Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Hijack this log, Right Media Prob

  1. #1
    Member
    Join Date
    May 2010
    Posts
    95

    Default Hijack this log, Right Media Prob

    I have read the forum 'Read before you post'

    I first had a ave.exe bug, I used spybot to get rid of it, however spybot can't seem to get rid of 'Right Media 32'

    I have read the posts regarding how to get rid of Right Media. I disabled the tea timer in spybot, restarted pc and run Hijackthis. I've got a big log but I'm not sure which one's I'm supposed to fix?

    I've tried registry mechanic but the problem just comes back each time I connect to the net. If I search for anything on google and I try to click on the link via google a totally different website appears (usually some website that wants my money). My log from Hijack this is below. All help appreciated. In addition my hard wired internet connection stops for 10 seconds then re-connects, not sure if this bug has anything to do with this? never had this problem prior to this bug

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:12:44, on 09/05/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\PROGRA~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trigold\Update\TRUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Documents and Settings\Admin\Desktop\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bbc.co.uk/news
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
    R3 - URLSearchHook: W1zardm0ds.co.uk Toolbar - {813cf69b-bebf-423d-9936-eb451ffab26f} - C:\Program Files\W1zardm0ds.co.uk\tbW1z1.dll
    O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: W1zardm0ds.co.uk Toolbar - {813cf69b-bebf-423d-9936-eb451ffab26f} - C:\Program Files\W1zardm0ds.co.uk\tbW1z1.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
    O3 - Toolbar: W1zardm0ds.co.uk Toolbar - {813cf69b-bebf-423d-9936-eb451ffab26f} - C:\Program Files\W1zardm0ds.co.uk\tbW1z1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} (AesDecryptor Class) - http://downloads.privatepost.com/fil...ppZDHelper.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
    O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.landlorddirect.com/js/ImageUploader6.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btc.webex.com/client/T25LSP4...ex/ieatgpc.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: TrigoldCrystal Update Service (TRUService) - Trigold - C:\Program Files\Trigold\Update\TRUService.exe

    --
    End of file - 10243 bytes

  2. #2
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Hello and welcome to Safer Networking.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


    Step # 1 Download and run DDS

    Download DDS and save it to your desktop from here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.



    Step # 2: Download and Run Gmer

    Please download gmer.zip from Gmer and save it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.


    In your next post/reply, I need to see the following:

    1. The two DDS Logs (DDS and Attach.txt)
    2. The GMER Log

    Use multiple posts if you can't fit everything into one post.
    Malware Removal University Master
    Member of ASAP & UNITE

  3. #3
    Member
    Join Date
    May 2010
    Posts
    95

    Default Dds, attach & gmer

    As requested, DDS, ATTACH & GMER LOGS

    DDS


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Admin at 18:24:46.75 on 12/05/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1036 [GMT 1:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\PROGRA~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Trigold\Update\TRUService.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Admin\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://bbc.co.uk/news
    uURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
    uURLSearchHooks: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
    BHO: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
    {02478d38-c3f9-4efb-9b51-7695eca05670}
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
    BHO: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
    TB: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~2\data\xtras\MSSYSMGR.EXE
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [WinSys2] c:\windows\system32\winsys2.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: threesixtytraining.co.uk\www
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} - hxxp://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.landlorddirect.com/js/ImageUploader6.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://btc.webex.com/client/T25LSP41EP13-LOCKDOWN/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-23 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-23 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-23 216200]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-23 29512]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-23 242896]
    R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-23 58984]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-23 125160]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-23 308064]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-4-23 2325816]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-4-23 5888008]
    R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-8 632792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-23 779496]
    R2 TRUService;TrigoldCrystal Update Service;c:\program files\trigold\update\TRUService.exe [2009-10-31 135816]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-23 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-23 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-23 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-23 26120]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 136176]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-23 30104]

    =============== Created Last 30 ================

    2010-05-09 20:45:57 0 d-----w- c:\program files\CleanMyPC Popup Blocker
    2010-05-08 14:02:30 0 d-----w- c:\docume~1\admin\applic~1\Registry Mechanic
    2010-05-08 13:47:32 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-05-08 13:47:32 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-05-08 13:47:32 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-05-08 13:47:31 0 d-----w- c:\program files\common files\PC Tools
    2010-05-07 19:10:34 0 d-----w- c:\windows\SxsCaPendDel
    2010-05-07 14:07:03 0 d-----w- c:\program files\ezLife
    2010-05-07 14:05:39 0 d-----w- c:\docume~1\admin\applic~1\00844978A8DCCC908283E96066040B8A
    2010-05-06 17:43:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-06 17:41:27 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0
    2010-05-06 17:41:09 0 d-----w- c:\program files\Lavasoft
    2010-04-28 18:00:54 0 d-----w- c:\docume~1\admin\applic~1\Sammsoft
    2010-04-28 16:52:20 0 d-----w- c:\docume~1\admin\applic~1\Trusteer
    2010-04-28 16:52:15 0 d-----w- c:\program files\Trusteer
    2010-04-28 16:51:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Trusteer
    2010-04-26 18:29:51 0 d-----w- c:\windows\ServicePackFiles
    2010-04-26 17:35:39 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
    2010-04-26 17:35:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-04-26 17:35:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-25 11:12:21 0 d--h--w- C:\$AVG
    2010-04-25 10:04:42 0 d-----w- c:\docume~1\admin\applic~1\AVG9
    2010-04-23 12:55:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-23 12:55:07 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-22 23:11:46 0 d-----w- c:\docume~1\admin\applic~1\MSNInstaller
    2010-04-22 23:10:52 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-04-22 23:10:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-22 23:10:49 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-22 23:10:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-22 23:10:33 0 d-----w- c:\windows\system32\drivers\Avg
    2010-04-22 23:08:51 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-04-22 23:08:19 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-04-22 23:08:19 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-04-22 23:06:08 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-04-22 23:02:38 0 d-----w- c:\program files\AVG

    ==================== Find3M ====================

    2010-05-10 17:36:06 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2010-04-20 10:05:36 4212 ---h--w- c:\windows\system32\zllictbl.dat
    2010-02-16 13:17:38 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 12:39:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-03-12 22:21:44 16384 --sha-w- c:\windows\temp\cookies\index.dat
    2009-03-12 22:21:44 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
    2009-03-12 22:21:44 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

    ============= FINISH: 18:26:17.82 ===============

    ATTACH


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 13/08/2008 12:32:14
    System Uptime: 05/12/2010 10:51:45 (-4960 hours ago)

