malware: kbiwkm, uacbbr. unable to remove

**Blade81** · 2009-09-11, 23:58

Yes, please close those applications that are not needed to run (including browsers).

**Anders61** · 2009-09-12, 00:23

Combo-fix worked as documented.
report log is:

*********************
ComboFix 09-09-11.01 - Dave 09/11/2009 15:02.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.291 [GMT -7:00]
Running from: c:\documents and settings\Dave\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Dave\LOCALS~1\Temp\lsass.exe
c:\docume~1\Dave\LOCALS~1\Temp\svchost.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\windows\AUTOLNCH.REG
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\run.log
c:\windows\svchast.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\desot.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\kbiwkmubfdcdqp.sys
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\drivers\UACyvyjhniyyj.sys
c:\windows\system32\sonhelp.htm
c:\windows\system32\tajf83ikdmf.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmqowyrelt
-------\Legacy_UACd.sys
-------\Service_kbiwkmqowyrelt
-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 21:01 . 2009-09-11 21:01 -------- d-----w- c:\program files\trend micro
2009-09-11 21:01 . 2009-09-11 21:02 -------- d-----w- C:\rsit
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\documents and settings\Dave\Application Data\Auslogics
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\program files\Auslogics
2009-08-31 21:02 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-31 21:02 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-31 21:02 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\program files\Avira
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 19:09 . 2009-09-04 21:58 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-27 17:25 . 2009-08-27 17:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Uniblue
2009-08-26 19:47 . 2009-08-26 19:47 -------- d-----w- c:\windows\LastGood
2009-08-25 21:09 . 2009-08-25 21:09 -------- d-----w- c:\windows\LastGood.Tmp
2009-08-24 07:00 . 2009-08-24 07:00 -------- d-----w- c:\windows\ServicePackFiles
2009-08-24 06:46 . 2009-08-24 06:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-20 23:47 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-08-20 23:45 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 23:44 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 22:49 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 22:25 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-20 22:25 . 2009-08-20 22:25 -------- d-----w- c:\program files\AML Products
2009-08-20 22:25 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-19 23:17 . 2009-08-19 23:17 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2009-08-19 22:27 . 2009-08-19 22:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 20:17 . 2009-08-19 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 18:11 . 2005-08-05 07:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-09 00:33 . 2007-02-05 01:23 -------- d-----w- c:\documents and settings\Dave\Application Data\U3
2009-09-04 22:01 . 2007-03-05 21:30 -------- d-----w- c:\program files\HP
2009-08-31 23:36 . 2005-08-05 13:57 78040 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 19:30 . 2005-08-05 13:49 -------- d-----w- c:\program files\SolidWorks
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-28 17:49 . 2005-08-07 14:31 91917 ----a-w- c:\program files\SolidWorksswxJRNL.BAK
2009-08-25 21:15 . 2005-08-02 10:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 20:50 . 2006-07-22 02:54 -------- d-----w- c:\documents and settings\Dave\Application Data\BitTorrent
2009-08-05 09:11 . 2004-08-03 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 21:22 . 2005-08-05 08:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 04:53 . 2004-08-03 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-03 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-03 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2004-08-03 21:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-03 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-03 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-03 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-03 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-03 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-03 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-03 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-03 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-03 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-03 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-03 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-03 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-03 21:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 21:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 21:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 21:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 21:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 21:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-03 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 21:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe"="1&1 EasyLogin HIDE" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-10-27 863744]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"Adobe Reader Speed Launcher"="d:\program downloads\adobe 9\Reader\Reader_sl.exe" [2009-02-28 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-10 1634304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-8-5 49254]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576]
Picture Package Menu.lnk - d:\program downloads\Picture Package Menu\SonyTray.exe [2007-8-23 151552]
Picture Package VCD Maker.lnk - d:\program downloads\Picture Package Applications\Residence.exe [2007-8-23 106496]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-12-24 217088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"d:\\Movies\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

