3.0
RP15: 9/7/2012 10:43:04 AM - Paint.NET v3.5.10
RP16: 9/7/2012 1:37:32 PM - Software Distribution Service 3.0
RP17: 9/7/2012 2:59:41 PM - Installed AVG PC TuneUp
RP18: 9/8/2012 10:05:53 AM - Software Distribution Service 3.0
RP19: 9/9/2012 12:32:23 PM - System Checkpoint
RP20: 9/10/2012 5:37:37 PM - System Checkpoint
RP21: 9/11/2012 11:23:25 AM - Installed Java 7 Update 7
RP22: 9/11/2012 5:10:16 PM - Removed AVG PC TuneUp
RP23: 9/11/2012 5:11:04 PM - Removed AVG PC TuneUp Language Pack (en-US)
RP24: 9/12/2012 11:39:03 PM - Software Distribution Service 3.0
RP25: 9/15/2012 11:13:16 PM - System Checkpoint
RP26: 9/17/2012 2:13:03 PM - System Checkpoint
RP27: 9/17/2012 10:04:58 PM - Installed iTunes
RP28: 9/19/2012 3:29:16 PM - System Checkpoint
RP29: 9/20/2012 5:05:32 PM - System Checkpoint
RP30: 9/22/2012 10:18:41 PM - System Checkpoint
RP31: 9/23/2012 1:00:19 PM - Software Distribution Service 3.0
RP32: 9/24/2012 1:39:36 PM - System Checkpoint
RP33: 9/25/2012 2:26:54 PM - System Checkpoint
RP34: 9/26/2012 2:48:14 PM - System Checkpoint
RP35: 9/28/2012 2:33:35 PM - System Checkpoint
RP36: 10/1/2012 10:35:40 AM - System Checkpoint
RP37: 10/2/2012 11:30:07 AM - System Checkpoint
RP38: 10/3/2012 3:23:05 PM - System Checkpoint
RP39: 10/4/2012 4:01:55 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
AVG 2012
BigPond Broadband ADSL
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 5.1
Canon MX370 series MP Drivers
Canon MX370 series On-screen Manual
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
EditPlus 3
HitmanPro 3.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
iTunes
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0.1 (x86 en-US)
NETGEAR WNA3100 wireless USB 2.0 adapter
OpenOffice.org 3.4.1
Paint.NET v3.5.10
PeerBlock 1.1 (r518)
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 5.10
Spell Checker For OE 2.1
Spybot - Search & Destroy
TP-LINK Client Installation Program
TP-LINK Wireless Client Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/4/2012 9:28:10 PM, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
10/3/2012 4:28:15 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/1/2012 5:23:20 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TECHNICOLOR that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C606F787-1E2B-4E. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

Thats not a aswMBR generated log. Maybe you just haven't run aswMBR yet?

HI Shelf Life. Sorry for the few days for responding. Not sure what happened to my last one but here is the log.


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 19:02:04
-----------------------------
19:02:04.140 OS Version: Windows 5.1.2600 Service Pack 3
19:02:04.140 Number of processors: 4 586 0x2A07
19:02:04.140 ComputerName: SF-4C02B3292122 UserName: Stephen
19:02:07.375 Initialize success
19:02:45.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:02:45.125 Disk 0 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
19:02:45.156 Disk 0 MBR read successfully
19:02:45.156 Disk 0 MBR scan
19:02:45.171 Disk 0 Windows XP default MBR code
19:02:45.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1907718 MB offset 63
19:02:45.203 Disk 0 scanning sectors +3907008000
19:02:45.281 Disk 0 scanning C:\WINDOWS\system32\drivers
19:02:50.718 Service scanning
19:02:56.671 Modules scanning
19:02:58.906 Disk 0 trace - called modules:
19:02:58.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:02:58.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acb6ab8]
19:02:59.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8acc6f18]
19:03:00.515 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad2d768]
19:03:00.593 Scan finished successfully
19:03:08.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stephen\Desktop\MBR.dat"
19:03:08.796 The log file has been saved successfully to "C:\Documents and Settings\Stephen\Desktop\aswMBR.txt"



Just further to that. I was briefly working on a site last night. My host just sent through the following just now. To clarify, it's a wp website. theme/plugins were/are up to date. Just want to include this info, in case it helps. ...I have also noticed strange mouse movement last night but ignored it.

. Folder "/home/foldername/public_html/wp-content/themes/theme/cache/images/"
has been locked with 000 permissions. You can unlock it by setting 755.


=========================================
abuse log:


-rw-r--r-- 1 name name 52389 Oct 10 06:01 3c8fca3a15908cdea398188fc00bdaa1.php
-rw-r--r-- 1 name name 323 Oct 10 06:01 ba32f48daa1553b18b6a0b1707eb18ed.php


(71) name, Scanning /home/name/public_html:
# ClamAV detected virus = [PHP.Hide]:
'/home/name/public_html/wp-content/themes/themename/cache/images/3c8fca3a15908cdea398188fc00bdaa1.php'

----------- SCAN SUMMARY -----------
Scanned directories: 168
Scanned files: 2279
Ignored items: 0
Suspicious matches: 2
Viruses found: 1
Fingerprint matches: 0
Data scanned: 72.07 MB
Scan time/item: 0.010 sec
Scan Time: 24.176 sec

Based on what we have used so far, your machine looks ok as far as I can tell. I cant say if those ClamAV results are actually anything to worry about or not, I assume your host provider sent them to you. Here are two links you can use to check your public page code:

link (http://siteinspector.comodo.com/online_scan)
link (http://www.unmaskparasites.com/?blog)

Thanks for your help, shelf life.

I've used the scanners before. My main concern is that somehow I have rat pro or similar installed. Weird how that site got a virus the sameday I was working on it. Likewise with a couple of other accounts.

Seriously has my confused. I read on sucuri there were other similar hacks done where attacker had logged into cpanel/whm without explanation of how they did it.

I'd love to know what the exploit is...

You've run AVG, Spybot, Malwarebytes, Tdsskiller, aswMBR and combofix. I dont think a trojan on your machine would escape one of those or at least provide some type of clues to us.
Have you been over your log files for your site, like ftp logs?
We can try another download for your machine:


Download the latest version of Kaspersky's Virus Removal Tool (http://www.kaspersky.com/virusscanner)

Click on the Kaspersky Virus Removal Tool button to download setup.exe to your desktop
double click and setup will install the tool, follow the prompts and click the Start Scanning button to begin the scan.

If malware is detected during the scan you will get a popup message to either:
Yes, perform disinfection (recommended) or
No, do not perform disinfection

If disinfection is not possible you will prompted to either:
delete the object (recommended) or
Skip it,performing no action.

If a disinfection or deletion is performed the utility will reboot your machine after the scan is done and will restart after the reboot. You can save a log report by clicking on the 'text looking' icon>Automatic Scan Report>Save

Make note of anything it asks you to remove.