Can't Run Spybot or start any program even in safe mode.

S

Smithbro

New member
Hey Ken545 and everyone else. I downloaded Skype 3.8 on my older laptop from a link given to me by Skype and it killed my laptop. I was able to initially remove what I thought was everything with SB and Malwarebytes and it seemed to run fine for 2 days. Then this morning when booting up it came up with the stupid Police Pro, porn links, and Anti-Virus crap sites. Tried running safe-mode removals with my feeble mind and no progress. Thanks for being here! (Sending you this from my desktop)
 
Hi,

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
 
Thanks for getting back to me. But, I can't even get online! I think desote.exe is in there and won't let me start ANY programs. Again, I am contacting you through my desktop, my laptop is the problem... I am able to run in any of the choices of safe modes.
Rick
 
Hi,

Could you transfer files to your laptop by downloading them first on desktop pc?
 
Sure. Most likely you will have to walk me through the transfer though, i.e. burn to cd or direct wire.
Thanks
 
If you have removable USB drive then it can be used after treating it properly first.

1. Download Flash_Disinfector and save it to desktop of your clean system.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.

Then you can transfer the tools to the usb drive. Alternatively, you can burn the CD.
 
Do you have USB stick to which you can store the tools and copy to other system? Any friend there who can assist with transfer if you have problems with it?
 
Got SB SD running in safe mode!!!!!!!! Don't know how I did it but it's scanning and putting infected files in vault. I will wait on your next suggestion.......
 
Good :)

Next, let's see that tool transferring. Have you downloaded GMER and DDS to desktop of your clean computer yet?

If so, have flash drive plugged in and open it thru "my computer". Now just drag'n'drop those GMER and DDS files from desktop to that flash drive. Then you have to plug flash drive to your infected system and drag those tool files to its desktop. If all went well you should have those tools ready for run.

EDIT: Looks like you posted while I was writing :D:

Shall wait for the reports.
 
Ran GMER

GMER 1.0.15.15077 [gs0prxms.exe] - http://www.gmer.net
Rootkit scan 2009-09-09 16:01:01
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 84E559BE ZwEnumerateKey
Code 84E3EB2E ZwFlushInstructionCache
Code 84E3E0A5 IofCallDriver
Code 84EA082D IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 84E3E0AA
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 84EA0832
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 84E559C2
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 84E3EB32

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WININET.dll!HttpAddRequestHeadersA 3D94CF40 5 Bytes JMP 00FD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 010D000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D529A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D527E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D527C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D527A0
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D000A
.text C:\WINDOWS\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0067000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WININET.dll!HttpAddRequestHeadersA 3D94CF40 5 Bytes JMP 00FE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 010D000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D929A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D927E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D927C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1052] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D927A0
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0069000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1332] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D529A0 \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1332] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D527E0 \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D527C0 \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
.text C:\WINDOWS\system32\ctfmon.exe[1412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0091000A
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B9000A
.text C:\Program Files\AVG\AVG8\avgui.exe[1852] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CE000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\Iexplore.exe[1052] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\SKYNETfpfvkloo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [316] 0x10000000
Library \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [316] 0x00F30000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [828] 0x03350000
Library \\?\globalroot\systemroot\system32\UACavkhfiurrl.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [828] 0x037E0000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [940] 0x00940000
Library \\?\globalroot\systemroot\system32\SKYNETfpfvkloo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1052] 0x10000000
Library \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1052] 0x00F40000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1128] 0x00940000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1228] 0x00980000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1324] 0x00840000
Library \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [1332] 0x00D40000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETqaqgkvrn.sys (*** hidden *** ) [SYSTEM] SKYNETwruwpuhr <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACbqwbrnkvdu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr@imagepath \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main@aid 10096
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNETcmd.dll \systemroot\system32\SKYNETpetymoto.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNETlog.dat \systemroot\system32\SKYNETirrfuirw.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbwnlghon.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETwruwpuhr\modules@SKYNET.dat \systemroot\system32\SKYNETipgvitud.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACossfodjeuo.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACwqvpoamkwb.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACavkhfiurrl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr@imagepath \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main\injector@* SKYNETwsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETcmd.dll \systemroot\system32\SKYNETpetymoto.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETlog.dat \systemroot\system32\SKYNETirrfuirw.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbwnlghon.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNET.dat \systemroot\system32\SKYNETipgvitud.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwruwpuhr\modules@SKYNETwsp8.dll \systemroot\system32\SKYNETfpfvkloo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACossfodjeuo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACwqvpoamkwb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACavkhfiurrl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr@imagepath \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETqaqgkvrn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNETcmd.dll \systemroot\system32\SKYNETpetymoto.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNETlog.dat \systemroot\system32\SKYNETirrfuirw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbwnlghon.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETwruwpuhr\modules@SKYNET.dat \systemroot\system32\SKYNETipgvitud.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACbqwbrnkvdu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACossfodjeuo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAClidqiqmkto.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACwqvpoamkwb.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacav \\?\globalroot\systemroot\system32\UACavkhfiurrl.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.5@ UAAddressBookBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.5\CLSID@ {C0E10003-001C-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.5@ UAButton Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.5\CLSID@ {C0E10003-0007-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.5@ UACheckBox Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.5\CLSID@ {C0E10003-0013-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.5@ UADropDown Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.5\CLSID@ {C0E10003-000A-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.5@ UAEdit Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.5\CLSID@ {C0E10003-0023-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.5@ UAGalleryBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.5\CLSID@ {C0E10003-0010-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.5@ UAGallery Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.5\CLSID@ {C0E10003-0019-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.5@ UAGraphicDropDown Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.5\CLSID@ {C0E10003-0026-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.5@ UAHelp Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.5\CLSID@ {C0E10003-002F-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.5@ UAPartsList Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.5\CLSID@ {C0E10003-000D-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.5@ UARadioButton Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.5\CLSID@ {C0E10003-0016-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.5@ UAScrapBookBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.5\CLSID@ {C0E10003-001F-0005-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.5
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.5@ UAText Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.5\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.5\CLSID@ {C0E10003-002C-0005-C0E1-C0E1C0E1C0E1}