    Motherboard: | | Wolfdale1333-D667.
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | CPUSocket | 2991/200mhz
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | CPUSocket | 2991/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 80.482 GiB free.
    D: is FIXED (NTFS) - 238 GiB total, 227.298 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Deskjet F4500 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    ==== System Restore Points ===================

    RP241: 12/02/2010 12:52:15 - System Checkpoint
    RP242: 13/02/2010 13:51:30 - System Checkpoint
    RP243: 16/02/2010 12:13:26 - System Checkpoint
    RP244: 17/02/2010 19:48:58 - System Checkpoint
    RP245: 19/02/2010 14:25:37 - System Checkpoint
    RP246: 20/02/2010 15:36:31 - System Checkpoint
    RP247: 22/02/2010 12:56:53 - System Checkpoint
    RP248: 23/02/2010 13:05:07 - System Checkpoint
    RP249: 26/02/2010 10:03:05 - System Checkpoint
    RP250: 28/02/2010 22:08:22 - System Checkpoint
    RP251: 03/03/2010 13:00:52 - System Checkpoint
    RP252: 04/03/2010 13:12:00 - System Checkpoint
    RP253: 05/03/2010 15:26:05 - System Checkpoint
    RP254: 07/03/2010 15:50:29 - System Checkpoint
    RP255: 08/03/2010 16:19:27 - System Checkpoint
    RP256: 09/03/2010 16:20:38 - System Checkpoint
    RP257: 11/03/2010 13:53:56 - System Checkpoint
    RP258: 11/03/2010 23:49:55 - Removed Windows Live Sign-in Assistant
    RP259: 12/03/2010 18:44:54 - Installed Virgin Media Broadband SpeedBooster
    RP260: 14/03/2010 17:09:34 - System Checkpoint
    RP261: 15/03/2010 17:46:12 - System Checkpoint
    RP262: 16/03/2010 17:49:06 - System Checkpoint
    RP263: 19/03/2010 10:40:50 - System Checkpoint
    RP264: 20/03/2010 20:19:00 - System Checkpoint
    RP265: 22/03/2010 12:25:51 - System Checkpoint
    RP266: 23/03/2010 17:10:45 - System Checkpoint
    RP267: 26/03/2010 11:55:14 - System Checkpoint
    RP268: 27/03/2010 13:11:37 - System Checkpoint
    RP269: 29/03/2010 11:41:30 - System Checkpoint
    RP270: 30/03/2010 11:50:50 - System Checkpoint
    RP271: 31/03/2010 11:58:40 - System Checkpoint
    RP272: 01/04/2010 12:54:09 - System Checkpoint
    RP273: 04/04/2010 19:07:07 - System Checkpoint
    RP274: 06/04/2010 10:20:48 - System Checkpoint
    RP275: 08/04/2010 14:10:42 - System Checkpoint
    RP276: 09/04/2010 14:47:05 - System Checkpoint
    RP277: 11/04/2010 12:49:53 - System Checkpoint
    RP278: 12/04/2010 13:38:19 - System Checkpoint
    RP279: 14/04/2010 09:10:12 - System Checkpoint
    RP280: 15/04/2010 12:57:28 - System Checkpoint
    RP281: 16/04/2010 13:12:45 - System Checkpoint
    RP282: 19/04/2010 10:43:22 - System Checkpoint
    RP283: 20/04/2010 11:57:04 - System Checkpoint
    RP284: 21/04/2010 12:30:09 - System Checkpoint
    RP285: 21/04/2010 23:06:59 - Installed Ad-Aware
    RP286: 22/04/2010 00:37:09 - Removed Ad-Aware
    RP287: 23/04/2010 00:06:08 - Installed AVG 9.0
    RP288: 23/04/2010 00:08:52 - Removed Windows Live Messenger
    RP289: 23/04/2010 00:13:13 - Removed Google Earth.
    RP290: 23/04/2010 00:20:23 - Avg Update
    RP291: 23/04/2010 00:28:53 - Removed Ask Toolbar.
    RP292: 25/04/2010 14:27:36 - System Checkpoint
    RP293: 26/04/2010 16:08:09 - System Checkpoint
    RP294: 26/04/2010 19:20:29 - Software Distribution Service 3.0
    RP295: 26/04/2010 19:44:35 - Software Distribution Service 3.0
    RP296: 26/04/2010 23:03:16 - Software Distribution Service 3.0
    RP297: 28/04/2010 11:21:31 - System Checkpoint
    RP298: 28/04/2010 17:52:13 - Installed Rapport
    RP299: 28/04/2010 19:00:26 - Advanced Registry Optimizer 2010 - Before Installation
    RP300: 28/04/2010 19:01:06 - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
    RP301: 28/04/2010 19:07:09 - Advanced Registry Optimizer 2010 Wed, Apr 28, 10 19:07
    RP302: 30/04/2010 10:54:54 - Avg Update
    RP303: 03/05/2010 13:40:03 - System Checkpoint
    RP304: 05/05/2010 10:17:46 - System Checkpoint
    RP305: 06/05/2010 09:51:23 - Avg Update
    RP306: 06/05/2010 18:27:29 - Advanced Registry Optimizer 2010 - Before Installation
    RP307: 06/05/2010 18:28:41 - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
    RP308: 08/05/2010 12:10:53 - System Checkpoint
    RP309: 10/05/2010 11:57:21 - System Checkpoint
    RP310: 11/05/2010 13:27:42 - System Checkpoint
    RP311: 12/05/2010 14:01:46 - System Checkpoint

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player ActiveX
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    Alliance and Leicester Online Forms
    Ares 2.0.9
    Avanquest update
    AVG 9.0
    BufferChm
    Business Planner version 3
    Canon CanoScan Toolbox 4.1
    Copy
    Coupon Printer
    Destinations
    DeviceDiscovery
    DJ_AIO_06_F4500_SW_MIN
    Driver Robot 1.1.0.14
    EPSON BX300F Series Printer Uninstall
    F4500
    goal viewer (offline) Trigold Edition
    Google Update Helper
    GoToMeeting 4.1.0.366
    GPBaseService2
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB979306)
    HP Customer Participation Program 13.0
    HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    hpPrintProjects
    HPProductAssistant
    hpWLPGInstaller
    Inertia 3
    Intel(R) Graphics Media Accelerator Driver
    Intermediary Mortgages Application
    Java(TM) 6 Update 2
    Legal & General GIology (live) v7.2
    MarketResearch
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (INERTIA3_SQL2005)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# 2.0 Redistributable Package - SE
    Motorola Phone Tools
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    Nero PhotoShow Express
    Nero Suite
    Network
    Northern Rock Online
    NVIDIA Drivers
    PowerDVD
    Prospector AAA
    Prospector Registry Tool
    Rapport
    RealPlayer
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Registry Mechanic 9.0
    Scan
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    thechatterbox.cc Toolbar
    Toolbox
    TrayApp
    TRSoap
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Virgin Media Broadband SpeedBooster
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    W1zardm0ds.co.uk Toolbar
    WebEx
    WebFldrs XP
    WebReg
    Winamp
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live installer
    Windows Media Format Runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    07/05/2010 20:11:52, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    07/05/2010 20:08:43, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    07/05/2010 20:03:18, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    07/05/2010 20:03:18, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    07/05/2010 19:11:44, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0C0C0C0C0C01 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    05/05/2010 08:39:03, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0C0C0C0C0C01 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================

