AV Security Suite attack....please help!

2

2gars

New member
I am typing this from my clean laptop. My desktop does not have spybot loaded on it. Have AV security suite attack. Can't get on the internet to load spybot. Please help, thanks!
 
Hi,

You need to transfer some tools to your infected system. If you're going to use removable drive please make sure it's properly treated by running Panda USB Vaccine against drive on your clean system.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/19/2009 12:11:56 PM - System Checkpoint
RP2: 12/19/2009 12:13:41 PM - Installed Digital Line Detect
RP3: 12/19/2009 12:14:53 PM - Installed Windows XP KB835221WXP.
RP4: 12/19/2009 12:15:21 PM - Installed SigmaTel Audio
RP5: 12/19/2009 12:23:23 PM - Installed AVG 8.5
RP6: 12/19/2009 12:30:35 PM - Installed Microsoft Office Enterprise 2007
RP7: 12/19/2009 12:35:05 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP8: 12/20/2009 7:00:58 AM - Installed Adapter
RP9: 12/20/2009 7:45:13 AM - Avg8 Update
RP10: 12/20/2009 9:22:36 AM - Avg8 Update
RP11: 12/20/2009 9:24:30 AM - Avg8 Update
RP12: 12/21/2009 7:56:53 AM - Software Distribution Service 3.0
RP13: 12/21/2009 8:33:16 AM - Software Distribution Service 3.0
RP14: 12/21/2009 3:34:31 PM - Avg8 Update
RP15: 12/21/2009 4:00:35 PM - Software Distribution Service 3.0
RP16: 12/22/2009 4:25:26 PM - System Checkpoint
RP17: 12/23/2009 3:00:11 AM - Software Distribution Service 3.0
RP18: 12/23/2009 6:39:03 AM - Software Distribution Service 3.0
RP19: 12/23/2009 6:47:07 AM - Software Distribution Service 3.0
RP20: 12/24/2009 6:50:57 AM - System Checkpoint
RP21: 12/25/2009 6:26:50 AM - Software Distribution Service 3.0
RP22: 12/26/2009 9:39:29 AM - System Checkpoint
RP23: 12/27/2009 11:07:43 AM - System Checkpoint
RP24: 12/28/2009 8:18:46 AM - Avg8 Update
RP25: 12/29/2009 9:03:09 AM - System Checkpoint
RP26: 12/30/2009 8:25:43 AM - Avg8 Update
RP27: 12/30/2009 1:50:33 PM - Installed 1300
RP28: 12/31/2009 3:00:11 AM - Software Distribution Service 3.0
RP29: 1/7/2010 9:39:13 AM - Software Distribution Service 3.0
RP30: 1/8/2010 10:15:43 AM - System Checkpoint
RP31: 1/9/2010 10:40:50 AM - System Checkpoint
RP32: 1/10/2010 11:32:59 AM - System Checkpoint
RP33: 1/11/2010 12:56:24 PM - System Checkpoint
RP34: 1/12/2010 1:21:16 PM - System Checkpoint
RP35: 1/13/2010 3:00:27 AM - Software Distribution Service 3.0
RP36: 1/14/2010 3:15:02 AM - System Checkpoint
RP37: 1/15/2010 3:00:25 AM - Software Distribution Service 3.0
RP38: 1/16/2010 3:02:21 AM - Software Distribution Service 3.0
RP39: 1/17/2010 4:14:17 AM - System Checkpoint
RP40: 1/18/2010 5:54:48 AM - System Checkpoint
RP41: 1/19/2010 6:06:48 AM - System Checkpoint
RP42: 1/19/2010 8:02:38 AM - Avg8 Update
RP43: 1/20/2010 8:36:04 AM - System Checkpoint
RP44: 1/21/2010 9:20:40 AM - System Checkpoint
RP45: 1/22/2010 9:23:23 AM - System Checkpoint
RP46: 1/22/2010 11:05:59 AM - Installed Adobe Reader 9.3.
RP47: 1/23/2010 11:46:34 AM - System Checkpoint
RP48: 1/24/2010 12:20:48 PM - System Checkpoint
RP49: 1/25/2010 1:20:41 PM - System Checkpoint
RP50: 1/26/2010 1:44:41 PM - System Checkpoint
RP51: 1/27/2010 2:56:41 PM - System Checkpoint
RP52: 1/28/2010 4:44:40 PM - System Checkpoint
RP53: 1/29/2010 6:20:41 PM - System Checkpoint
RP54: 1/30/2010 7:20:41 PM - System Checkpoint
RP55: 1/31/2010 8:20:41 PM - System Checkpoint
RP56: 2/1/2010 8:12:38 AM - Avg8 Update
RP57: 2/2/2010 8:18:45 AM - Avg8 Update
RP58: 2/3/2010 9:10:36 AM - System Checkpoint
RP59: 2/4/2010 10:09:31 AM - System Checkpoint
RP60: 2/7/2010 11:32:13 AM - System Checkpoint
RP61: 2/7/2010 11:59:34 AM - Installed HP Unload DLL Patch
RP62: 2/8/2010 1:25:43 PM - System Checkpoint
RP63: 2/9/2010 2:52:14 PM - System Checkpoint
RP64: 2/11/2010 10:13:14 PM - System Checkpoint
RP65: 2/12/2010 3:00:13 AM - Software Distribution Service 3.0
RP66: 2/13/2010 3:35:13 AM - System Checkpoint
RP67: 2/14/2010 5:11:13 AM - System Checkpoint
RP68: 2/15/2010 5:23:13 AM - System Checkpoint
RP69: 2/16/2010 6:59:13 AM - System Checkpoint
RP70: 2/17/2010 7:47:13 AM - System Checkpoint
RP71: 2/21/2010 2:42:31 PM - System Checkpoint
RP72: 2/22/2010 2:53:43 PM - System Checkpoint
RP73: 2/23/2010 3:16:38 PM - System Checkpoint
RP74: 2/24/2010 3:00:11 AM - Software Distribution Service 3.0
RP75: 2/25/2010 3:29:23 AM - System Checkpoint
RP76: 2/25/2010 7:08:16 AM - Installed Java(TM) 6 Update 18
RP77: 2/26/2010 1:11:03 PM - System Checkpoint
RP78: 2/27/2010 3:43:54 PM - System Checkpoint
RP79: 2/28/2010 6:26:34 PM - System Checkpoint
RP80: 3/1/2010 7:08:28 PM - System Checkpoint
RP81: 3/2/2010 7:28:08 PM - System Checkpoint
RP82: 3/3/2010 9:20:26 PM - System Checkpoint
RP83: 3/4/2010 9:24:32 PM - System Checkpoint
RP84: 3/5/2010 9:48:32 PM - System Checkpoint
RP85: 3/6/2010 11:24:32 PM - System Checkpoint
RP86: 3/8/2010 1:12:32 AM - System Checkpoint
RP87: 3/9/2010 1:24:32 AM - System Checkpoint
RP88: 3/10/2010 2:35:46 AM - System Checkpoint
RP89: 3/10/2010 3:00:12 AM - Software Distribution Service 3.0
RP90: 3/11/2010 3:00:23 AM - Software Distribution Service 3.0
RP91: 3/12/2010 3:00:25 AM - System Checkpoint
RP92: 3/13/2010 5:00:25 AM - System Checkpoint
RP93: 3/14/2010 7:48:25 AM - System Checkpoint
