Pop-Ups for Malware Defense and other Virus Warnings

**Tractor7** · 2009-12-20, 20:09

I've gotten my PC infected. I periodically get pop ups prompting me to buy/install "Malware Defense". The system tray has an erroneous Windows Security Alerts icon and it prompts a danger message every few minutes. This infections seems to have disable spybot search and destroy. I can't run it. Here's my log.

Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:33 AM, on 12/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\DOCUME~1\Michael\LOCALS~1\Temp\richtx64.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\Python26\pythonw.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\wscsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\Michael\LOCALS~1\Temp\richtx64.exe
O4 - Startup: eric4-tray.bat.lnk = C:\eric4-4.3.5\eric4-tray.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk.disabled
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/...ds/sysinfo.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9086 bytes

**Tractor7** · 2009-12-21, 01:38

I've found several web-sites that say that malware-bytes can remove this problem. I download the installer, but whenever I try to run nothing happens. The same thing happens if I try to start spy-bot search and destroy. I get an hour glass for a second or two then it goes away. I never get SBSD started.

I also found this page:
http://www.im-infected.com/rogue/malware-defense.html

And followed the instructions to remove the registry keys and files. I re-booted but the problem was still there. I installed SpyWare Doctor and rebooted again. SpyWare doctor claims to have removed viruses from the memory and the fake windows security alert icon on the system tray disappeared and I'm not getting the pop ups anymore. However, I still cannot run SpyBot Search and Destroy or install malware bytes etc. I can open IE and Mozilla though.

I uninstalled SBS&D and re-installed it but it still doesnt' work. I'm running avast scanner now in thorough mode and it has detected:

C:\WINDOWS\system32\drivers\H8SRTphwerfldba.sys

But it doesn't seem to be able to successfully remove it. I schedule a boot scan, but that doesn't help.

Since I've been muking around here's a new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:44 PM, on 12/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\Michael\LOCALS~1\Temp\richtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: eric4-tray.bat.lnk = C:\eric4-4.3.5\eric4-tray.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk.disabled
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/...ds/sysinfo.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10531 bytes

**Blade81** · 2009-12-25, 15:22

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

**Tractor7** · 2009-12-27, 18:14

Since my last post I re-ran some Avast checks and it removed some problems. Here are the logs requested.

DDS.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 8:47:03.83 on Sun 12/27/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.479 [GMT -8:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! antivirus 4.8.1368 [VPS 091227-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\Media Experience\PCM2.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\eric4-~1.lnk - c:\eric4-4.3.5\eric4-tray.bat
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Exif Launcher.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565}
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\5c1i358c.default\
FF - plugin: c:\documents and settings\michael\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-20 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-20 114768]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-20 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-20 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-20 112592]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-20 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-20 352920]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2005-3-2 90357]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-20 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-20 1141712]