    GMER

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-05-13 07:49:22
    Windows 5.1.2600 Service Pack 2
    Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\uwrcrfob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xB565CD92]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xB565D49E]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xB565D5EA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xB5660D58]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xB5660D8A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xB565D54E]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB486E670]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xB565D0C8]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xB565D1FA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xB5660E62]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xB5660DCC]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xB5660DFE]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xB5660E30]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xB565CD40]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xB565D64A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xB5660CF0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xB565CCE4]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB486E720]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB486E7C0]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB486E860]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 16E 804E49C8 8 Bytes JMP 58B565D5
    .text ntoskrnl.exe!ZwYieldExecution + 4CA 804E4D24 4 Bytes CALL 108301AF
    .rsrc C:\WINDOWS\system32\DRIVERS\intelppm.sys entry point in ".rsrc" section [0xBA776394]
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9184380, 0x2FF527, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C5000A
    .text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
    .text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C4000C
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[388] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00439530 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[388] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[388] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 716E0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1092] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00412220 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1092] USER32.dll!CallMsgFilterW + 21D 7E42DBC9 6 Bytes JMP 716E001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1092] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1092] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 71680022
    .text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A8000A
    .text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A9000A
    .text C:\WINDOWS\System32\svchost.exe[1164] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A7000C
    .text C:\WINDOWS\system32\wuauclt.exe[3164] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
    .text C:\WINDOWS\system32\wuauclt.exe[3164] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
    .text C:\WINDOWS\system32\wuauclt.exe[3164] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0089000A
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008A000A
    .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007F000C

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device -> \Driver\atapi \Device\Harddisk0\DR0 89A47AC8

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\DRIVERS\intelppm.sys suspicious modification
    File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    Ares 2.0.9

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Also available here.

    My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



    Step # 1: Disable Teatimer

    Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

    This is a two step process.
    First step:
    • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
    • If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
    • If you have Version 1.4, Click on Exit Spybot S&D Resident


    Second step, For Either Version :
    • Open Spybot S&D
    • Click Mode, choose Advanced Mode
    • Go To the bottom of the Vertical Panel on the Left, Click Tools
    • then, also in left panel, click Resident shows a red/white shield.
    • If your firewall raises a question, say OK
    • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
    • OK any prompts.
    • Use File, Exit to terminate Spybot
    • Reboot your machine for the changes to take effect.



    Step # 2: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    *Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
    Malware Removal University Master
    Member of ASAP & UNITE

  5. #5
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    ares removed as per instructions

    spybot stuff done,

    combo log below, while it was doing the scan I did notice it stated it was deleting some stuff, did not notice this in the guide and not sure if its something for me to worry about?

    ComboFix 10-05-14.06 - Admin 15/05/2010 0:28.1.2 - x86
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\2A.tmp
    C:\5A.tmp
    c:\documents and settings\Admin\Application Data\00844978A8DCCC908283E96066040B8A
    c:\documents and settings\Admin\Application Data\00844978A8DCCC908283E96066040B8A\enemies-names.txt
    c:\documents and settings\Admin\g2mdlhlpx.exe
    c:\documents and settings\Admin\GoToAssistDownloadHelper.exe
    c:\program files\ezLife
    c:\windows\system32\AbaleZip.dll
    c:\windows\system32\winsys.exe

    Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
    .

    2010-05-09 20:45 . 2010-05-10 08:58 -------- d-----w- c:\program files\CleanMyPC Popup Blocker
    2010-05-08 14:02 . 2010-05-08 14:05 -------- d-----w- c:\documents and settings\Admin\Application Data\Registry Mechanic
    2010-05-08 13:47 . 2010-05-08 13:47 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-05-08 13:47 . 2010-05-14 22:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-05-07 19:10 . 2010-05-08 09:52 -------- d-----w- c:\windows\SxsCaPendDel
    2010-05-07 15:16 . 2010-05-07 15:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
    2010-05-07 14:07 . 2010-05-07 14:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\vsfuticgf
    2010-05-06 17:43 . 2010-05-06 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-06 17:41 . 2010-05-08 09:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-05-06 17:41 . 2010-05-07 19:09 -------- d-----w- c:\program files\Lavasoft
    2010-04-28 18:00 . 2010-05-08 13:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Sammsoft
    2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Trusteer
    2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\program files\Trusteer
    2010-04-28 16:51 . 2010-04-28 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
    2010-04-28 10:54 . 2010-04-28 10:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-26 18:29 . 2010-04-26 18:29 -------- d-----w- c:\windows\ServicePackFiles
    2010-04-26 17:35 . 2010-04-26 17:35 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
    2010-04-26 17:35 . 2010-04-26 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-26 17:35 . 2010-05-08 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-25 11:12 . 2010-04-25 11:12 -------- d-----w- C:\$AVG
    2010-04-25 10:44 . 2010-04-25 10:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead
    2010-04-25 10:04 . 2010-04-25 10:04 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG9
    2010-04-23 12:55 . 2010-04-23 12:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-23 12:55 . 2010-04-23 12:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-22 23:11 . 2010-04-22 23:11 -------- d-----w- c:\documents and settings\Admin\Application Data\MSNInstaller
    2010-04-22 23:10 . 2010-04-22 23:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-22 23:10 . 2010-04-22 23:10 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-04-22 23:10 . 2010-04-22 23:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-22 23:10 . 2010-04-22 23:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-22 23:10 . 2010-04-22 23:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-04-22 23:10 . 2010-05-14 22:34 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-04-22 23:08 . 2010-04-22 23:08 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-04-22 23:08 . 2010-04-22 23:08 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-04-22 23:08 . 2010-04-22 23:08 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-04-22 23:06 . 2010-04-22 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-22 23:02 . 2010-04-22 23:06 -------- d-----w- c:\program files\AVG