RP94: 3/15/2010 7:48:25 AM - System Checkpoint
RP95: 3/16/2010 8:24:25 AM - System Checkpoint
RP96: 3/17/2010 2:08:01 PM - System Checkpoint
RP97: 3/18/2010 8:17:09 AM - Avg8 Update
RP98: 3/18/2010 8:17:53 AM - Avg8 Update
RP99: 3/19/2010 9:35:43 AM - System Checkpoint
RP100: 3/20/2010 10:46:13 AM - System Checkpoint
RP101: 3/21/2010 11:53:02 AM - System Checkpoint
RP102: 3/22/2010 11:57:07 AM - System Checkpoint
RP103: 3/23/2010 2:57:07 PM - System Checkpoint
RP104: 3/24/2010 5:59:15 PM - System Checkpoint
RP105: 3/25/2010 7:07:34 PM - System Checkpoint
RP106: 3/26/2010 7:31:34 PM - System Checkpoint
RP107: 3/27/2010 9:07:35 PM - System Checkpoint
RP108: 3/28/2010 10:31:35 PM - System Checkpoint
RP109: 3/29/2010 11:31:35 PM - System Checkpoint
RP110: 3/31/2010 12:31:34 AM - System Checkpoint
RP111: 3/31/2010 3:00:11 AM - Software Distribution Service 3.0
RP112: 4/1/2010 3:56:57 AM - System Checkpoint
RP113: 4/2/2010 3:56:57 AM - System Checkpoint
RP114: 4/3/2010 4:56:57 AM - System Checkpoint
RP115: 4/4/2010 5:20:57 AM - System Checkpoint
RP116: 4/5/2010 6:20:57 AM - System Checkpoint
RP117: 4/6/2010 7:20:58 AM - System Checkpoint
RP118: 4/7/2010 7:21:01 AM - System Checkpoint
RP119: 4/8/2010 8:21:03 AM - System Checkpoint
RP120: 4/9/2010 10:21:03 AM - System Checkpoint
RP121: 4/11/2010 4:12:59 PM - System Checkpoint
RP122: 4/12/2010 5:02:29 PM - System Checkpoint
RP123: 4/13/2010 6:02:29 PM - System Checkpoint
RP124: 4/14/2010 6:07:52 PM - System Checkpoint
RP125: 4/15/2010 3:00:19 AM - Software Distribution Service 3.0
RP126: 4/16/2010 3:26:38 AM - System Checkpoint
RP127: 4/17/2010 5:26:38 AM - System Checkpoint
RP128: 4/18/2010 5:34:24 AM - System Checkpoint
RP129: 4/19/2010 6:58:24 AM - System Checkpoint
RP130: 4/20/2010 6:58:31 AM - System Checkpoint
RP131: 4/21/2010 7:58:31 AM - System Checkpoint
RP132: 4/22/2010 7:58:31 AM - System Checkpoint
RP133: 4/23/2010 9:55:53 AM - System Checkpoint
RP134: 4/24/2010 11:58:15 PM - System Checkpoint
RP135: 4/26/2010 12:57:54 AM - System Checkpoint
RP136: 4/27/2010 1:57:54 AM - System Checkpoint
RP137: 4/28/2010 1:57:55 AM - System Checkpoint
RP138: 4/29/2010 2:57:54 AM - System Checkpoint
RP139: 4/30/2010 3:59:13 AM - System Checkpoint
RP140: 4/30/2010 9:22:42 AM - Avg8 Update
RP141: 5/1/2010 10:21:55 AM - System Checkpoint
RP142: 5/2/2010 10:58:25 AM - System Checkpoint
RP143: 5/3/2010 3:22:01 PM - System Checkpoint
RP144: 5/4/2010 5:10:01 PM - System Checkpoint
RP145: 5/5/2010 5:58:00 PM - System Checkpoint
RP146: 5/6/2010 6:58:01 PM - System Checkpoint
RP147: 5/8/2010 12:47:08 PM - System Checkpoint
RP148: 5/9/2010 1:36:55 PM - System Checkpoint
RP149: 5/11/2010 12:23:32 AM - System Checkpoint
RP150: 5/12/2010 1:44:18 AM - System Checkpoint
RP151: 5/12/2010 3:00:14 AM - Software Distribution Service 3.0
RP152: 5/13/2010 3:08:18 AM - System Checkpoint
RP153: 5/14/2010 3:08:18 AM - System Checkpoint
RP154: 5/15/2010 4:08:18 AM - System Checkpoint
RP155: 5/16/2010 5:08:18 AM - System Checkpoint
RP156: 5/17/2010 5:08:23 AM - System Checkpoint
RP157: 5/18/2010 6:56:23 AM - System Checkpoint
RP158: 5/19/2010 7:44:23 AM - System Checkpoint
RP159: 5/20/2010 8:44:23 AM - System Checkpoint
RP160: 5/21/2010 7:57:34 PM - System Checkpoint
RP161: 5/22/2010 8:32:01 PM - System Checkpoint
RP162: 5/24/2010 12:57:07 PM - System Checkpoint
RP163: 5/25/2010 3:11:39 PM - System Checkpoint
RP164: 5/26/2010 6:11:39 PM - System Checkpoint
RP165: 5/27/2010 3:00:11 AM - Software Distribution Service 3.0
RP166: 5/28/2010 3:35:38 AM - System Checkpoint
RP167: 5/29/2010 4:11:38 AM - System Checkpoint
RP168: 5/30/2010 5:11:01 AM - System Checkpoint
RP169: 5/31/2010 5:56:45 AM - System Checkpoint
RP170: 6/1/2010 6:56:45 AM - System Checkpoint
RP171: 6/2/2010 7:20:45 AM - System Checkpoint
RP172: 6/3/2010 7:56:45 AM - System Checkpoint
RP173: 6/4/2010 9:56:45 AM - System Checkpoint
RP174: 6/5/2010 11:32:45 AM - System Checkpoint
RP175: 6/6/2010 11:59:02 AM - System Checkpoint
RP176: 6/7/2010 3:20:54 PM - System Checkpoint
RP177: 6/8/2010 5:44:54 PM - System Checkpoint
RP178: 6/9/2010 5:54:35 PM - System Checkpoint
RP179: 6/10/2010 6:05:37 PM - System Checkpoint
RP180: 6/11/2010 3:00:38 AM - Software Distribution Service 3.0
RP181: 6/13/2010 1:54:13 PM - System Checkpoint
RP182: 6/14/2010 2:27:48 PM - System Checkpoint
RP183: 6/15/2010 3:59:25 PM - System Checkpoint
RP184: 6/16/2010 5:58:12 PM - System Checkpoint
RP185: 6/17/2010 6:39:47 PM - System Checkpoint
RP186: 6/19/2010 11:17:30 AM - System Checkpoint
RP187: 6/20/2010 2:35:18 PM - System Checkpoint
RP188: 6/21/2010 3:49:02 PM - System Checkpoint
RP189: 6/22/2010 4:07:20 PM - System Checkpoint
RP190: 6/23/2010 4:09:26 PM - System Checkpoint
RP191: 6/24/2010 4:47:27 PM - System Checkpoint
RP192: 6/26/2010 6:16:07 AM - System Checkpoint
RP193: 6/27/2010 6:58:14 AM - System Checkpoint
RP194: 6/28/2010 10:20:17 AM - System Checkpoint
RP195: 6/30/2010 6:35:04 AM - System Checkpoint
RP196: 6/30/2010 11:56:06 AM - Installed Turbo Lister 2.
RP197: 7/1/2010 12:08:45 PM - System Checkpoint
RP198: 7/2/2010 1:08:43 PM - System Checkpoint
RP199: 7/3/2010 2:32:36 PM - System Checkpoint
RP200: 7/4/2010 3:00:07 PM - System Checkpoint
RP201: 7/9/2010 7:37:10 AM - Avg8 Update