---- Files - GMER 1.0.15 ----

File C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr 4096 bytes executable
File C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj\QuickTimeImageLocalized.qtr 22528 bytes executable

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Administrator at 16:08:44.10 on Wed 09/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.103 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\gs0prxms.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: ICQSys (IE PlugIn): {76dc0b63-1533-4ba9-8be8-d59eb676fa02} - c:\windows\system32\dddesot.dll
BHO: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: urssq - c:\windows\system32\urssq.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ei2u9tij.default\
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
S2 AntipPro2009_100;AntipyProex;c:\windows\svchasts.exe --> c:\windows\svchasts.exe [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-29 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]

=============== Created Last 30 ================

2009-09-09 14:10 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE
2009-09-07 21:11 <DIR> --dsh--- c:\documents and settings\administrator\IETldCache
2009-09-07 12:47 <DIR> --d----- c:\documents and settings\administrator\WINDOWS
2009-09-07 12:47 <DIR> --d----- c:\documents and settings\Administrator
2009-09-07 10:01 4 a------- c:\windows\system32\bincd32.dat
2009-09-07 09:31 <DIR> --d----- c:\program files\Protection System
2009-09-07 09:19 1,382 a------- c:\windows\system32\onhelp.htm
2009-09-07 09:03 58 a------- c:\windows\ppp4.dat
2009-09-07 09:03 1 a------- c:\windows\ppp3.dat
2009-09-07 09:03 87 a------- c:\windows\system32\sonhelp.htm
2009-09-07 09:03 36 a------- c:\windows\system32\sysnet.dat
2009-09-07 09:03 9 a------- c:\windows\system32\bennuar.old
2009-09-07 09:03 <DIR> --d----- c:\program files\Windows Police Pro
2009-09-05 23:47 <DIR> --d----- c:\program files\KnightHop
2009-09-05 23:32 <DIR> --d----- c:\program files\Safer Networking
2009-08-28 21:11 4,658,584 a----r-- c:\windows\system32\drivers\lvuvc.sys
2009-08-12 13:11 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 13:11 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-11 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Borland
2009-08-11 10:42 336,896 a------- c:\windows\system32\iehelpmod.dll
2009-08-11 10:42 <DIR> --d----- c:\program files\common files\TSCUninstall
2009-08-11 10:42 <DIR> --d----- c:\program files\TSC

==================== Find3M ====================

2009-09-05 18:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 18:32 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-16 15:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 15:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 12:21 4,874,240 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2005-11-22 21:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2005-12-21 14:56 332,209 a--sh--- c:\windows\system32\qssru.bak1
2007-08-27 20:45 1,542,380 a--sh--- c:\windows\system32\qssru.bak2

============= FINISH: 16:10:40.05 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2005 4:15:02 AM
System Uptime: 9/9/2009 2:08:05 PM (2 hours ago)