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-14 23:02 . 2009-11-12 17:43 -------- d-----w- c:\documents and settings\Admin\Application Data\HPAppData
    2010-05-14 17:57 . 2009-03-05 16:44 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
    2010-05-14 12:00 . 2004-08-04 12:00 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2010-05-11 10:06 . 2010-01-03 17:26 -------- d-----w- c:\program files\W1zardm0ds.co.uk
    2010-05-07 19:10 . 2008-08-14 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-06 18:31 . 2008-08-14 19:58 -------- d-----w- c:\program files\thechatterbox.cc
    2010-04-30 15:06 . 2009-11-06 14:55 -------- d-----w- c:\program files\Common Files\F1
    2010-04-26 22:09 . 2009-11-03 18:53 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-04-22 23:30 . 2009-01-30 18:31 -------- d-----w- c:\program files\SolarWinds
    2010-04-22 23:14 . 2009-11-23 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-04-22 23:13 . 2010-04-10 20:04 -------- d-----w- c:\program files\Google
    2010-04-22 23:08 . 2008-09-22 19:37 -------- d-----w- c:\program files\Windows Live
    2010-04-22 22:22 . 2008-09-20 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-22 22:20 . 2008-09-20 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-20 10:05 . 2008-08-13 19:03 4212 ---h--w- c:\windows\system32\zllictbl.dat
    2010-04-10 15:18 . 2008-08-14 09:48 -------- d-----w- c:\program files\Common Files\Adobe
    2010-03-28 15:12 . 2010-03-16 15:44 439816 ----a-w- c:\documents and settings\Admin\Application Data\Real\Update\setup3.10\setup.exe
    2010-03-20 19:53 . 2010-03-20 19:53 -------- d-----w- c:\program files\Coupon Printer
    2010-03-20 19:53 . 2010-03-20 19:53 31 ---ha-w- c:\windows\UKCpInfo.sys
    2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 09:59 . 2010-03-12 12:19 40960 ----a-w- c:\documents and settings\All Users\Application Data\TrigoldCrystal\Prospector\paymentshield\QuoteEngine\MortgageProtectorSolo.dll
    2010-02-16 13:17 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813cf69b-bebf-423d-9936-eb451ffab26f}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    2010-02-11 10:06 2349080 ----a-w- c:\program files\thechatterbox.cc\tbthe0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{813cf69b-bebf-423d-9936-eb451ffab26f}]
    2010-05-11 10:06 2515552 ----a-w- c:\program files\W1zardm0ds.co.uk\tbW1z0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813cf69b-bebf-423d-9936-eb451ffab26f}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813CF69B-BEBF-423D-9936-EB451FFAB26F}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PhotoShow Deluxe Media Manager"="c:\progra~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE" [2005-02-26 212992]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "nwiz"="nwiz.exe" [2007-06-28 1626112]
    "WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-17 198160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2004-08-04 53760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-22 23:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 136176]
    R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-22 30104]
    S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSxx.sys [2010-04-22 25096]
    S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-22 52872]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-22 216200]
    S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-22 242896]
    S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-03-23 58984]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-03-23 125160]
    S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-22 308064]
    S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-22 2325816]
    S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
    S2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-03-23 779496]
    S2 TRUService;TrigoldCrystal Update Service;c:\program files\Trigold\Update\TRUService.exe [2009-10-31 135816]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-04-22 30104]
    S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2010-04-22 122376]
    S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2010-04-22 30216]
    S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2010-04-22 26120]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-18 c:\windows\Tasks\Driver Robot.job
    - c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-18 13:53]

    2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 20:04]

    2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 20:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://bbc.co.uk/news
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: threesixtytraining.co.uk\www
    DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} - hxxp://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.landlorddirect.com/js/ImageUploader6.cab
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-PremierBuilder - Test Insurer - Legal & General GIology - c:\program files\Legal & General\GIology\GIology



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-15 00:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\docume~1\Admin\LOCALS~1\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    Completion time: 2010-05-15 00:37:31
    ComboFix-quarantined-files.txt 2010-05-14 23:37

    Pre-Run: 86,093,524,992 bytes free
    Post-Run: 86,426,116,096 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 488B20DACA6AA5033412A0B8942C4CE6

  6. #6
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    combo log below, while it was doing the scan I did notice it stated it was deleting some stuff, did not notice this in the guide and not sure if its something for me to worry about?
    Just ComboFix doing its job.

    If ComboFix finds any bad/malicious stuff, it'll start deleting it. Nothing to worry about.



    Step # 1: Run CFScript

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      KILLALL::
      
      DirLook::
      
      c:\documents and settings\Admin\Local Settings\Application Data\vsfuticgf
      
      DDS::
      
      TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.







      Note: This CFScript is for use on 003294's computer only! Do not use it on your computer.

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    In your next post/reply, I need to see the following:

    1. The ComboFix Log that appears after Step 1 has been completed.
    2. A fresh DDS Log taken after Step 1 has been completed.
    Malware Removal University Master
    Member of ASAP & UNITE

  7. #7
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    Instructions followed above

    Combo log (2)

    ComboFix 10-05-14.06 - Admin 15/05/2010 10:37:09.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1398 [GMT 1:00]
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
    .

    ((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
    .

    2010-05-09 20:45 . 2010-05-10 08:58 -------- d-----w- c:\program files\CleanMyPC Popup Blocker
    2010-05-08 14:02 . 2010-05-08 14:05 -------- d-----w- c:\documents and settings\Admin\Application Data\Registry Mechanic
    2010-05-08 13:47 . 2010-05-08 13:47 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-05-08 13:47 . 2010-05-14 22:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-05-07 19:10 . 2010-05-08 09:52 -------- d-----w- c:\windows\SxsCaPendDel
    2010-05-07 15:16 . 2010-05-07 15:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
    2010-05-07 14:07 . 2010-05-07 14:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\vsfuticgf
    2010-05-06 17:43 . 2010-05-06 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-06 17:41 . 2010-05-08 09:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-05-06 17:41 . 2010-05-07 19:09 -------- d-----w- c:\program files\Lavasoft
    2010-04-28 18:00 . 2010-05-08 13:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Sammsoft
    2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Trusteer
    2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\program files\Trusteer
    2010-04-28 16:51 . 2010-04-28 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
    2010-04-28 10:54 . 2010-04-28 10:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-26 18:29 . 2010-04-26 18:29 -------- d-----w- c:\windows\ServicePackFiles
    2010-04-26 17:35 . 2010-04-26 17:35 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
    2010-04-26 17:35 . 2010-04-26 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-26 17:35 . 2010-05-08 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-25 11:12 . 2010-04-25 11:12 -------- d-----w- C:\$AVG
    2010-04-25 10:44 . 2010-04-25 10:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead
    2010-04-25 10:04 . 2010-04-25 10:04 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG9
    2010-04-23 12:55 . 2010-04-23 12:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-23 12:55 . 2010-04-23 12:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-22 23:11 . 2010-04-22 23:11 -------- d-----w- c:\documents and settings\Admin\Application Data\MSNInstaller
    2010-04-22 23:10 . 2010-04-22 23:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-22 23:10 . 2010-04-22 23:10 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-04-22 23:10 . 2010-04-22 23:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-22 23:10 . 2010-04-22 23:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-22 23:10 . 2010-04-22 23:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-04-22 23:10 . 2010-05-15 09:30 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-04-22 23:08 . 2010-04-22 23:08 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-04-22 23:08 . 2010-04-22 23:08 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-04-22 23:08 . 2010-04-22 23:08 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-04-22 23:06 . 2010-04-22 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-22 23:02 . 2010-04-22 23:06 -------- d-----w- c:\program files\AVG