=============== Created Last 30 ================

2009-12-25 16:39:23 0 d-----w- c:\docume~1\michael\applic~1\GARMIN
2009-12-25 16:38:45 0 d-----w- c:\program files\Garmin GPS Plugin
2009-12-25 16:31:24 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2009-12-25 16:31:24 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2009-12-25 16:31:22 0 d-----w- c:\program files\Garmin
2009-12-21 03:56:48 0 d-----w- c:\docume~1\michael\applic~1\Malwarebytes
2009-12-21 03:56:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 03:56:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-21 03:56:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 03:56:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-20 23:33:26 883 ----a-w- c:\windows\RegSDImport.xml
2009-12-20 23:33:26 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-20 23:33:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-20 23:33:26 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-20 23:33:26 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-20 23:33:26 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-20 23:33:26 131 ----a-w- c:\windows\IDB.zip
2009-12-20 23:33:26 1152444 ----a-w- c:\windows\UDB.zip
2009-12-20 23:30:14 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-20 23:30:14 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-20 23:30:09 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-20 23:30:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-20 23:30:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-20 23:30:09 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-20 23:30:04 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-20 23:30:04 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-20 23:29:56 0 d-----w- c:\program files\common files\PC Tools
2009-12-20 23:29:56 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-20 18:50:36 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-20 18:30:50 668 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-20 18:29:37 202 ----a-w- c:\windows\system32\srcr.dat
2009-12-16 04:16:24 0 ----a-w- c:\windows\PROTOCOL.INI
2009-12-16 04:16:15 906784 ----a-w- c:\windows\system32\owl52f.dll
2009-12-16 04:16:15 82976 ----a-w- c:\windows\system32\bds52f.dll
2009-12-16 04:16:15 65536 ----a-w- c:\windows\system32\EZTW32.DLL
2009-12-16 04:16:15 532480 ----a-w- c:\windows\system32\SS32D25.DLL
2009-12-16 04:16:15 385024 ----a-w- c:\windows\system32\UTILib36.dll
2009-12-16 04:16:15 303104 ----a-w- c:\windows\system32\CW3230.DLL
2009-12-16 04:16:14 914944 ----a-w- c:\windows\system32\LEAD51N.DLL
2009-12-16 04:16:14 0 d-----w- c:\program files\UTHSCSA
2009-12-16 04:15:56 299008 ----a-w- c:\windows\uninst.exe
2009-12-10 18:49:17 0 d-----w- c:\program files\GB Research
2009-12-05 00:24:20 3932214 ----a-w- c:\windows\wallpaper.bmp
2009-12-04 21:55:16 69120 ------w- c:\windows\system32\wlanapi.dll
2009-12-04 21:54:54 50688 ------w- c:\windows\system32\tspkg.dll
2009-12-04 21:54:53 53248 ------w- c:\windows\system32\tsgqec.dll
2009-12-04 21:54:22 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-12-04 21:54:21 32768 ------w- c:\windows\system32\setupn.exe
2009-12-04 21:54:14 290304 ------w- c:\windows\system32\rhttpaa.dll
2009-12-04 21:54:11 61952 ------w- c:\windows\system32\rasqec.dll
2009-12-04 21:54:09 76800 ------w- c:\windows\system32\qutil.dll
2009-12-04 21:54:07 62464 ------w- c:\windows\system32\qcliprov.dll
2009-12-04 21:54:06 291328 ------w- c:\windows\system32\qagentrt.dll
2009-12-04 21:54:06 150528 ------w- c:\windows\system32\qagent.dll
2009-12-04 21:52:47 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-12-04 21:51:59 136192 ------w- c:\windows\system32\aaclient.dll
2009-12-04 21:46:07 186500 ----a-w- c:\windows\system32\nvapps.xml
2009-12-04 21:46:05 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-04 21:46:05 18070 ----a-w- c:\windows\system32\nvdisp.nvu
2009-12-04 21:46:05 0 d-----w- c:\windows\nview
2009-12-04 21:40:12 0 d-----w- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

============= FINISH: 8:48:52.36 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2004 7:59:13 PM
System Uptime: 12/21/2009 8:12:01 PM (132 hours ago)

Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 17.829 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1569: 9/28/2009 7:15:30 PM - Software Distribution Service 3.0
RP1570: 9/29/2009 8:22:53 PM - System Checkpoint
RP1571: 9/29/2009 9:06:09 PM - Software Distribution Service 3.0
RP1572: 10/1/2009 10:53:13 AM - System Checkpoint
RP1573: 10/2/2009 7:39:40 PM - System Checkpoint
RP1574: 10/4/2009 9:53:02 AM - System Checkpoint
RP1575: 10/10/2009 9:01:38 AM - System Checkpoint
RP1576: 10/14/2009 5:22:07 PM - System Checkpoint
RP1577: 10/16/2009 2:35:51 PM - System Checkpoint
RP1578: 10/16/2009 9:57:14 PM - Software Distribution Service 3.0
RP1579: 10/17/2009 9:14:24 PM - Software Distribution Service 3.0
RP1580: 10/18/2009 12:00:50 PM - Software Distribution Service 3.0
RP1581: 10/19/2009 4:00:10 PM - System Checkpoint
RP1582: 10/20/2009 9:45:21 PM - System Checkpoint
RP1583: 10/20/2009 9:56:49 PM - Software Distribution Service 3.0
RP1584: 10/21/2009 9:39:01 PM - Software Distribution Service 3.0
RP1585: 10/22/2009 9:17:26 PM - Software Distribution Service 3.0
RP1586: 10/25/2009 2:16:20 PM - System Checkpoint
RP1587: 11/1/2009 7:36:53 PM - System Checkpoint
RP1588: 11/3/2009 11:03:50 AM - System Checkpoint
RP1589: 11/4/2009 5:05:54 PM - System Checkpoint
RP1590: 11/4/2009 5:31:40 PM - Software Distribution Service 3.0
RP1591: 11/7/2009 3:35:29 PM - System Checkpoint
RP1592: 11/8/2009 7:37:18 PM - System Checkpoint
RP1593: 11/11/2009 4:28:51 PM - System Checkpoint
RP1594: 11/11/2009 4:57:28 PM - Software Distribution Service 3.0
RP1595: 11/18/2009 9:21:28 AM - System Checkpoint
RP1596: 11/21/2009 9:59:06 AM - System Checkpoint
RP1597: 11/22/2009 10:45:24 AM - System Checkpoint
RP1598: 11/23/2009 9:17:27 PM - System Checkpoint
RP1599: 11/27/2009 12:52:54 PM - System Checkpoint
RP1600: 11/27/2009 3:38:40 PM - Software Distribution Service 3.0
RP1601: 11/30/2009 1:58:39 PM - System Checkpoint
RP1602: 12/1/2009 8:53:32 PM - Installed QuickTime
RP1603: 12/4/2009 11:41:39 AM - Removed QuickTime
RP1604: 12/4/2009 12:04:11 PM - Installed ClearType Tuning Control Panel Applet
RP1605: 12/4/2009 1:33:33 PM - Removed HP Software Update
RP1606: 12/4/2009 2:12:16 PM - Software Distribution Service 3.0
RP1607: 12/4/2009 5:06:06 PM - Installed QuickTime
RP1608: 12/7/2009 10:08:29 AM - Software Distribution Service 3.0
RP1609: 12/7/2009 8:36:43 PM - Software Distribution Service 3.0
RP1610: 12/7/2009 9:41:36 PM - Software Distribution Service 3.0
RP1611: 12/8/2009 9:01:06 AM - Software Distribution Service 3.0
RP1612: 12/10/2009 10:49:16 AM - Installed BinViewer 2.0 Personal
RP1613: 12/10/2009 7:08:02 PM - Software Distribution Service 3.0
RP1614: 12/13/2009 7:48:13 AM - System Checkpoint
RP1615: 12/14/2009 7:49:52 AM - System Checkpoint
RP1616: 12/18/2009 12:32:54 PM - System Checkpoint
RP1617: 12/19/2009 8:53:26 PM - System Checkpoint
RP1618: 12/20/2009 9:38:18 PM - System Checkpoint
RP1619: 12/21/2009 10:18:18 PM - System Checkpoint
RP1620: 12/22/2009 11:18:15 PM - System Checkpoint
RP1621: 12/24/2009 12:18:17 AM - System Checkpoint
RP1622: 12/25/2009 1:18:15 AM - System Checkpoint
RP1623: 12/26/2009 2:18:14 AM - System Checkpoint
RP1624: 12/27/2009 3:18:07 AM - System Checkpoint

==== Installed Programs ======================

Ad-Aware
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Amazon MP3 Downloader 1.0.5
American Greetings CreataCard
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Software Update
avast! Antivirus
Banctec Service Agreement
Bazooka Spyware Scanner
BCM V.92 56K Modem
BinViewer 2.0 Personal
Browser Defender 2.0.6.11
Canon Digital Camera USB WIA Driver
Canon iP6700D
Canon iP6700D Memory Card Utility
Canon iP6700D User Registration
Canon My Printer
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Cerberus FTP Server
Chessmaster 5500 1.2.0
Classic PhoneTools
ClearType Tuning Control Panel Applet
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Pro Driver (1.00.06.0512)
Creative WebCam NX Pro Manual (English)
Critical Update for Windows Media Player 11 (KB959772)
Curl RTE 6.0.0
DD Tournament Poker 1.1
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support Center (Support Software)
DVDSentry
Easy-WebPrint
Empire Earth
ERUNT 1.1j
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Full Tilt Poker
GamersGate Downloader
Garmin Communicator Plugin
Garmin USB Drivers
Google Earth
Hallmark Smilebox
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Unload DLL Patch
ImageMixer VCD for FinePix
ImageTool
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 4
Kaspersky Online Scanner
King's Quest 1 VGA
King's Quest 1 VGA Music Pack
King's Quest 1 VGA Speech Pack
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Web Publishing Wizard 1.52
MicroStaff WINASPI NT
MinGW 3.4.2
Modem Helper
Mozilla Firefox (3.0.10)
MSN Gaming Zone
MSN Music Assistant
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
NVIDIA Drivers
PokerStove version 1.23
PowerDVD
PyQt GPL v4.5.2 for Python v2.6
Python 2.6.2
Qt OpenSource 4.5.2
QuickTime
RAW FILE CONVERTER LE
RealOne Player
Rhapsody
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
Sid Meier's Civilization 4
Sid Meier's Railroad Tycoon
SimCity 4 Deluxe
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spybot - Search & Destroy
Spyware Doctor 7.0
SpywareBlaster 4.1
System Requirements Lab
TurboTax ItsDeductible 2006
TurboTax Premier 2007
TurboTax Premier Investments 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Victoria
WebFldrs XP
WexTech AnswerWorks
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xfire (remove only)
Yahoo! BrowserPlus
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool

==== Event Viewer Messages From Past Week ========

12/21/2009 8:11:55 AM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
12/21/2009 8:11:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
12/21/2009 8:11:34 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/21/2009 12:33:22 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
12/20/2009 4:11:24 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/20/2009 3:54:05 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/20/2009 3:29:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/20/2009 2:56:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/20/2009 2:54:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
12/20/2009 2:54:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2009 2:54:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2009 2:54:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2009 2:54:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2009 2:28:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/20/2009 2:27:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP Fips intelppm
12/20/2009 2:27:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/20/2009 1:58:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/20/2009 1:58:54 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2009 1:55:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! iAVS4 Control Service service to connect.
12/20/2009 1:55:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
12/20/2009 1:55:36 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
12/20/2009 1:55:36 PM, error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2009 1:55:36 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

I tried running GMER and I got a blue screen of death. I'll try again.

**Tractor7** · 2009-12-27, 18:31

A 2nd attempt at GMER doesn't appear to be going well either. It was running a now all I see if my desktop picture and the system seems to be unresponsive... any other suggestions?

**Blade81** · 2009-12-27, 18:37

Let's skip GMER scan for now.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**Tractor7** · 2009-12-31, 00:44

Sorry for the delay, I had Christmas company. I've prepared my system to run combo fix by disabling the SBSD tea timer and by turning off Avast as described in the guide, but combo fix says that avast is still running. Should I proceed to run combo fix anyhow?

**Tractor7** · 2009-12-31, 02:03

Ok, I was able to disable Avast by turning off its self defense mode. When I started combo fix it didn't detect Avast. However just after Completed Stage 34 I received an error dialog:

PEV.exe Application Error The instruction at some memory location could not be read (not and exact quote).

Combo fix appeared to continue to run showing Completed Stage 50. It deleted some files and then report Deleting Folder C:\WINDOWS\system32\data

CF is now reporting that it will re-boot my system (no mention of this in the guide, so I mention it now....). It successfully rebooted. I selected my user at the XP login screen. CF resumes and reports that it is preparing a log report. Avast and other programs run automatically at startup. Logs to follow.