==== Installed Programs ======================

1300
1300_Help
1300Tour
1300Trb
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AiO_Scan
AIOMinimal
AiOSoftware
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
Copy
CreativeProjects
Digital Line Detect
Director
DocProc
Fax
FlipShare
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpmdtab
HPSystemDiagnostics
InstantShare
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 18
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MLB.TV NexDef Plug-in
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Overland
PhotoGallery
PrintScreen
QFolder
QuickProjects
Readme
Rhapsody
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SigmaTel Audio
SkinsHP1
SkinsHP2
TrayApp
Turbo Lister 2
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows XP Service Pack 3

==== End Of File ===========================
 
DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Administrator at 10:30:14.26 on Mon 07/12/2010
Internet Explorer: 8.0.6001.18702
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [qsouavaj] c:\documents and settings\garth\local settings\application data\litypkryu\geyjfhctssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://lms.aa.com/sumtotal/nas/wbt/m/m2/cab/awswaxd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-06-30 16:57:37 0 d-----w- c:\program files\eBay
2010-06-30 16:57:37 0 d-----w- c:\documents and settings\all users\eBay
2010-06-21 17:12:31 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb1164ef13cc48.mof
2010-06-16 21:38:44 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-06-16 21:38:42 49152 ----a-r- c:\windows\system32\inetwh32.dll

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-12-23 13:18:58 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-12-23 13:18:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121420091221\index.dat
2009-12-23 13:18:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122320091224\index.dat

============= FINISH: 10:30:37.06 ===============
 
Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Hi,

It would be recommended to run it in normal mode if possible.
 
ok I will, so my new external hard drive that has combo-fix loaded won't get infected when I connect to the infected computer, right?.....(i'm not real saavy at this....lol)
 
I vaccinated my laptop with panda, but tried to vaccinate usb portion and it said ntfs is not able to vaccinated. Can I still connect my external hard drive to infected computer in live mode?
 
I ran combo-fix in safe mode because I wasn't sure how to proceed......

ComboFix 10-07-11.07 - Administrator 07/12/2010 12:26:13.1.2 - x86 MINIMAL
Running from: c:\docume~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for ComboFix.zip\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 18 18 04.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 18 43 48.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 19 11 08.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 19 21 28.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 19 45 14.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 20 01 50.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 20 39 38.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 20 43 22.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 20 46 06.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 20 48 36.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 20 50 44.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 20 56 02.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 20 59 02.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 01 20.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 03 12.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 04 58.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 07 12.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 14 16.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 19 34.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 25 34.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 30 44.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 34 46.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 37 54.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 40 16.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 42 54.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 43 28.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 48 22.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \2010-03-20 21 51 32.MP4
c:\documents and settings\garth\Desktop\Beach Boys Band March 2010 \Thumbs.db
c:\documents and settings\garth\Local Settings\Application Data\litypkryu
c:\documents and settings\garth\Local Settings\Application Data\litypkryu\geyjfhctssd.exe
E:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-12 15:43 . 2010-03-18 13:17 2068320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-07-12 15:43 . 2010-03-18 13:17 3535200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2010-07-12 15:43 . 2010-03-18 13:17 2046816 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2010-07-12 15:42 . 2010-07-09 12:37 1146208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-07-12 15:34 . 2010-07-12 15:34 69232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 16:57 . 2010-06-30 16:57 -------- d-----w- c:\program files\eBay
2010-06-30 16:57 . 2010-06-30 16:57 -------- d-----w- c:\documents and settings\All Users\eBay
2010-06-23 10:02 . 2010-06-23 10:02 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb71.tmp.exe
2010-06-16 21:38 . 2010-06-16 21:38 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-06-16 21:38 . 2010-06-16 21:38 49152 ----a-r- c:\windows\system32\inetwh32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 08:08 . 2009-12-19 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AcrobatUpdater.exe
2010-05-26 12:38 . 2010-05-26 12:38 61440 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52464cb2-n\decora-sse.dll
2010-05-26 12:38 . 2010-05-26 12:38 503808 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\msvcp71.dll
2010-05-26 12:38 . 2010-05-26 12:38 499712 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\jmc.dll
2010-05-26 12:38 . 2010-05-26 12:38 348160 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\msvcr71.dll
2010-05-26 12:38 . 2010-05-26 12:38 12800 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52464cb2-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-03 13:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-03 12:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-03 13:56 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-12 2048352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\garth\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\garth\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2010-4-6 802056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-12-19 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-20 13:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-12-20 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-12-19 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-12-20 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-12-20 297752]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-12-19 12552]

.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:03]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:03]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe
HKLM-Run-qsouavaj - c:\documents and settings\garth\Local Settings\Application Data\litypkryu\geyjfhctssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 12:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1060)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-07-12 12:37:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-12 17:37

Pre-Run: 120,123,998,208 bytes free
Post-Run: 120,863,485,952 bytes free

- - End Of File - - CE5AF85DDC4EFA203A38EC7E6C9B7878
 
also, when it rebooted in live mode so I shut the computer down, so I started computer in safe mode and combo-fix finished and issued report in safe mode....sorry, wasn't sure and wanted laptop and external hard drive unaffected.
 
here is the new dds log also run in safe mode..........

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Administrator at 13:01:55.17 on Mon 07/12/2010
Internet Explorer: 8.0.6001.18702
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://lms.aa.com/sumtotal/nas/wbt/m/m2/cab/awswaxd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-07-12 17:23:44 98816 ----a-w- c:\windows\sed.exe
2010-07-12 17:23:44 77312 ----a-w- c:\windows\MBR.exe
2010-07-12 17:23:44 256512 ----a-w- c:\windows\PEV.exe
2010-07-12 17:23:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-30 16:57:37 0 d-----w- c:\program files\eBay
2010-06-30 16:57:37 0 d-----w- c:\documents and settings\all users\eBay
2010-06-21 17:12:31 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb1164ef13cc48.mof
2010-06-16 21:38:44 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-06-16 21:38:42 49152 ----a-r- c:\windows\system32\inetwh32.dll

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-12-23 13:18:58 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-12-23 13:18:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121420091221\index.dat
2009-12-23 13:18:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122320091224\index.dat

============= FINISH: 13:02:17.15 ===============
 
Hi,

Please run ComboFix again in normal mode making sure internet connection is enabled (if the connection works now). Let ComboFix install recovery console. Post back the resultant log + fresh dds log (all taken in normal mode).
 
can access internet now.......here is combo-fix in normal mode.....will post dds log shortly..

ComboFix 10-07-11.07 - garth 07/12/2010 15:25:51.2.2 - x86
Running from: c:\docume~1\garth\LOCALS~1\Temp\Temporary Directory 2 for ComboFix.zip\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
E:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-12 15:43 . 2010-03-18 13:17 2068320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-07-12 15:43 . 2010-03-18 13:17 3535200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2010-07-12 15:43 . 2010-03-18 13:17 2046816 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2010-07-12 15:42 . 2010-07-09 12:37 1146208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-07-12 15:34 . 2010-07-12 15:34 69232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 16:57 . 2010-06-30 16:57 -------- d-----w- c:\program files\eBay
2010-06-30 16:57 . 2010-06-30 16:57 -------- d-----w- c:\documents and settings\All Users\eBay
2010-06-23 10:02 . 2010-06-23 10:02 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb71.tmp.exe
2010-06-16 21:38 . 2010-06-16 21:38 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-06-16 21:38 . 2010-06-16 21:38 49152 ----a-r- c:\windows\system32\inetwh32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 08:08 . 2009-12-19 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AcrobatUpdater.exe
2010-05-26 12:38 . 2010-05-26 12:38 61440 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52464cb2-n\decora-sse.dll
2010-05-26 12:38 . 2010-05-26 12:38 503808 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\msvcp71.dll
2010-05-26 12:38 . 2010-05-26 12:38 499712 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\jmc.dll
2010-05-26 12:38 . 2010-05-26 12:38 348160 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\msvcr71.dll
2010-05-26 12:38 . 2010-05-26 12:38 12800 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52464cb2-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-03 13:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-03 12:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-03 13:56 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-12_17.33.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-12 20:19 . 2010-07-12 20:19 16384 c:\windows\temp\Perflib_Perfdata_460.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-12 2048352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\garth\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\garth\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2010-4-6 802056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-12-19 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-20 13:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-12-19 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-12-20 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-12-19 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-12-20 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-12-20 297752]

.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:03]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-qsouavaj - c:\documents and settings\garth\Local Settings\Application Data\litypkryu\geyjfhctssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 15:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-12 15:29:56
ComboFix-quarantined-files.txt 2010-07-12 20:29
ComboFix2.txt 2010-07-12 17:37

Pre-Run: 120,854,482,944 bytes free
Post-Run: 120,852,619,264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 51AB3B8F16B659205EB10B80AD35CB2D
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/19/2009 12:11:56 PM - System Checkpoint
RP2: 12/19/2009 12:13:41 PM - Installed Digital Line Detect
RP3: 12/19/2009 12:14:53 PM - Installed Windows XP KB835221WXP.
RP4: 12/19/2009 12:15:21 PM - Installed SigmaTel Audio
RP5: 12/19/2009 12:23:23 PM - Installed AVG 8.5
RP6: 12/19/2009 12:30:35 PM - Installed Microsoft Office Enterprise 2007
RP7: 12/19/2009 12:35:05 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP8: 12/20/2009 7:00:58 AM - Installed Adapter
RP9: 12/20/2009 7:45:13 AM - Avg8 Update
RP10: 12/20/2009 9:22:36 AM - Avg8 Update
RP11: 12/20/2009 9:24:30 AM - Avg8 Update
RP12: 12/21/2009 7:56:53 AM - Software Distribution Service 3.0
RP13: 12/21/2009 8:33:16 AM - Software Distribution Service 3.0
RP14: 12/21/2009 3:34:31 PM - Avg8 Update
RP15: 12/21/2009 4:00:35 PM - Software Distribution Service 3.0
RP16: 12/22/2009 4:25:26 PM - System Checkpoint
RP17: 12/23/2009 3:00:11 AM - Software Distribution Service 3.0
RP18: 12/23/2009 6:39:03 AM - Software Distribution Service 3.0
RP19: 12/23/2009 6:47:07 AM - Software Distribution Service 3.0
RP20: 12/24/2009 6:50:57 AM - System Checkpoint
RP21: 12/25/2009 6:26:50 AM - Software Distribution Service 3.0
RP22: 12/26/2009 9:39:29 AM - System Checkpoint
RP23: 12/27/2009 11:07:43 AM - System Checkpoint
RP24: 12/28/2009 8:18:46 AM - Avg8 Update
RP25: 12/29/2009 9:03:09 AM - System Checkpoint
RP26: 12/30/2009 8:25:43 AM - Avg8 Update
RP27: 12/30/2009 1:50:33 PM - Installed 1300
RP28: 12/31/2009 3:00:11 AM - Software Distribution Service 3.0
RP29: 1/7/2010 9:39:13 AM - Software Distribution Service 3.0
RP30: 1/8/2010 10:15:43 AM - System Checkpoint
RP31: 1/9/2010 10:40:50 AM - System Checkpoint
RP32: 1/10/2010 11:32:59 AM - System Checkpoint
RP33: 1/11/2010 12:56:24 PM - System Checkpoint
RP34: 1/12/2010 1:21:16 PM - System Checkpoint
RP35: 1/13/2010 3:00:27 AM - Software Distribution Service 3.0
RP36: 1/14/2010 3:15:02 AM - System Checkpoint
RP37: 1/15/2010 3:00:25 AM - Software Distribution Service 3.0
RP38: 1/16/2010 3:02:21 AM - Software Distribution Service 3.0
RP39: 1/17/2010 4:14:17 AM - System Checkpoint
RP40: 1/18/2010 5:54:48 AM - System Checkpoint
RP41: 1/19/2010 6:06:48 AM - System Checkpoint
RP42: 1/19/2010 8:02:38 AM - Avg8 Update
RP43: 1/20/2010 8:36:04 AM - System Checkpoint
RP44: 1/21/2010 9:20:40 AM - System Checkpoint
RP45: 1/22/2010 9:23:23 AM - System Checkpoint
RP46: 1/22/2010 11:05:59 AM - Installed Adobe Reader 9.3.
RP47: 1/23/2010 11:46:34 AM - System Checkpoint
RP48: 1/24/2010 12:20:48 PM - System Checkpoint
RP49: 1/25/2010 1:20:41 PM - System Checkpoint
RP50: 1/26/2010 1:44:41 PM - System Checkpoint
RP51: 1/27/2010 2:56:41 PM - System Checkpoint
RP52: 1/28/2010 4:44:40 PM - System Checkpoint
RP53: 1/29/2010 6:20:41 PM - System Checkpoint
RP54: 1/30/2010 7:20:41 PM - System Checkpoint
RP55: 1/31/2010 8:20:41 PM - System Checkpoint
RP56: 2/1/2010 8:12:38 AM - Avg8 Update
RP57: 2/2/2010 8:18:45 AM - Avg8 Update
RP58: 2/3/2010 9:10:36 AM - System Checkpoint
RP59: 2/4/2010 10:09:31 AM - System Checkpoint
RP60: 2/7/2010 11:32:13 AM - System Checkpoint
RP61: 2/7/2010 11:59:34 AM - Installed HP Unload DLL Patch
RP62: 2/8/2010 1:25:43 PM - System Checkpoint
RP63: 2/9/2010 2:52:14 PM - System Checkpoint
RP64: 2/11/2010 10:13:14 PM - System Checkpoint
RP65: 2/12/2010 3:00:13 AM - Software Distribution Service 3.0
RP66: 2/13/2010 3:35:13 AM - System Checkpoint
RP67: 2/14/2010 5:11:13 AM - System Checkpoint
RP68: 2/15/2010 5:23:13 AM - System Checkpoint
RP69: 2/16/2010 6:59:13 AM - System Checkpoint
RP70: 2/17/2010 7:47:13 AM - System Checkpoint
RP71: 2/21/2010 2:42:31 PM - System Checkpoint
RP72: 2/22/2010 2:53:43 PM - System Checkpoint
RP73: 2/23/2010 3:16:38 PM - System Checkpoint
RP74: 2/24/2010 3:00:11 AM - Software Distribution Service 3.0
RP75: 2/25/2010 3:29:23 AM - System Checkpoint
RP76: 2/25/2010 7:08:16 AM - Installed Java(TM) 6 Update 18
RP77: 2/26/2010 1:11:03 PM - System Checkpoint
RP78: 2/27/2010 3:43:54 PM - System Checkpoint
RP79: 2/28/2010 6:26:34 PM - System Checkpoint
RP80: 3/1/2010 7:08:28 PM - System Checkpoint
RP81: 3/2/2010 7:28:08 PM - System Checkpoint
RP82: 3/3/2010 9:20:26 PM - System Checkpoint
RP83: 3/4/2010 9:24:32 PM - System Checkpoint
RP84: 3/5/2010 9:48:32 PM - System Checkpoint
RP85: 3/6/2010 11:24:32 PM - System Checkpoint
RP86: 3/8/2010 1:12:32 AM - System Checkpoint
RP87: 3/9/2010 1:24:32 AM - System Checkpoint
RP88: 3/10/2010 2:35:46 AM - System Checkpoint
RP89: 3/10/2010 3:00:12 AM - Software Distribution Service 3.0
RP90: 3/11/2010 3:00:23 AM - Software Distribution Service 3.0
RP91: 3/12/2010 3:00:25 AM - System Checkpoint
RP92: 3/13/2010 5:00:25 AM - System Checkpoint
RP93: 3/14/2010 7:48:25 AM - System Checkpoint
RP94: 3/15/2010 7:48:25 AM - System Checkpoint
RP95: 3/16/2010 8:24:25 AM - System Checkpoint
RP96: 3/17/2010 2:08:01 PM - System Checkpoint
RP97: 3/18/2010 8:17:09 AM - Avg8 Update
RP98: 3/18/2010 8:17:53 AM - Avg8 Update
RP99: 3/19/2010 9:35:43 AM - System Checkpoint
RP100: 3/20/2010 10:46:13 AM - System Checkpoint
RP101: 3/21/2010 11:53:02 AM - System Checkpoint
RP102: 3/22/2010 11:57:07 AM - System Checkpoint
RP103: 3/23/2010 2:57:07 PM - System Checkpoint
RP104: 3/24/2010 5:59:15 PM - System Checkpoint
RP105: 3/25/2010 7:07:34 PM - System Checkpoint
RP106: 3/26/2010 7:31:34 PM - System Checkpoint
RP107: 3/27/2010 9:07:35 PM - System Checkpoint
RP108: 3/28/2010 10:31:35 PM - System Checkpoint
RP109: 3/29/2010 11:31:35 PM - System Checkpoint
RP110: 3/31/2010 12:31:34 AM - System Checkpoint
RP111: 3/31/2010 3:00:11 AM - Software Distribution Service 3.0
RP112: 4/1/2010 3:56:57 AM - System Checkpoint
RP113: 4/2/2010 3:56:57 AM - System Checkpoint
RP114: 4/3/2010 4:56:57 AM - System Checkpoint
RP115: 4/4/2010 5:20:57 AM - System Checkpoint
RP116: 4/5/2010 6:20:57 AM - System Checkpoint
RP117: 4/6/2010 7:20:58 AM - System Checkpoint
RP118: 4/7/2010 7:21:01 AM - System Checkpoint
RP119: 4/8/2010 8:21:03 AM - System Checkpoint
RP120: 4/9/2010 10:21:03 AM - System Checkpoint
RP121: 4/11/2010 4:12:59 PM - System Checkpoint
RP122: 4/12/2010 5:02:29 PM - System Checkpoint
RP123: 4/13/2010 6:02:29 PM - System Checkpoint
RP124: 4/14/2010 6:07:52 PM - System Checkpoint
RP125: 4/15/2010 3:00:19 AM - Software Distribution Service 3.0
RP126: 4/16/2010 3:26:38 AM - System Checkpoint
RP127: 4/17/2010 5:26:38 AM - System Checkpoint
RP128: 4/18/2010 5:34:24 AM - System Checkpoint
RP129: 4/19/2010 6:58:24 AM - System Checkpoint
RP130: 4/20/2010 6:58:31 AM - System Checkpoint
RP131: 4/21/2010 7:58:31 AM - System Checkpoint
RP132: 4/22/2010 7:58:31 AM - System Checkpoint
RP133: 4/23/2010 9:55:53 AM - System Checkpoint
RP134: 4/24/2010 11:58:15 PM - System Checkpoint
RP135: 4/26/2010 12:57:54 AM - System Checkpoint
RP136: 4/27/2010 1:57:54 AM - System Checkpoint
RP137: 4/28/2010 1:57:55 AM - System Checkpoint
RP138: 4/29/2010 2:57:54 AM - System Checkpoint
RP139: 4/30/2010 3:59:13 AM - System Checkpoint
RP140: 4/30/2010 9:22:42 AM - Avg8 Update
RP141: 5/1/2010 10:21:55 AM - System Checkpoint
RP142: 5/2/2010 10:58:25 AM - System Checkpoint
RP143: 5/3/2010 3:22:01 PM - System Checkpoint
RP144: 5/4/2010 5:10:01 PM - System Checkpoint
RP145: 5/5/2010 5:58:00 PM - System Checkpoint
RP146: 5/6/2010 6:58:01 PM - System Checkpoint
RP147: 5/8/2010 12:47:08 PM - System Checkpoint
RP148: 5/9/2010 1:36:55 PM - System Checkpoint
RP149: 5/11/2010 12:23:32 AM - System Checkpoint
RP150: 5/12/2010 1:44:18 AM - System Checkpoint
RP151: 5/12/2010 3:00:14 AM - Software Distribution Service 3.0
RP152: 5/13/2010 3:08:18 AM - System Checkpoint
RP153: 5/14/2010 3:08:18 AM - System Checkpoint
RP154: 5/15/2010 4:08:18 AM - System Checkpoint
RP155: 5/16/2010 5:08:18 AM - System Checkpoint
RP156: 5/17/2010 5:08:23 AM - System Checkpoint
RP157: 5/18/2010 6:56:23 AM - System Checkpoint
RP158: 5/19/2010 7:44:23 AM - System Checkpoint
RP159: 5/20/2010 8:44:23 AM - System Checkpoint
RP160: 5/21/2010 7:57:34 PM - System Checkpoint
RP161: 5/22/2010 8:32:01 PM - System Checkpoint
RP162: 5/24/2010 12:57:07 PM - System Checkpoint
RP163: 5/25/2010 3:11:39 PM - System Checkpoint
RP164: 5/26/2010 6:11:39 PM - System Checkpoint
RP165: 5/27/2010 3:00:11 AM - Software Distribution Service 3.0
RP166: 5/28/2010 3:35:38 AM - System Checkpoint
RP167: 5/29/2010 4:11:38 AM - System Checkpoint
RP168: 5/30/2010 5:11:01 AM - System Checkpoint
RP169: 5/31/2010 5:56:45 AM - System Checkpoint
RP170: 6/1/2010 6:56:45 AM - System Checkpoint
RP171: 6/2/2010 7:20:45 AM - System Checkpoint
RP172: 6/3/2010 7:56:45 AM - System Checkpoint
RP173: 6/4/2010 9:56:45 AM - System Checkpoint
RP174: 6/5/2010 11:32:45 AM - System Checkpoint
RP175: 6/6/2010 11:59:02 AM - System Checkpoint
RP176: 6/7/2010 3:20:54 PM - System Checkpoint
RP177: 6/8/2010 5:44:54 PM - System Checkpoint
RP178: 6/9/2010 5:54:35 PM - System Checkpoint
RP179: 6/10/2010 6:05:37 PM - System Checkpoint
RP180: 6/11/2010 3:00:38 AM - Software Distribution Service 3.0
RP181: 6/13/2010 1:54:13 PM - System Checkpoint
RP182: 6/14/2010 2:27:48 PM - System Checkpoint
RP183: 6/15/2010 3:59:25 PM - System Checkpoint
RP184: 6/16/2010 5:58:12 PM - System Checkpoint
RP185: 6/17/2010 6:39:47 PM - System Checkpoint
RP186: 6/19/2010 11:17:30 AM - System Checkpoint
RP187: 6/20/2010 2:35:18 PM - System Checkpoint
RP188: 6/21/2010 3:49:02 PM - System Checkpoint
RP189: 6/22/2010 4:07:20 PM - System Checkpoint
RP190: 6/23/2010 4:09:26 PM - System Checkpoint
RP191: 6/24/2010 4:47:27 PM - System Checkpoint
RP192: 6/26/2010 6:16:07 AM - System Checkpoint
RP193: 6/27/2010 6:58:14 AM - System Checkpoint
RP194: 6/28/2010 10:20:17 AM - System Checkpoint
RP195: 6/30/2010 6:35:04 AM - System Checkpoint
RP196: 6/30/2010 11:56:06 AM - Installed Turbo Lister 2.
RP197: 7/1/2010 12:08:45 PM - System Checkpoint
RP198: 7/2/2010 1:08:43 PM - System Checkpoint
RP199: 7/3/2010 2:32:36 PM - System Checkpoint
RP200: 7/4/2010 3:00:07 PM - System Checkpoint
RP201: 7/9/2010 7:37:10 AM - Avg8 Update
RP202: 7/12/2010 10:41:46 AM - Avg8 Update
RP203: 7/12/2010 10:43:40 AM - Avg8 Update

==== Installed Programs ======================

1300
1300_Help
1300Tour
1300Trb
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AiO_Scan
AIOMinimal
AiOSoftware
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
Copy
CreativeProjects
Digital Line Detect
Director
DocProc
Fax
FlipShare
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpmdtab
HPSystemDiagnostics
InstantShare
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 18
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MLB.TV NexDef Plug-in
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Overland
PhotoGallery
PrintScreen
QFolder
QuickProjects
Readme
Rhapsody
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SigmaTel Audio
SkinsHP1
SkinsHP2
TrayApp
Turbo Lister 2
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows XP Service Pack 3

==== End Of File ===========================
 
DDS (Ver_10-03-17.01) - NTFSx86
Run by garth at 15:35:31.18 on Mon 07/12/2010
Internet Explorer: 8.0.6001.18702
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\garth\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\garth\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://lms.aa.com/sumtotal/nas/wbt/m/m2/cab/awswaxd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-07-12 20:24:36 0 d-sha-r- C:\cmdcons
2010-07-12 17:23:44 98816 ----a-w- c:\windows\sed.exe
2010-07-12 17:23:44 77312 ----a-w- c:\windows\MBR.exe
2010-07-12 17:23:44 256512 ----a-w- c:\windows\PEV.exe
2010-07-12 17:23:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-30 16:57:37 0 d-----w- c:\program files\eBay
2010-06-30 16:57:37 0 d-----w- c:\documents and settings\all users\eBay
2010-06-21 17:12:31 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb1164ef13cc48.mof
2010-06-16 21:38:44 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-06-16 21:38:42 49152 ----a-r- c:\windows\system32\inetwh32.dll

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-12-23 13:18:58 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-12-23 13:18:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121420091221\index.dat
2009-12-23 13:18:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122320091224\index.dat

============= FINISH: 15:35:37.98 ===============
 
Hi,

Please copy ComboFix.exe file to your desktop.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Get update 9.3.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
ComboFix 10-07-12.02 - garth 07/12/2010 16:32:36.3.2 - x86
Running from: c:\documents and settings\garth\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\garth\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-12 15:43 . 2010-03-18 13:17 2068320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-07-12 15:43 . 2010-03-18 13:17 3535200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2010-07-12 15:43 . 2010-03-18 13:17 2046816 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2010-07-12 15:42 . 2010-07-09 12:37 1146208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-07-12 15:34 . 2010-07-12 15:34 69232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 16:57 . 2010-06-30 16:57 -------- d-----w- c:\program files\eBay
2010-06-30 16:57 . 2010-06-30 16:57 -------- d-----w- c:\documents and settings\All Users\eBay
2010-06-23 10:02 . 2010-06-23 10:02 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb71.tmp.exe
2010-06-16 21:38 . 2010-06-16 21:38 1044480 ----a-r- c:\windows\system32\roboex32.dll
2010-06-16 21:38 . 2010-06-16 21:38 49152 ----a-r- c:\windows\system32\inetwh32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 08:08 . 2009-12-19 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31038\AcrobatUpdater.exe
2010-05-26 12:38 . 2010-05-26 12:38 61440 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52464cb2-n\decora-sse.dll
2010-05-26 12:38 . 2010-05-26 12:38 503808 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\msvcp71.dll
2010-05-26 12:38 . 2010-05-26 12:38 499712 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\jmc.dll
2010-05-26 12:38 . 2010-05-26 12:38 348160 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1096c170-n\msvcr71.dll
2010-05-26 12:38 . 2010-05-26 12:38 12800 ----a-w- c:\documents and settings\garth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-52464cb2-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-03 13:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-03 12:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-03 13:56 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-12_17.33.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-12 20:19 . 2010-07-12 20:19 16384 c:\windows\temp\Perflib_Perfdata_460.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-12 2048352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\garth\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\garth\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2010-4-6 802056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-12-19 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-20 13:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-12-19 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-12-20 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-12-19 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-12-20 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-12-20 297752]

.
Contents of the 'Scheduled Tasks' folder

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:03]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 16:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2660)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-07-12 16:36:48
ComboFix-quarantined-files.txt 2010-07-12 21:36
ComboFix2.txt 2010-07-12 20:29
ComboFix3.txt 2010-07-12 17:37

Pre-Run: 120,848,531,456 bytes free
Post-Run: 120,848,617,472 bytes free

- - End Of File - - CFB0FEB2B2B97B19A1554D2D40CF43C2
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 12, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 12, 2010 17:59:53
Records in database: 4228700
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 59233
Threats found: 4
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 01:43:50


File name / Threat / Threats count
C:\Documents and Settings\garth\Application Data\Sun\Java\Deployment\cache\6.0\21\29d9bb55-6297f2ff Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Documents and Settings\garth\Application Data\Sun\Java\Deployment\cache\6.0\22\27c3f96-164bc23d Infected: Exploit.Java.Agent.ar 1
C:\Documents and Settings\garth\Application Data\Sun\Java\Deployment\cache\6.0\22\27c3f96-164bc23d Infected: Exploit.Java.Agent.as 1
C:\Qoobox\Quarantine\C\Documents and Settings\garth\Local Settings\Application Data\litypkryu\geyjfhctssd.exe.vir Infected: Trojan.Win32.FraudPack.ayky 1
C:\System Volume Information\_restore{E17F2AEF-2C01-456F-8821-B2D0978F3A54}\RP203\A0014212.exe Infected: Trojan.Win32.FraudPack.ayky 1

Selected area has been scanned.
 
You must log in or register to reply here.
Back
Top