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-15 09:31 . 2009-11-12 17:43 -------- d-----w- c:\documents and settings\Admin\Application Data\HPAppData
    2010-05-14 17:57 . 2009-03-05 16:44 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
    2010-05-14 12:00 . 2004-08-04 12:00 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2010-05-11 10:06 . 2010-01-03 17:26 -------- d-----w- c:\program files\W1zardm0ds.co.uk
    2010-05-07 19:10 . 2008-08-14 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-06 18:31 . 2008-08-14 19:58 -------- d-----w- c:\program files\thechatterbox.cc
    2010-04-30 15:06 . 2009-11-06 14:55 -------- d-----w- c:\program files\Common Files\F1
    2010-04-26 22:09 . 2009-11-03 18:53 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-04-22 23:30 . 2009-01-30 18:31 -------- d-----w- c:\program files\SolarWinds
    2010-04-22 23:14 . 2009-11-23 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-04-22 23:13 . 2010-04-10 20:04 -------- d-----w- c:\program files\Google
    2010-04-22 23:08 . 2008-09-22 19:37 -------- d-----w- c:\program files\Windows Live
    2010-04-22 22:22 . 2008-09-20 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-22 22:20 . 2008-09-20 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-20 10:05 . 2008-08-13 19:03 4212 ---h--w- c:\windows\system32\zllictbl.dat
    2010-04-10 15:18 . 2008-08-14 09:48 -------- d-----w- c:\program files\Common Files\Adobe
    2010-03-28 15:12 . 2010-03-16 15:44 439816 ----a-w- c:\documents and settings\Admin\Application Data\Real\Update\setup3.10\setup.exe
    2010-03-20 19:53 . 2010-03-20 19:53 -------- d-----w- c:\program files\Coupon Printer
    2010-03-20 19:53 . 2010-03-20 19:53 31 ---ha-w- c:\windows\UKCpInfo.sys
    2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 09:59 . 2010-03-12 12:19 40960 ----a-w- c:\documents and settings\All Users\Application Data\TrigoldCrystal\Prospector\paymentshield\QuoteEngine\MortgageProtectorSolo.dll
    2010-02-16 13:17 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\documents and settings\Admin\Local Settings\Application Data\vsfuticgf ----



    ((((((((((((((((((((((((((((( SnapShot@2010-05-14_23.35.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-15 09:43 . 2010-05-15 09:43 16384 c:\windows\Temp\Perflib_Perfdata_be0.dat
    + 2010-05-15 09:43 . 2010-05-15 09:43 16384 c:\windows\Temp\Perflib_Perfdata_b7c.dat
    + 2004-08-04 12:00 . 2010-05-14 23:45 76510 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2010-05-14 23:45 441194 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813cf69b-bebf-423d-9936-eb451ffab26f}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    2010-02-11 10:06 2349080 ----a-w- c:\program files\thechatterbox.cc\tbthe0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{813cf69b-bebf-423d-9936-eb451ffab26f}]
    2010-05-11 10:06 2515552 ----a-w- c:\program files\W1zardm0ds.co.uk\tbW1z0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813cf69b-bebf-423d-9936-eb451ffab26f}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813CF69B-BEBF-423D-9936-EB451FFAB26F}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PhotoShow Deluxe Media Manager"="c:\progra~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE" [2005-02-26 212992]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "nwiz"="nwiz.exe" [2007-06-28 1626112]
    "WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-17 198160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2004-08-04 53760]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-22 23:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [23/04/2010 00:08 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [23/04/2010 00:10 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/04/2010 00:10 216200]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/04/2010 00:10 242896]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [23/03/2010 16:39 58984]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [23/03/2010 16:39 125160]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23/04/2010 00:08 308064]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [23/04/2010 00:09 2325816]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [23/04/2010 00:08 5888008]
    R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [08/05/2010 14:47 632792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [23/03/2010 16:39 779496]
    R2 TRUService;TrigoldCrystal Update Service;c:\program files\Trigold\Update\TRUService.exe [31/10/2009 20:02 135816]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23/04/2010 00:08 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [23/04/2010 00:08 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [23/04/2010 00:08 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [23/04/2010 00:08 26120]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2010 21:04 136176]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23/04/2010 00:08 30104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-18 c:\windows\Tasks\Driver Robot.job
    - c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-18 13:53]

    2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 20:04]

    2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 20:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://bbc.co.uk/news
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: threesixtytraining.co.uk\www
    DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} - hxxp://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.landlorddirect.com/js/ImageUploader6.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-15 10:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(7084)
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2010-05-15 10:47:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-15 09:47
    ComboFix2.txt 2010-05-14 23:37

    Pre-Run: 86,369,574,912 bytes free
    Post-Run: 86,393,794,560 bytes free

    - - End Of File - - 083E1E427AC38B378D9C535C34411BE4

    DDS (2)