**Tractor7** · 2009-12-31, 02:06

ComboFix 09-12-29.06 - Michael 12/30/2009 16:40:11.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.536 [GMT -8:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\Data
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\open.ico
c:\windows\system32\reboot.txt
c:\windows\system32\srcr.dat
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-30 17:32 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-25 16:39 . 2009-12-25 16:39 -------- d-----w- c:\documents and settings\Michael\Application Data\GARMIN
2009-12-25 16:38 . 2009-12-25 16:38 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-12-25 16:31 . 2009-12-25 16:31 -------- d-----w- c:\program files\DIFX
2009-12-25 16:31 . 2009-04-17 23:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2009-12-25 16:31 . 2009-04-17 23:48 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2009-12-25 16:31 . 2009-12-25 16:31 -------- d-----w- c:\program files\Garmin
2009-12-21 03:56 . 2009-12-21 03:56 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2009-12-21 03:56 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 03:56 . 2009-12-21 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-21 03:56 . 2009-12-21 03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 03:56 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 23:49 . 2009-12-20 23:49 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Threat Expert
2009-12-20 23:33 . 2009-11-10 18:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-20 23:33 . 2009-11-10 18:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-20 23:33 . 2009-11-10 18:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-20 23:33 . 2009-11-10 18:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-20 23:33 . 2009-10-28 09:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-20 23:33 . 2008-11-26 20:08 131 ----a-w- c:\windows\IDB.zip
2009-12-20 23:30 . 2009-10-30 19:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-20 23:30 . 2009-11-09 19:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-20 23:30 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-20 23:30 . 2009-09-03 17:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-20 23:29 . 2009-12-20 23:29 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-20 23:29 . 2009-12-20 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-20 23:29 . 2009-12-20 23:29 -------- d-----w- c:\documents and settings\Administrator.ZOOMER\Application Data\PC Tools
2009-12-20 23:12 . 2009-12-20 23:12 -------- d-----w- c:\documents and settings\Administrator.ZOOMER\Local Settings\Application Data\Adobe
2009-12-20 20:00 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-20 20:00 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-20 20:00 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-20 20:00 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-20 20:00 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-20 20:00 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-20 20:00 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-20 20:00 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-20 19:59 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-20 19:59 . 2009-12-20 19:59 -------- d-----w- c:\program files\Alwil Software
2009-12-20 19:02 . 2009-12-20 19:02 -------- d-----w- c:\program files\ERUNT
2009-12-20 18:50 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-16 04:16 . 2001-04-11 19:01 385024 ----a-w- c:\windows\system32\UTILib36.dll
2009-12-16 04:16 . 1998-09-15 04:43 65536 ----a-w- c:\windows\system32\EZTW32.DLL
2009-12-16 04:16 . 1997-03-25 13:02 906784 ----a-w- c:\windows\system32\owl52f.dll
2009-12-16 04:16 . 1997-03-25 13:02 82976 ----a-w- c:\windows\system32\bds52f.dll
2009-12-16 04:16 . 1997-03-25 13:02 303104 ----a-w- c:\windows\system32\CW3230.DLL
2009-12-16 04:16 . 1996-02-21 00:26 532480 ----a-w- c:\windows\system32\SS32D25.DLL
2009-12-16 04:16 . 2009-12-16 04:16 -------- d-----w- c:\program files\UTHSCSA
2009-12-16 04:16 . 1995-05-25 08:00 914944 ----a-w- c:\windows\system32\LEAD51N.DLL
2009-12-16 04:15 . 1996-11-06 00:13 299008 ----a-w- c:\windows\uninst.exe
2009-12-10 18:49 . 2009-12-10 18:49 -------- d-----w- c:\program files\GB Research
2009-12-07 18:27 . 2009-12-07 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-12-05 01:06 . 2009-12-05 01:06 -------- d-----w- c:\program files\QuickTime
2009-12-04 23:14 . 2009-12-04 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-04 21:55 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-12-04 21:54 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-12-04 21:54 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2009-12-04 21:54 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-12-04 21:54 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-12-04 21:54 . 2008-04-14 00:12 290304 ------w- c:\windows\system32\rhttpaa.dll
2009-12-04 21:54 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-12-04 21:54 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-12-04 21:54 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-12-04 21:54 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-12-04 21:54 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-12-04 21:53 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-12-04 21:53 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-12-04 21:53 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-12-04 21:53 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-12-04 21:53 . 2009-07-31 18:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2009-12-04 21:53 . 2008-04-13 17:27 79872 ------w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-04 21:53 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-12-04 21:53 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-12-04 21:53 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-12-04 21:53 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-12-04 21:53 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-12-04 21:53 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-12-04 21:51 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2009-12-04 21:46 . 2009-12-04 21:46 -------- d-----w- c:\windows\nview
2009-12-04 21:46 . 2008-05-16 22:01 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-04 21:40 . 2009-12-04 21:40 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-04 04:09 . 2009-12-04 04:09 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Yahoo!
2009-12-02 04:52 . 2009-12-02 04:52 -------- d-----w- c:\program files\Common Files\Apple
2009-12-02 04:52 . 2009-12-02 04:52 -------- d-----w- c:\program files\Apple Software Update
2009-12-02 04:52 . 2009-12-02 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-01 03:56 . 2009-12-01 03:56 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\PhotoChannel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 00:51 . 2008-02-14 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-21 03:55 . 2004-05-21 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-21 03:17 . 2004-05-21 03:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 00:09 . 2005-12-05 21:21 -------- d-----w- c:\program files\Spyware Doctor
2009-12-08 04:57 . 2002-09-03 14:58 79699 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-05 00:56 . 2007-12-01 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-04 21:33 . 2009-04-17 20:26 -------- d-----w- c:\program files\HP
2009-12-04 20:08 . 2004-03-05 04:59 54256 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 19:45 . 2007-12-01 21:23 -------- d-----w- c:\documents and settings\Michael\Application Data\Apple Computer
2009-11-23 03:18 . 2009-11-23 03:18 -------- d-----w- c:\program files\Mindscape
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-02-07 01:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-09-29 02:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2009-10-22 03:55 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2002-08-29 11:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-08-29 11:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-08-29 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-02-24 184320]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\Michael\Start Menu\Programs\Startup\
eric4-tray.bat.lnk - c:\eric4-4.3.5\eric4-tray.bat [2009-7-14 103]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2007-2-20 1757]
Exif Launcher.lnk.disabled [2004-4-18 551]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe"
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UpdReg"=c:\windows\UpdReg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\MSN Gaming Zone\\zclient.exe"=
"c:\\Program Files\\Cerberus\\Cerberus.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\WINDOWS\\SYSTEM32\\dxdiag.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paradox Entertainment\\Victoria\\Victoria.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/20/2009 3:30 PM 207792]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [12/20/2009 12:00 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [12/20/2009 12:00 PM 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/20/2009 3:33 PM 112592]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\SYSTEM32\DRIVERS\P1130Vid.sys [3/2/2005 6:30 PM 90357]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/20/2009 3:29 PM 359624]
.
Contents of the 'Scheduled Tasks' folder