Motherboard: Quanta Computer | | Inspiron 1000
Processor: Mobile Intel(R) Celeron(R) CPU 2.20GHz | Socket 478/423 | 2191/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 35 GiB total, 24.714 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.5
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i850
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP450
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Digital Jukebox Driver
Dell System Restore
Easy-WebPrint
Get High Speed Internet!
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Knight Hop v1.0
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Publisher for Windows 95
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.0
Modem Helper
Modem on Hold
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.13)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Olympus Digital Wave Player
Overland
Palm Desktop
PowerDVD 5.1
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy
TweetDeck
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Police Pro
Windows XP Service Pack 3
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

9/7/2009 12:37:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/7/2009 11:17:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/7/2009 11:05:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/7/2009 11:05:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2009 8:44:01 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/5/2009 8:40:43 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
9/5/2009 6:33:23 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/2/2009 9:09:30 AM, error: System Error [1003] - Error code 100000d1, parameter1 e1c53000, parameter2 00000002, parameter3 00000000, parameter4 f1956e85.

==== End Of File ===========================
 
AVG Scan in C:

AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.401, engine 8.0.408
Virus Database: Version 270.13.82/2351 2009-09-07

\\?\globalroot\systemroot\system32\UAClidqiqmkto.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\SYSTEM32\svchost.exe (1128) Virus found Win32/Cryptor Object was moved to Virus Vault.
\\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\Program Files\Internet Explorer\iexplore.exe (1372) Virus found Win32/Cryptor Object was moved to Virus Vault.
\\?\globalroot\systemroot\system32\UACcmhqkmiteo.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\Program Files\Internet Explorer\iexplore.exe (1332) Virus found Win32/Cryptor Object was moved to Virus Vault.
\\?\globalroot\systemroot\system32\UAClidqiqmkto.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\Program Files\Mozilla Firefox\firefox.exe (564) Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\system32\desote.exe Adware Generic4.LPF Object was moved to Virus Vault.
HKCR\exefile\shell\open\command\\ Found registry key with reference to file C:\WINDOWS\system32\desote.exe Object was healed.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ei2u9tij.default\parent.lock Locked file. Not tested.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ei2u9tij.default\places.sqlite-journal Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{37C083A2-9D6D-11DE-92EC-001CDFA04829}.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{37C083A3-9D6D-11DE-92EC-001CDFA04829}.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Temp\etilqs_bITnZHdJcn5blfFU2dcV Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll.dmp Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\Prefetch\layout.ini Locked file. Not tested.
C:\WINDOWS\svchasts.exe Potentially harmful program Fake_AntiSpyware.DFZ Object was moved to Virus Vault.
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SAM Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Locked file. Not tested.
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Locked file. Not tested.
C:\WINDOWS\SYSTEM32\dddesot.dll Trojan horse BHO.JOM Object was moved to Virus Vault.
C:\WINDOWS\SYSTEM32\wscsvc32.exe Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\Temp\Installer.exe Virus found Win32/Cryptor Object was moved to Virus Vault.

------------------------------------------------------------
Objects scanned : 186349
Found infections : 11
Found PUPs : 2
Healed infections : 11
Healed PUPs : 2
Warnings : 0
------------------------------------------------------------
 
Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.


Since you have Malwarebytes' Anti-Malware installed there, update its definitions and run a full scan with it. Post back the report.
 
ComboFix Log

ComboFix 09-09-09.09 - Rick 09/10/2009 13:17.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.259 [GMT -4:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\anan.ban
c:\documents and settings\All Users\Documents\duzejyhyd.bin
c:\documents and settings\Rick\Application Data\acahysuxum.dl
c:\documents and settings\Rick\Application Data\yvudopuz.bin
c:\documents and settings\Rick\Cookies\awokewice._dl
c:\documents and settings\Rick\Cookies\odebaxive.scr
c:\documents and settings\Rick\Cookies\zimukewo.dl
c:\documents and settings\Rick\Local Settings\Application Data\ezefaxulen.scr
c:\documents and settings\Rick\Local Settings\Application Data\kivytiw.bin
c:\documents and settings\Rick\Local Settings\Temporary Internet Files\ubobapym._sy
c:\documents and settings\Rick\Local Settings\Temporary Internet Files\vuzybawemi._dl
c:\documents and settings\Rick\My Documents\ZbThumbnail.info
c:\documents and settings\Rick\Uhaul .wps
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\recycler\NPROTECT
c:\windows\asiboqi.exe
c:\windows\epikosuvyv.vbs
c:\windows\huborow.scr
c:\windows\nake.reg
c:\windows\okix.bat
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\auprpbpa.ini
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll
c:\windows\system32\ewiqkywj.ini
c:\windows\SYSTEM32\ieHElpmod.dll
c:\windows\system32\isezit.reg
c:\windows\system32\nizoluw.sys
c:\windows\system32\onhelp.htm
c:\windows\SYSTEM32\qssru.bak1
c:\windows\SYSTEM32\qssru.bak2
c:\windows\SYSTEM32\qssru.ini
c:\windows\system32\rihamudoj.vbs
c:\windows\system32\SKYNETipgvitud.dat
c:\windows\system32\SKYNETirrfuirw.dat
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\wisdstr.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\tygyf.dl
c:\windows\vonozofyto.scr
c:\windows\yvamydu.pif