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Admin at 14:13:37.73 on 15/05/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1234 [GMT 1:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Trigold\Update\TRUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Documents and Settings\Admin\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://bbc.co.uk/news
    uURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
    uURLSearchHooks: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
    BHO: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
    {02478d38-c3f9-4efb-9b51-7695eca05670}
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
    BHO: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
    TB: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~2\data\xtras\MSSYSMGR.EXE
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [WinSys2] c:\windows\system32\winsys2.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: threesixtytraining.co.uk\www
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} - hxxp://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.landlorddirect.com/js/ImageUploader6.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://btc.webex.com/client/T25LSP41EP13-LOCKDOWN/webex/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-23 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-23 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-23 216200]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-23 29512]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-23 242896]
    R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-23 58984]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-23 125160]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-23 308064]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-4-23 2325816]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-4-23 5888008]
    R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-8 632792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-23 779496]
    R2 TRUService;TrigoldCrystal Update Service;c:\program files\trigold\update\TRUService.exe [2009-10-31 135816]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-23 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-23 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-23 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-23 26120]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 136176]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-23 30104]

    =============== Created Last 30 ================

    2010-05-14 23:23:27 0 d-sha-r- C:\cmdcons
    2010-05-14 23:22:33 98816 ----a-w- c:\windows\sed.exe
    2010-05-14 23:06:33 77312 ----a-w- c:\windows\MBR.exe
    2010-05-14 23:06:33 256512 ----a-w- c:\windows\PEV.exe
    2010-05-14 23:06:33 161792 ----a-w- c:\windows\SWREG.exe
    2010-05-09 20:45:57 0 d-----w- c:\program files\CleanMyPC Popup Blocker
    2010-05-08 14:02:30 0 d-----w- c:\docume~1\admin\applic~1\Registry Mechanic
    2010-05-08 13:47:32 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-05-08 13:47:32 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-05-08 13:47:32 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-05-08 13:47:31 0 d-----w- c:\program files\common files\PC Tools
    2010-05-07 19:10:34 0 d-----w- c:\windows\SxsCaPendDel
    2010-05-06 17:43:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-06 17:41:27 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0
    2010-05-06 17:41:09 0 d-----w- c:\program files\Lavasoft
    2010-04-28 18:00:54 0 d-----w- c:\docume~1\admin\applic~1\Sammsoft
    2010-04-28 16:52:20 0 d-----w- c:\docume~1\admin\applic~1\Trusteer
    2010-04-28 16:52:15 0 d-----w- c:\program files\Trusteer
    2010-04-28 16:51:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Trusteer
    2010-04-26 18:29:51 0 d-----w- c:\windows\ServicePackFiles
    2010-04-26 17:35:39 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
    2010-04-26 17:35:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-04-26 17:35:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-25 11:12:21 0 d-----w- C:\$AVG
    2010-04-25 10:04:42 0 d-----w- c:\docume~1\admin\applic~1\AVG9
    2010-04-23 12:55:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-23 12:55:07 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-22 23:11:46 0 d-----w- c:\docume~1\admin\applic~1\MSNInstaller
    2010-04-22 23:10:52 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-04-22 23:10:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-22 23:10:49 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-22 23:10:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-22 23:10:33 0 d-----w- c:\windows\system32\drivers\Avg
    2010-04-22 23:08:51 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-04-22 23:08:19 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-04-22 23:08:19 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-04-22 23:06:08 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-04-22 23:02:38 0 d-----w- c:\program files\AVG

    ==================== Find3M ====================

    2010-05-14 12:00:54 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2010-04-20 10:05:36 4212 ---h--w- c:\windows\system32\zllictbl.dat
    2010-02-16 13:17:38 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 12:39:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe

    ============= FINISH: 14:14:18.65 ===============

    Attach (2)


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 13/08/2008 12:32:14
    System Uptime: 15/05/2010 14:09:20 (0 hours ago)

    Motherboard: | | Wolfdale1333-D667.
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | CPUSocket | 2991/200mhz
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | CPUSocket | 2991/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 80.48 GiB free.
    D: is FIXED (NTFS) - 238 GiB total, 227.298 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Deskjet F4500 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    ==== System Restore Points ===================

    RP243: 16/02/2010 12:13:26 - System Checkpoint
    RP244: 17/02/2010 19:48:58 - System Checkpoint
    RP245: 19/02/2010 14:25:37 - System Checkpoint
    RP246: 20/02/2010 15:36:31 - System Checkpoint
    RP247: 22/02/2010 12:56:53 - System Checkpoint
    RP248: 23/02/2010 13:05:07 - System Checkpoint
    RP249: 26/02/2010 10:03:05 - System Checkpoint
    RP250: 28/02/2010 22:08:22 - System Checkpoint
    RP251: 03/03/2010 13:00:52 - System Checkpoint
    RP252: 04/03/2010 13:12:00 - System Checkpoint
    RP253: 05/03/2010 15:26:05 - System Checkpoint
    RP254: 07/03/2010 15:50:29 - System Checkpoint
    RP255: 08/03/2010 16:19:27 - System Checkpoint
    RP256: 09/03/2010 16:20:38 - System Checkpoint
    RP257: 11/03/2010 13:53:56 - System Checkpoint
    RP258: 11/03/2010 23:49:55 - Removed Windows Live Sign-in Assistant
    RP259: 12/03/2010 18:44:54 - Installed Virgin Media Broadband SpeedBooster
    RP260: 14/03/2010 17:09:34 - System Checkpoint
    RP261: 15/03/2010 17:46:12 - System Checkpoint
    RP262: 16/03/2010 17:49:06 - System Checkpoint
    RP263: 19/03/2010 10:40:50 - System Checkpoint
    RP264: 20/03/2010 20:19:00 - System Checkpoint
    RP265: 22/03/2010 12:25:51 - System Checkpoint
    RP266: 23/03/2010 17:10:45 - System Checkpoint
    RP267: 26/03/2010 11:55:14 - System Checkpoint
    RP268: 27/03/2010 13:11:37 - System Checkpoint
    RP269: 29/03/2010 11:41:30 - System Checkpoint
    RP270: 30/03/2010 11:50:50 - System Checkpoint
    RP271: 31/03/2010 11:58:40 - System Checkpoint
    RP272: 01/04/2010 12:54:09 - System Checkpoint
    RP273: 04/04/2010 19:07:07 - System Checkpoint
    RP274: 06/04/2010 10:20:48 - System Checkpoint
    RP275: 08/04/2010 14:10:42 - System Checkpoint
    RP276: 09/04/2010 14:47:05 - System Checkpoint
    RP277: 11/04/2010 12:49:53 - System Checkpoint
    RP278: 12/04/2010 13:38:19 - System Checkpoint
    RP279: 14/04/2010 09:10:12 - System Checkpoint
    RP280: 15/04/2010 12:57:28 - System Checkpoint
    RP281: 16/04/2010 13:12:45 - System Checkpoint
    RP282: 19/04/2010 10:43:22 - System Checkpoint
    RP283: 20/04/2010 11:57:04 - System Checkpoint
    RP284: 21/04/2010 12:30:09 - System Checkpoint
    RP285: 21/04/2010 23:06:59 - Installed Ad-Aware
    RP286: 22/04/2010 00:37:09 - Removed Ad-Aware
    RP287: 23/04/2010 00:06:08 - Installed AVG 9.0
    RP288: 23/04/2010 00:08:52 - Removed Windows Live Messenger
    RP289: 23/04/2010 00:13:13 - Removed Google Earth.
    RP290: 23/04/2010 00:20:23 - Avg Update
    RP291: 23/04/2010 00:28:53 - Removed Ask Toolbar.
    RP292: 25/04/2010 14:27:36 - System Checkpoint
    RP293: 26/04/2010 16:08:09 - System Checkpoint
    RP294: 26/04/2010 19:20:29 - Software Distribution Service 3.0
    RP295: 26/04/2010 19:44:35 - Software Distribution Service 3.0
    RP296: 26/04/2010 23:03:16 - Software Distribution Service 3.0
    RP297: 28/04/2010 11:21:31 - System Checkpoint
    RP298: 28/04/2010 17:52:13 - Installed Rapport
    RP299: 28/04/2010 19:00:26 - Advanced Registry Optimizer 2010 - Before Installation
    RP300: 28/04/2010 19:01:06 - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
    RP301: 28/04/2010 19:07:09 - Advanced Registry Optimizer 2010 Wed, Apr 28, 10 19:07
    RP302: 30/04/2010 10:54:54 - Avg Update
    RP303: 03/05/2010 13:40:03 - System Checkpoint
    RP304: 05/05/2010 10:17:46 - System Checkpoint
    RP305: 06/05/2010 09:51:23 - Avg Update
    RP306: 06/05/2010 18:27:29 - Advanced Registry Optimizer 2010 - Before Installation
    RP307: 06/05/2010 18:28:41 - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
    RP308: 08/05/2010 12:10:53 - System Checkpoint
    RP309: 10/05/2010 11:57:21 - System Checkpoint
    RP310: 11/05/2010 13:27:42 - System Checkpoint
    RP311: 12/05/2010 14:01:46 - System Checkpoint
    RP312: 14/05/2010 13:02:23 - System Checkpoint