2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2004-03-06 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]

2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{9D7F3E47-CC6B-4F98-BBC6-29CD92523B38}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\5c1i358c.default\
FF - plugin: c:\documents and settings\Michael\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1 - c:\windows\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 16:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\RunDLL32.exe
c:\python26\pythonw.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-12-30 17:01:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 01:01

Pre-Run: 13,055,557,632 bytes free
Post-Run: 13,047,484,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 2B067DEADC470D3B284A687137E58C5D

**Tractor7** · 2009-12-31, 02:10

DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 17:08:33.68 on Wed 12/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.503 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\Python26\pythonw.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\eric4-~1.lnk - c:\eric4-4.3.5\eric4-tray.bat
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Exif Launcher.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\5c1i358c.default\
FF - plugin: c:\documents and settings\michael\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-20 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-20 114768]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-20 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-20 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-20 112592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-20 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-20 352920]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2005-3-2 90357]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-20 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-20 1141712]

=============== Created Last 30 ================

2009-12-31 00:35:41 0 d-sha-r- C:\cmdcons
2009-12-31 00:32:45 98816 ----a-w- c:\windows\sed.exe
2009-12-31 00:32:45 77312 ----a-w- c:\windows\MBR.exe
2009-12-31 00:32:45 261632 ----a-w- c:\windows\PEV.exe
2009-12-31 00:32:45 161792 ----a-w- c:\windows\SWREG.exe
2009-12-30 17:32:14 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-25 16:39:23 0 d-----w- c:\docume~1\michael\applic~1\GARMIN
2009-12-25 16:38:45 0 d-----w- c:\program files\Garmin GPS Plugin
2009-12-25 16:31:24 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2009-12-25 16:31:24 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2009-12-25 16:31:22 0 d-----w- c:\program files\Garmin
2009-12-21 03:56:48 0 d-----w- c:\docume~1\michael\applic~1\Malwarebytes
2009-12-21 03:56:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 03:56:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-21 03:56:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 03:56:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-20 23:33:26 883 ----a-w- c:\windows\RegSDImport.xml
2009-12-20 23:33:26 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-20 23:33:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-20 23:33:26 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-20 23:33:26 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-20 23:33:26 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-20 23:33:26 131 ----a-w- c:\windows\IDB.zip
2009-12-20 23:33:26 1152444 ----a-w- c:\windows\UDB.zip
2009-12-20 23:30:14 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-20 23:30:14 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-20 23:30:09 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-20 23:30:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-20 23:30:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-20 23:30:09 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-20 23:30:04 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-20 23:30:04 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-20 23:29:56 0 d-----w- c:\program files\common files\PC Tools
2009-12-20 23:29:56 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-20 18:50:36 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-16 04:16:24 0 ----a-w- c:\windows\PROTOCOL.INI
2009-12-16 04:16:15 906784 ----a-w- c:\windows\system32\owl52f.dll
2009-12-16 04:16:15 82976 ----a-w- c:\windows\system32\bds52f.dll
2009-12-16 04:16:15 65536 ----a-w- c:\windows\system32\EZTW32.DLL
2009-12-16 04:16:15 532480 ----a-w- c:\windows\system32\SS32D25.DLL
2009-12-16 04:16:15 385024 ----a-w- c:\windows\system32\UTILib36.dll
2009-12-16 04:16:15 303104 ----a-w- c:\windows\system32\CW3230.DLL
2009-12-16 04:16:14 914944 ----a-w- c:\windows\system32\LEAD51N.DLL
2009-12-16 04:16:14 0 d-----w- c:\program files\UTHSCSA
2009-12-16 04:15:56 299008 ----a-w- c:\windows\uninst.exe
2009-12-10 18:49:17 0 d-----w- c:\program files\GB Research
2009-12-05 00:24:20 3932214 ----a-w- c:\windows\wallpaper.bmp
2009-12-04 21:55:16 69120 ------w- c:\windows\system32\wlanapi.dll
2009-12-04 21:54:54 50688 ------w- c:\windows\system32\tspkg.dll
2009-12-04 21:54:53 53248 ------w- c:\windows\system32\tsgqec.dll
2009-12-04 21:54:22 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-12-04 21:54:21 32768 ------w- c:\windows\system32\setupn.exe
2009-12-04 21:54:14 290304 ------w- c:\windows\system32\rhttpaa.dll
2009-12-04 21:54:11 61952 ------w- c:\windows\system32\rasqec.dll
2009-12-04 21:54:09 76800 ------w- c:\windows\system32\qutil.dll
2009-12-04 21:54:07 62464 ------w- c:\windows\system32\qcliprov.dll
2009-12-04 21:54:06 291328 ------w- c:\windows\system32\qagentrt.dll
2009-12-04 21:54:06 150528 ------w- c:\windows\system32\qagent.dll
2009-12-04 21:52:47 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-12-04 21:51:59 136192 ------w- c:\windows\system32\aaclient.dll
2009-12-04 21:46:07 186500 ----a-w- c:\windows\system32\nvapps.xml
2009-12-04 21:46:05 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-04 21:46:05 18070 ----a-w- c:\windows\system32\nvdisp.nvu
2009-12-04 21:46:05 0 d-----w- c:\windows\nview
2009-12-04 21:40:12 0 d-----w- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