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPPRO2009_100
-------\Legacy_SKYNETwruwpuhr
-------\Legacy_UACd.sys
-------\Service_AntipPro2009_100
-------\Service_SKYNETwruwpuhr
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 14:55 . 2009-09-10 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-10 05:37 . 2009-09-10 05:37 13577 ----a-w- c:\windows\fukaxoki.com
2009-09-10 05:37 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 05:29 . 2009-09-10 05:39 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-10 05:19 . 2009-09-10 05:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-09 19:19 . 2009-09-09 19:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-09-09 18:19 . 2009-09-09 18:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-09 18:10 . 2009-09-09 18:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-08 01:11 . 2009-09-08 01:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-06 03:56 . 2009-09-06 03:56 -------- d-----w- c:\documents and settings\Rick\Application Data\Safer Networking
2009-09-06 03:47 . 2009-09-10 15:17 -------- d-----w- c:\program files\KnightHop
2009-09-06 03:32 . 2009-09-06 03:35 -------- d-----w- c:\program files\Safer Networking
2009-09-04 12:39 . 2009-09-04 12:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-01 13:45 . 2009-09-01 13:45 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Downloaded Installations
2009-08-29 01:11 . 2008-07-26 15:26 4658584 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2009-08-29 01:11 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-08-29 01:11 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-29 01:11 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll
2009-08-29 01:11 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll
2009-08-29 01:11 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-29 01:11 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-29 01:11 . 2008-07-26 15:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2009-08-29 00:58 . 2009-09-01 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-08-29 00:58 . 2009-08-29 01:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-08-29 00:58 . 2009-08-29 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-08-12 17:11 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 02:19 . 2009-08-12 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland
2009-08-11 22:33 . 2009-08-11 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-11 22:29 . 2009-08-11 22:29 -------- d-----w- c:\documents and settings\Owner\LOCALS~1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 00:34 . 2009-01-25 19:49 -------- d-----w- c:\documents and settings\Rick\Application Data\skypePM
2009-09-05 22:33 . 2009-08-29 01:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 22:32 . 2009-08-29 01:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-04 03:04 . 2009-01-25 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-04 00:24 . 2009-08-11 14:42 -------- d-----w- c:\program files\TSC
2009-09-01 13:45 . 2005-12-12 23:14 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-29 00:58 . 2005-12-12 23:14 -------- d-----w- c:\program files\Logitech
2009-08-16 19:50 . 2008-12-29 04:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 19:50 . 2008-12-29 04:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 19:50 . 2008-12-29 04:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-13 15:25 . 2009-06-12 18:53 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-13 14:58 . 2009-01-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 02:55 . 2005-02-09 02:11 66864 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 14:42 . 2009-08-11 14:42 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 02:09 . 2005-12-26 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 04:08 . 2004-10-06 03:40 -------- d-----w- c:\program files\MUSICMATCH
2009-07-24 04:08 . 2004-10-06 03:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 03:09 . 2009-07-24 03:09 -------- d-----w- c:\documents and settings\Rick\Application Data\Amazon
2009-07-24 03:06 . 2009-07-24 03:06 -------- d-----w- c:\program files\Amazon
2009-07-22 11:58 . 2009-07-22 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-22 02:34 . 2009-07-22 02:34 -------- d-----w- c:\program files\NOS
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 10:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 15:27 . 2009-06-18 23:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-18 23:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2005-11-23 01:08 . 2005-10-02 12:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-02 155648]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-12 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-11-19 88363]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

c:\documents and settings\Rick\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-2-8 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-20 118784]
Utility Tray.lnk - c:\windows\SYSTEM32\sistray.exe [2004-10-5 335872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:50 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135649015\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/29/2008 12:56 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/29/2008 12:56 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/29/2008 12:55 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/29/2008 12:55 AM 297752]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-urssq - c:\windows\system32\urssq.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 13:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-10 13:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 17:37

Pre-Run: 25,879,330,816 bytes free
Post-Run: 26,435,260,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30

326 --- E O F --- 2009-09-10 07:09
 
Shall wait for Malwarebytes' Anti-Malware report & fresh dds log before giving further instructions :)
 
Fresh Logs

Malwarebytes' Anti-Malware 1.38
Database version: 2306
Windows 5.1.2600 Service Pack 3

9/10/2009 5:29:49 PM
mbam-log-2009-09-10 (17-29-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138993
Time elapsed: 1 hour(s), 17 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP2\A0001006.dll (Trojan.TDSS) -> No action taken.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rick at 17:49:18.95 on Thu 09/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.106 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - No File
BHO: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
StartupFolder: c:\documents and settings\rick\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rick\applic~1\mozilla\firefox\profiles\ziv3fga5.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc838.mail.yahoo.com/mc/welcome?action=&YY=1714853569&ymv=0&noFlush&mcrumb=Fke9xVmcaVv#_pg=showFolder&fid=Inbox&order=down&tt=7&pSize=25&ymv=0&.rand=1491067721&.jsrand=8429800
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-29 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-29 297752]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]

=============== Created Last 30 ================

2009-09-10 13:15 <DIR> a-dshr-- C:\cmdcons
2009-09-10 13:14 230,912 a------- c:\windows\PEV.exe
2009-09-10 13:14 161,792 a------- c:\windows\SWREG.exe
2009-09-10 13:14 98,816 a------- c:\windows\sed.exe
2009-09-10 03:08 671 a------- c:\windows\system32\MRT.INI
2009-09-10 01:37 17,869 a------- c:\windows\ymate.lib
2009-09-10 01:37 15,610 a------- c:\windows\system32\abywaduk.lib
2009-09-10 01:37 13,577 a------- c:\windows\fukaxoki.com
2009-09-10 01:37 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-10 01:29 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-09-05 23:56 <DIR> --d----- c:\docume~1\rick\applic~1\Safer Networking
2009-09-05 23:47 <DIR> --d----- c:\program files\KnightHop
2009-09-05 23:32 <DIR> --d----- c:\program files\Safer Networking
2009-08-28 21:11 4,658,584 a----r-- c:\windows\system32\drivers\lvuvc.sys
2009-08-12 13:11 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 13:11 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-11 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Borland

==================== Find3M ====================

2009-09-05 18:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-09-05 18:32 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-08-16 15:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 15:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 12:21 4,874,240 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2005-11-22 21:08 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:50:36.21 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2005 4:15:02 AM
System Uptime: 9/10/2009 5:36:06 PM (0 hours ago)

Motherboard: Quanta Computer | | Inspiron 1000
Processor: Mobile Intel(R) Celeron(R) CPU 2.20GHz | Socket 478/423 | 2191/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 35 GiB total, 24.641 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/10/2009 2:01:02 AM - System Checkpoint
RP2: 9/10/2009 3:00:23 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.5
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i850
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP450
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dell Digital Jukebox Driver
Dell System Restore
Easy-WebPrint
Get High Speed Internet!
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Publisher for Windows 95
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.0
Modem Helper
Modem on Hold
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.14)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Olympus Digital Wave Player
Overland
Palm Desktop
PowerDVD 5.1
QuickBooks Pro Edition 2003
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy
TweetDeck
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Police Pro
Windows XP Service Pack 3
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

9/7/2009 12:37:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/7/2009 11:17:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
9/7/2009 11:05:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 11:05:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/7/2009 11:05:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2009 8:45:00 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/5/2009 8:40:43 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
9/5/2009 6:33:23 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
9/5/2009 6:33:23 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/10/2009 11:06:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 Beep cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/10/2009 11:04:29 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/10/2009 1:31:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
9/10/2009 1:23:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/10/2009 1:23:07 AM, error: Service Control Manager [7000] - The AntipyProex service failed to start due to the following error: The system cannot find the file specified.
9/10/2009 1:16:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/10/2009 1:13:42 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 
Thanks Blade for your help! Question: Am I supposed to delete and dump the infected files when Malwarebytes finds them (I have been doing this)? AVG has also been popping up with it's Resident Shield too with infections (dumped that too)....... The posted logs shown are after above processes. ;-)
 
You must log in or register to reply here.
Back
Top