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player ActiveX
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    Alliance and Leicester Online Forms
    Avanquest update
    AVG 9.0
    BufferChm
    Business Planner version 3
    Canon CanoScan Toolbox 4.1
    Copy
    Coupon Printer
    Destinations
    DeviceDiscovery
    DJ_AIO_06_F4500_SW_MIN
    Driver Robot 1.1.0.14
    EPSON BX300F Series Printer Uninstall
    F4500
    goal viewer (offline) Trigold Edition
    Google Update Helper
    GoToMeeting 4.1.0.366
    GPBaseService2
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB979306)
    HP Customer Participation Program 13.0
    HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    hpPrintProjects
    HPProductAssistant
    hpWLPGInstaller
    Inertia 3
    Intel(R) Graphics Media Accelerator Driver
    Intermediary Mortgages Application
    Java(TM) 6 Update 2
    MarketResearch
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (INERTIA3_SQL2005)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# 2.0 Redistributable Package - SE
    Motorola Phone Tools
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    Nero PhotoShow Express
    Nero Suite
    Network
    Northern Rock Online
    NVIDIA Drivers
    PowerDVD
    Prospector AAA
    Prospector Registry Tool
    Rapport
    RealPlayer
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Registry Mechanic 9.0
    Scan
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    thechatterbox.cc Toolbar
    Toolbox
    TrayApp
    TRSoap
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Virgin Media Broadband SpeedBooster
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    W1zardm0ds.co.uk Toolbar
    WebEx
    WebFldrs XP
    WebReg
    Winamp
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live installer
    Windows Media Format Runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    15/05/2010 10:37:04, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
    15/05/2010 10:37:04, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    15/05/2010 10:37:04, error: Service Control Manager [7034] - The SQL Server (INERTIA3_SQL2005) service terminated unexpectedly. It has done this 1 time(s).
    15/05/2010 10:37:04, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
    15/05/2010 10:37:04, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
    15/05/2010 10:37:04, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    15/05/2010 10:37:04, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
    15/05/2010 10:37:04, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    15/05/2010 10:37:04, error: Service Control Manager [7031] - The TrigoldCrystal Update Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    15/05/2010 10:37:04, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    14/05/2010 18:01:27, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0C0C0C0C0C01. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    11/05/2010 11:05:01, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    11/05/2010 11:05:01, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    10/05/2010 19:58:24, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0C0C0C0C0C01 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    08/05/2010 14:33:35, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

    ==== End Of File ===========================

  8. #8
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Delete CFScript.txt from your Desktop, you will be creating and running a new one.


    Step # 1: Run CFScript

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      KILLALL::
      
      Folder::
      
      c:\documents and settings\Admin\Local Settings\Application Data\vsfuticgf
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.







      Note: This CFScript is for use on 003294's computer only! Do not use it on your computer.

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    In your next post/reply, I need to see the following:

    1. The ComboFix Log that appears after Step 1 has been completed.
    Malware Removal University Master
    Member of ASAP & UNITE

  9. #9
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    ComboFix 10-05-14.06 - Admin 15/05/2010 19:15:07.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1433 [GMT 1:00]
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
    AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Admin\Local Settings\Application Data\vsfuticgf

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
    .