============= FINISH: 17:09:04.12 ===============

ATTACH.txt::

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2004 7:59:13 PM
System Uptime: 12/30/2009 4:49:14 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 12.182 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1573: 10/2/2009 7:39:40 PM - System Checkpoint
RP1574: 10/4/2009 9:53:02 AM - System Checkpoint
RP1575: 10/10/2009 9:01:38 AM - System Checkpoint
RP1576: 10/14/2009 5:22:07 PM - System Checkpoint
RP1577: 10/16/2009 2:35:51 PM - System Checkpoint
RP1578: 10/16/2009 9:57:14 PM - Software Distribution Service 3.0
RP1579: 10/17/2009 9:14:24 PM - Software Distribution Service 3.0
RP1580: 10/18/2009 12:00:50 PM - Software Distribution Service 3.0
RP1581: 10/19/2009 4:00:10 PM - System Checkpoint
RP1582: 10/20/2009 9:45:21 PM - System Checkpoint
RP1583: 10/20/2009 9:56:49 PM - Software Distribution Service 3.0
RP1584: 10/21/2009 9:39:01 PM - Software Distribution Service 3.0
RP1585: 10/22/2009 9:17:26 PM - Software Distribution Service 3.0
RP1586: 10/25/2009 2:16:20 PM - System Checkpoint
RP1587: 11/1/2009 7:36:53 PM - System Checkpoint
RP1588: 11/3/2009 11:03:50 AM - System Checkpoint
RP1589: 11/4/2009 5:05:54 PM - System Checkpoint
RP1590: 11/4/2009 5:31:40 PM - Software Distribution Service 3.0
RP1591: 11/7/2009 3:35:29 PM - System Checkpoint
RP1592: 11/8/2009 7:37:18 PM - System Checkpoint
RP1593: 11/11/2009 4:28:51 PM - System Checkpoint
RP1594: 11/11/2009 4:57:28 PM - Software Distribution Service 3.0
RP1595: 11/18/2009 9:21:28 AM - System Checkpoint
RP1596: 11/21/2009 9:59:06 AM - System Checkpoint
RP1597: 11/22/2009 10:45:24 AM - System Checkpoint
RP1598: 11/23/2009 9:17:27 PM - System Checkpoint
RP1599: 11/27/2009 12:52:54 PM - System Checkpoint
RP1600: 11/27/2009 3:38:40 PM - Software Distribution Service 3.0
RP1601: 11/30/2009 1:58:39 PM - System Checkpoint
RP1602: 12/1/2009 8:53:32 PM - Installed QuickTime
RP1603: 12/4/2009 11:41:39 AM - Removed QuickTime
RP1604: 12/4/2009 12:04:11 PM - Installed ClearType Tuning Control Panel Applet
RP1605: 12/4/2009 1:33:33 PM - Removed HP Software Update
RP1606: 12/4/2009 2:12:16 PM - Software Distribution Service 3.0
RP1607: 12/4/2009 5:06:06 PM - Installed QuickTime
RP1608: 12/7/2009 10:08:29 AM - Software Distribution Service 3.0
RP1609: 12/7/2009 8:36:43 PM - Software Distribution Service 3.0
RP1610: 12/7/2009 9:41:36 PM - Software Distribution Service 3.0
RP1611: 12/8/2009 9:01:06 AM - Software Distribution Service 3.0
RP1612: 12/10/2009 10:49:16 AM - Installed BinViewer 2.0 Personal
RP1613: 12/10/2009 7:08:02 PM - Software Distribution Service 3.0
RP1614: 12/13/2009 7:48:13 AM - System Checkpoint
RP1615: 12/14/2009 7:49:52 AM - System Checkpoint
RP1616: 12/18/2009 12:32:54 PM - System Checkpoint
RP1617: 12/19/2009 8:53:26 PM - System Checkpoint
RP1618: 12/20/2009 9:38:18 PM - System Checkpoint
RP1619: 12/21/2009 10:18:18 PM - System Checkpoint
RP1620: 12/22/2009 11:18:15 PM - System Checkpoint
RP1621: 12/24/2009 12:18:17 AM - System Checkpoint
RP1622: 12/25/2009 1:18:15 AM - System Checkpoint
RP1623: 12/26/2009 2:18:14 AM - System Checkpoint
RP1624: 12/27/2009 3:18:07 AM - System Checkpoint
RP1625: 12/28/2009 4:04:29 AM - System Checkpoint
RP1626: 12/29/2009 5:04:23 AM - System Checkpoint
RP1627: 12/30/2009 8:54:11 AM - System Checkpoint
RP1628: 12/30/2009 9:30:16 AM - Software Distribution Service 3.0
RP1629: 12/30/2009 9:32:25 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Amazon MP3 Downloader 1.0.5
American Greetings CreataCard
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Software Update
avast! Antivirus
Banctec Service Agreement
Bazooka Spyware Scanner
BCM V.92 56K Modem
BinViewer 2.0 Personal
Browser Defender 2.0.6.11
Canon Digital Camera USB WIA Driver
Canon iP6700D
Canon iP6700D Memory Card Utility
Canon iP6700D User Registration
Canon My Printer
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Cerberus FTP Server
Chessmaster 5500 1.2.0
Classic PhoneTools
ClearType Tuning Control Panel Applet
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Pro Driver (1.00.06.0512)
Creative WebCam NX Pro Manual (English)
Critical Update for Windows Media Player 11 (KB959772)
Curl RTE 6.0.0
DD Tournament Poker 1.1
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support Center (Support Software)
DVDSentry
Easy-WebPrint
Empire Earth
ERUNT 1.1j
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Full Tilt Poker
GamersGate Downloader
Garmin Communicator Plugin
Garmin USB Drivers
Google Earth
Hallmark Smilebox
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Unload DLL Patch
ImageMixer VCD for FinePix
ImageTool
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 4
Kaspersky Online Scanner
King's Quest 1 VGA
King's Quest 1 VGA Music Pack
King's Quest 1 VGA Speech Pack
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Web Publishing Wizard 1.52
MicroStaff WINASPI NT
MinGW 3.4.2
Modem Helper
Mozilla Firefox (3.0.10)
MSN Gaming Zone
MSN Music Assistant
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
NVIDIA Drivers
PokerStove version 1.23
PowerDVD
PyQt GPL v4.5.2 for Python v2.6
Python 2.6.2
Qt OpenSource 4.5.2
QuickTime
RAW FILE CONVERTER LE
RealOne Player
Rhapsody
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
Sid Meier's Civilization 4
Sid Meier's Railroad Tycoon
SimCity 4 Deluxe
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spybot - Search & Destroy
Spyware Doctor 7.0
SpywareBlaster 4.1
System Requirements Lab
TurboTax ItsDeductible 2006
TurboTax Premier 2007
TurboTax Premier Investments 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Victoria
WebFldrs XP
WexTech AnswerWorks
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xfire (remove only)
Yahoo! BrowserPlus
Yahoo! Photos Easy Upload Tool

==== Event Viewer Messages From Past Week ========

12/30/2009 8:28:26 AM, error: System Error [1003] - Error code 0000004e, parameter1 00000007, parameter2 00005a0b, parameter3 00000002, parameter4 00000000.
12/27/2009 5:26:32 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
12/27/2009 11:01:53 AM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
12/27/2009 11:01:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
12/27/2009 11:01:33 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2009 11:00:58 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Thread: Pop-Ups for Malware Defense and other Virus Warnings

Thread Tools

Display

Pop-Ups for Malware Defense and other Virus Warnings

Still infected...

Can't run GMER

ComboFix Log

New DDS.txt & Attach.txt

Posting Permissions