R3 GTIPCI21;GTIPCI21;c:\windows\SYSTEM32\DRIVERS\gtipci21.sys [12/31/1979 9:00 AM 80384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/31/2009 2:02 PM 108289]
S2 fpoojms;fpoojms;c:\windows\system32\drivers\cqfrkd.sys --> c:\windows\system32\drivers\cqfrkd.sys [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [8/16/2005 7:00 AM 26488]
.
Contents of the 'Scheduled Tasks' folder

2007-05-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-08-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\mine.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\mine.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\Reader\browser\nppdf32.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKLM-Run-net - c:\windows\system32\net.net

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 15:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(280)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2009-09-11 15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 22:14

Pre-Run: 583,081,984 bytes free
Post-Run: 435,761,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

233 --- E O F --- 2009-08-24 07:50

*********************

**Blade81** · 2009-09-12, 10:24

Good. Now please see if you are able to run DDS.

**Anders61** · 2009-09-12, 18:37

here is the attach file from DDS

****************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2005 8:32:06 PM
System Uptime: 9/12/2009 9:01:39 AM (0 hours ago)

Motherboard: Dell Inc. | | 0D4571
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 10 GiB total, 0.423 GiB free.
D: is FIXED (NTFS) - 46 GiB total, 2.805 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Service: w29n51

==== System Restore Points ===================

RP1: 9/11/2009 3:10:58 PM - System Checkpoint

==== Installed Programs ======================

1&1 EasyLogin
Adobe Acrobat 5.0
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1
AiO_Scan
ALPS Touch Pad Driver
AML Free Registry Cleaner 4.18
Ask Toolbar
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
BitTorrent
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Canon Digital Camera USB WIA Driver
Canon PhotoRecord
Canon Utilities ZoomBrowser EX
CDBurnerXP Pro 3
Conexant D110 MDC V.9x Modem
Digital Line Detect
DNA
eDrawings 2004
Enterprise
File Shredder 2.0
FLV Player 2.0, build 23
Hotfix for Windows XP (KB952287)
HP PSC & Officejet 4.2 Corporate Edition
ImageMixer VCD2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 6
Logitech MouseWare 9.79.1
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft FrontPage Client - English
Microsoft Office Live Meeting 2005
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.13)
Mozilla Thunderbird (2.0.0.22)
Mozilla Thunderbird (2.0.0.23)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
OMCI
PC Connectivity Solution
PeaZip 1.10
Picture Package
PowerDVD 5.1
QFolder
QuickSet
Rand Mc Nally Street Guide Bay Area Counties 2006
RealPlayer
RegCure 1.6.0.0
SBC Self Support Tool
SBC Yahoo! Applications
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shading Analyser
SolidWorks 2004 SP0
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SyncBack
TextPad 4.7
TWAIN Driver Uninstaller
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.5
Visual Studio.NET Baseline - English
WebFldrs XP
Windows Antivirus Pro
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Police Pro
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Wise Disk Cleaner 4.64
Xerox WC470cx Printer Driver

==== Event Viewer Messages From Past Week ========

9/8/2009 9:38:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/8/2009 9:34:41 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/8/2009 7:22:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
9/8/2009 6:48:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/8/2009 5:24:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
9/8/2009 5:23:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/8/2009 10:58:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/8/2009 10:57:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
9/8/2009 10:55:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV avgio avipbb Fips intelppm ssmdrv Tosrfcom
9/8/2009 10:53:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

****************************

**Anders61** · 2009-09-12, 19:36

thank you very much for your help, its a relief to have things coming back on line and see it develop...

second file DDS:

******************************

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Dave at 9:29:55.17 on Sat 09/12/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.186 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: Ask Toolbar Quick View: {b0de3308-5d5a-470d-81b9-634fc078393b} - c:\windows\system32\shdocvw.dll
uRun: [c:\program files\1&1\1&1 easylogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "d:\program downloads\adobe 9\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - d:\program downloads\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - d:\program downloads\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program downloads\spybot\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\mine.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\dave\application data\mozilla\firefox\profiles\mine.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\reader\browser\nppdf32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-31 11608]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [1979-12-31 80384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-31 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-31 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-20 55656]
S2 fpoojms;fpoojms;c:\windows\system32\drivers\cqfrkd.sys --> c:\windows\system32\drivers\cqfrkd.sys [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-8-16 26488]

=============== Created Last 30 ================

2009-09-11 15:02 <DIR> a-dshr-- C:\cmdcons
2009-09-11 15:00 230,912 a------- c:\windows\PEV.exe
2009-09-11 15:00 161,792 a------- c:\windows\SWREG.exe
2009-09-11 15:00 98,816 a------- c:\windows\sed.exe
2009-09-11 14:01 <DIR> --d----- c:\program files\trend micro
2009-09-04 14:59 102,032 -------- c:\windows\hpoins04.dat.temp
2009-09-04 14:59 17,218 -------- c:\windows\hpomdl04.dat.temp
2009-08-31 14:57 <DIR> --d----- c:\docume~1\dave\applic~1\Auslogics
2009-08-31 14:57 <DIR> --d----- c:\program files\Auslogics
2009-08-31 14:01 <DIR> --d----- c:\program files\Avira
2009-08-31 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-31 12:09 <DIR> --d----- c:\program files\Wise Disk Cleaner
2009-08-27 10:25 <DIR> --d----- c:\docume~1\dave\applic~1\Uniblue
2009-08-25 14:09 <DIR> --d----- c:\windows\LastGood.Tmp
2009-08-24 00:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-23 23:46 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-08-20 16:52 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-20 16:52 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-08-20 16:49 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-20 16:47 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-08-20 16:45 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 16:44 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-08-20 16:44 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 15:49 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 15:25 487,424 a------- c:\windows\system32\msvcp70.dll
2009-08-20 15:25 974,848 a------- c:\windows\system32\mfc70.dll
2009-08-20 15:25 <DIR> --d----- c:\program files\AML Products
2009-08-19 16:17 <DIR> --d----- c:\documents and settings\dave\DoctorWeb
2009-08-19 15:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 13:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations

==================== Find3M ====================

2009-08-28 10:49 91,917 a------- c:\program files\SolidWorksswxJRNL.BAK
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 01:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 01:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 01:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 04:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 04:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 04:34 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2008-01-22 09:44 560 a------- c:\docume~1\dave\applic~1\ViewerApp.dat

============= FINISH: 9:30:21.00 ===============

******************************

**Blade81** · 2009-09-13, 09:56

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
DNA

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:
Ask Toolbar
Macromedia Flash Player
Macromedia Shockwave Player

After that:

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

Code:

Driver::
fpoojms
File::
c:\windows\system32\drivers\cqfrkd.sys
Folder::
C:\Documents and Settings\Dave\Application Data\BitTorrent
D:\Program Downloads\bittorent
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into Combo-Fix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Get updates 9.1.2 and 9.1.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

**Anders61** · 2009-09-14, 19:27

Hi Blade
thank you again for the outstanding support !!! I greatly appreciate it.

I ran into an issue where I cannot drag and drop the CFScript.txt file to Combo-fix it doesnt launch...
is there another way to do this?

**Blade81** · 2009-09-14, 19:42

Hi,

Please delete Combo-Fix.exe and then download a fresh one from the same location you did earlier. Then try to drag'n'drop CFScript file to it.

**Anders61** · 2009-09-14, 19:53

I had a quick note: I had deleted most if not all of the files you noted earlier using the add/remove on the control panel.
but they were still registered in the registry as installed. I then removed them using regit but was never able to locate
DNA however bitorrent and ask toolbars were and deleted them from the registry that way... I ran dds again and saw everything was removed except the dds which I cannot find anywhere... is this a problem at this point?

**Anders61** · 2009-09-14, 20:03

... correction: DNA is still listed on the dds report log but I am not able to locate by means of using the:

"regedt32" run command and searching for it in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Do you believe this would this be a problem?

Thread: malware: kbiwkm, uacbbr. unable to remove

Thread Tools

Display

Tags for this Thread

Posting Permissions