    2010-05-09 20:45 . 2010-05-10 08:58 -------- d-----w- c:\program files\CleanMyPC Popup Blocker
    2010-05-08 14:02 . 2010-05-08 14:05 -------- d-----w- c:\documents and settings\Admin\Application Data\Registry Mechanic
    2010-05-08 13:47 . 2010-05-08 13:47 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-05-08 13:47 . 2010-05-15 14:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-05-07 19:10 . 2010-05-08 09:52 -------- d-----w- c:\windows\SxsCaPendDel
    2010-05-07 15:16 . 2010-05-07 15:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
    2010-05-06 17:43 . 2010-05-06 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-06 17:41 . 2010-05-08 09:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-05-06 17:41 . 2010-05-07 19:09 -------- d-----w- c:\program files\Lavasoft
    2010-04-28 18:00 . 2010-05-08 13:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Sammsoft
    2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Trusteer
    2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\program files\Trusteer
    2010-04-28 16:51 . 2010-04-28 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
    2010-04-28 10:54 . 2010-04-28 10:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-26 18:29 . 2010-04-26 18:29 -------- d-----w- c:\windows\ServicePackFiles
    2010-04-26 17:35 . 2010-04-26 17:35 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
    2010-04-26 17:35 . 2010-04-26 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-26 17:35 . 2010-05-08 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-25 11:12 . 2010-04-25 11:12 -------- d-----w- C:\$AVG
    2010-04-25 10:44 . 2010-04-25 10:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead
    2010-04-25 10:04 . 2010-04-25 10:04 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG9
    2010-04-23 12:55 . 2010-04-23 12:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-23 12:55 . 2010-04-23 12:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-22 23:11 . 2010-04-22 23:11 -------- d-----w- c:\documents and settings\Admin\Application Data\MSNInstaller
    2010-04-22 23:10 . 2010-04-22 23:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-22 23:10 . 2010-04-22 23:10 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-04-22 23:10 . 2010-04-22 23:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-22 23:10 . 2010-04-22 23:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-22 23:10 . 2010-04-22 23:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-04-22 23:10 . 2010-05-15 09:30 -------- d-----w- c:\windows\system32\drivers\Avg
    2010-04-22 23:08 . 2010-04-22 23:08 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-04-22 23:08 . 2010-04-22 23:08 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-04-22 23:08 . 2010-04-22 23:08 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-04-22 23:06 . 2010-04-22 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-22 23:02 . 2010-04-22 23:06 -------- d-----w- c:\program files\AVG

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-15 09:31 . 2009-11-12 17:43 -------- d-----w- c:\documents and settings\Admin\Application Data\HPAppData
    2010-05-14 17:57 . 2009-03-05 16:44 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
    2010-05-14 12:00 . 2004-08-04 12:00 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2010-05-11 10:06 . 2010-01-03 17:26 -------- d-----w- c:\program files\W1zardm0ds.co.uk
    2010-05-07 19:10 . 2008-08-14 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-06 18:31 . 2008-08-14 19:58 -------- d-----w- c:\program files\thechatterbox.cc
    2010-04-30 15:06 . 2009-11-06 14:55 -------- d-----w- c:\program files\Common Files\F1
    2010-04-26 22:09 . 2009-11-03 18:53 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-04-22 23:30 . 2009-01-30 18:31 -------- d-----w- c:\program files\SolarWinds
    2010-04-22 23:14 . 2009-11-23 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-04-22 23:13 . 2010-04-10 20:04 -------- d-----w- c:\program files\Google
    2010-04-22 23:08 . 2008-09-22 19:37 -------- d-----w- c:\program files\Windows Live
    2010-04-22 22:22 . 2008-09-20 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-22 22:20 . 2008-09-20 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-20 10:05 . 2008-08-13 19:03 4212 ---h--w- c:\windows\system32\zllictbl.dat
    2010-04-10 15:18 . 2008-08-14 09:48 -------- d-----w- c:\program files\Common Files\Adobe
    2010-03-28 15:12 . 2010-03-16 15:44 439816 ----a-w- c:\documents and settings\Admin\Application Data\Real\Update\setup3.10\setup.exe
    2010-03-20 19:53 . 2010-03-20 19:53 -------- d-----w- c:\program files\Coupon Printer
    2010-03-20 19:53 . 2010-03-20 19:53 31 ---ha-w- c:\windows\UKCpInfo.sys
    2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 09:59 . 2010-03-12 12:19 40960 ----a-w- c:\documents and settings\All Users\Application Data\TrigoldCrystal\Prospector\paymentshield\QuoteEngine\MortgageProtectorSolo.dll
    2010-02-16 13:17 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-05-14_23.35.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-15 18:21 . 2010-05-15 18:21 16384 c:\windows\Temp\Perflib_Perfdata_95c.dat
    + 2010-05-15 18:22 . 2010-05-15 18:22 16384 c:\windows\Temp\Perflib_Perfdata_159c.dat
    + 2004-08-04 12:00 . 2010-05-14 23:45 76510 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2010-05-14 23:45 441194 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813cf69b-bebf-423d-9936-eb451ffab26f}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
    2010-02-11 10:06 2349080 ----a-w- c:\program files\thechatterbox.cc\tbthe0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{813cf69b-bebf-423d-9936-eb451ffab26f}]
    2010-05-11 10:06 2515552 ----a-w- c:\program files\W1zardm0ds.co.uk\tbW1z0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813cf69b-bebf-423d-9936-eb451ffab26f}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2010-02-11 2349080]
    "{813CF69B-BEBF-423D-9936-EB451FFAB26F}"= "c:\program files\W1zardm0ds.co.uk\tbW1z0.dll" [2010-05-11 2515552]

    [HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

    [HKEY_CLASSES_ROOT\clsid\{813cf69b-bebf-423d-9936-eb451ffab26f}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PhotoShow Deluxe Media Manager"="c:\progra~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE" [2005-02-26 212992]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "nwiz"="nwiz.exe" [2007-06-28 1626112]
    "WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-17 198160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2004-08-04 53760]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-22 23:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [23/04/2010 00:08 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [23/04/2010 00:10 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/04/2010 00:10 216200]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/04/2010 00:10 242896]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [23/03/2010 16:39 58984]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [23/03/2010 16:39 125160]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23/04/2010 00:08 308064]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [23/04/2010 00:09 2325816]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [23/04/2010 00:08 5888008]
    R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [08/05/2010 14:47 632792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [23/03/2010 16:39 779496]
    R2 TRUService;TrigoldCrystal Update Service;c:\program files\Trigold\Update\TRUService.exe [31/10/2009 20:02 135816]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23/04/2010 00:08 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [23/04/2010 00:08 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [23/04/2010 00:08 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [23/04/2010 00:08 26120]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2010 21:04 136176]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23/04/2010 00:08 30104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-18 c:\windows\Tasks\Driver Robot.job
    - c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-18 13:53]

    2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 20:04]

    2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 20:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://bbc.co.uk/news
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: threesixtytraining.co.uk\www
    DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} - hxxp://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.landlorddirect.com/js/ImageUploader6.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-15 19:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(6564)
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2010-05-15 19:25:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-15 18:25
    ComboFix2.txt 2010-05-15 09:47
    ComboFix3.txt 2010-05-14 23:37

    Pre-Run: 86,356,656,128 bytes free
    Post-Run: 86,340,308,992 bytes free

    - - End Of File - - D0B47B9A8436502593BBECC83FF76085

  10. #10
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Before we continue further, I need something cleared up.

    The following thread was brought to my attention:

    avg 9.0 free licence key?

    Since your logs show that you already have AVG 9.0 installed, why do you need a free license key?
    Malware Removal University Master
    Member of ASAP & UNITE

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •