"Malware Defense" infection

spot812 · Jan 25, 2010

I am trying to remove a "Malware Defense" infection on my son's computer. I have used the Remove Malware Defense (Uninstall Guide) process posted at wwww.bleepingcomputer.com. This process used rkill.exe and Malwarebytes' Anti-Malware v.1.44. It seems to have fixed most of the problems. I have since run SpybotS&D and AVG antivirus software but still have two issues that I can't get rid of. Both of these issues occur at every boot. They are: 1) hpqthb08.exe-application Error
the application failed to initialize properly (0xc0000135). click on OK to terminate the application.

And
2) HP Quick Play Resident Program
HP Quick Play Resident Program has encountered a problem and needs to close.

Error signature:
AppName: qpservice.exe AppVer: 4.5.0.1 ModName: ntdll.dll
ModVer 5.1.2600.5755 Offset: 00108d3

I have backed up the registry with ERUNT and have run HijackThis. The log follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:21 PM, on 1/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7820 bytes

Please help. :sad:

Blade81 · Jan 29, 2010

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

spot812 · Jan 31, 2010

Dds and gmer logs

Here are the DDS and GMER ouput text requested. A second DDS file was created named "Attached" however, it had instuctions to: "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT". I have saved the file, but have not included it here.

DDS OUTPUT--------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Adam Friese2 at 19:26:59.06 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.457 [GMT -6:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgupd.exe
C:\Documents and Settings\Adam Friese2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-1-24 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-1-24 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-24 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-24 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-24 360584]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-24 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-1-24 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-1-24 5832712]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-1-24 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-1-24 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-1-24 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]

=============== Created Last 30 ================

==================== Find3M ====================

2010-01-27 01:45:17 156553 ----a-w- c:\windows\hphins26.dat
2010-01-21 06:17:12 2100 ------w- c:\docume~1\adamfr~2\applic~1\wklnhst.dat
2010-01-21 04:22:55 1645320 ------w- c:\windows\system32\gdiplus.dll
2010-01-14 05:30:08 34380 ------w- c:\windows\system32\emptyregdb.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2008-10-22 18:40:49 19712 ------w- c:\program files\common files\yheke.pif
2006-10-16 22:24:00 22 --sh--w- c:\windows\sminst\HPCD.sys

============= FINISH: 19:28:07.19 ===============

END DDS OUTPUT-------------------------------------------------------------------------------------------------------------------

GMER LOG OUTPUT------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-30 23:11:54
Windows 5.1.2600 Service Pack 3
Running: nl7hx9d9.exe; Driver: C:\DOCUME~1\ADAMFR~2\LOCALS~1\Temp\pxtdrpoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF794B470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF794B520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF794B5C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF794B660]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6813EBF]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2192] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTxqptxbcnta.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTxqptxbcnta.sys
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTwjryqgvgko.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTjdxsafjhyk.dat
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTuvqekcrylj.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTuuwvngkalt.dll
Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTpekhnoukug.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTxqptxbcnta.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTxqptxbcnta.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTwjryqgvgko.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTjdxsafjhyk.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTuvqekcrylj.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTuuwvngkalt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTpekhnoukug.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTxqptxbcnta.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTxqptxbcnta.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTwjryqgvgko.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTjdxsafjhyk.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTuvqekcrylj.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTuuwvngkalt.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTpekhnoukug.dll

---- EOF - GMER 1.0.15 ----

END GMER OUTPUT-------------------------------------------------------------------------------------------------------------

Blade81 · Jan 31, 2010

A second DDS file was created named "Attached" however, it had instuctions to: "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT". I have saved the file, but have not included it here.

Hi,

Actually that other file was mentioned in my reply too

So, please post it.

spot812 · Feb 1, 2010

"Attached" log

Please excuse me for being a moron

:
Here's the missing log:

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/13/2010 11:39:45 PM
System Uptime: 1/30/2010 7:18:45 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 309B
Processor: AMD Turion(tm) 64 Mobile Technology ML-34 | U23 | 1794/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 61 GiB total, 26.343 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/17/2010 3:26:43 PM - System Checkpoint
RP2: 1/17/2010 7:42:58 PM - Configured Customer Experience Enhancement
RP3: 1/17/2010 8:58:26 PM - Software Distribution Service 3.0
RP4: 1/19/2010 11:07:32 PM - Removed Microsoft .NET Framework 1.1
RP5: 1/20/2010 3:00:18 AM - Software Distribution Service 3.0
RP6: 1/20/2010 6:54:24 AM - Installed Windows Internet Explorer 8.
RP7: 1/20/2010 8:20:40 AM - Installed Windows Internet Explorer 8.
RP8: 1/20/2010 10:29:52 PM - Software Distribution Service 3.0
RP9: 1/20/2010 10:47:39 PM - Installed HP Help and Support
RP10: 1/20/2010 10:50:57 PM - Software Distribution Service 3.0
RP11: 1/21/2010 12:48:48 AM - Software Distribution Service 3.0
RP12: 1/23/2010 5:39:07 PM - System Checkpoint
RP13: 1/23/2010 6:16:38 PM - Software Distribution Service 3.0
RP14: 1/23/2010 6:29:12 PM - Software Distribution Service 3.0
RP15: 1/23/2010 8:20:21 PM - Software Distribution Service 3.0
RP16: 1/23/2010 10:04:24 PM - Software Distribution Service 3.0
RP17: 1/24/2010 1:41:34 AM - Installed AVG 9.0
RP18: 1/24/2010 4:08:01 PM - Installed AVG 9.0
RP19: 1/26/2010 6:52:02 PM - Avg8 Update
RP20: 1/28/2010 12:20:59 AM - System Checkpoint
RP21: 1/30/2010 7:24:38 PM - Avg8 Update

==== Installed Programs ======================

5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG 9.0
Bejeweled 2 Deluxe (remove only)
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
BufferChm
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant AC-Link Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
D1500
D1500_Help
Destinations
DeviceDiscovery
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
Easy Internet Sign-up
ERUNT 1.1j
ESPNMotion
eSupportQFolder
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
GemMaster Mystic
GPBaseService
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP BatteryCheck 2.10 A2
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Photosmart Premier Software 6.0
HP Product Detection
HP QuickPlay 2.0
HP Rhapsody
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HP User Guides--System Recovery
HP User Guides 0026
HP Wireless Assistant 2.00 C1
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.56.1
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
Netscape Browser (remove only)
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OptionalContentQFolder
Otto
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
PSSWCORE
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 G1
Quicken 2006
RandMap
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shop for HP Supplies
SkinsHP1
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
SmartWebPrintingOC
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy
Status
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
TrayApp
Unload
UnloadSupport
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
Wireless Home Network Setup
Yahoo! Toolbar
Zuma Deluxe from Hewlett-Packard Laptops (remove only)

==== Event Viewer Messages From Past Week ========

1/25/2010 6:19:26 PM, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0014A5B01EEA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/24/2010 12:37:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/24/2010 12:26:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eabfiltr Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/24/2010 12:26:54 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2010 12:26:54 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2010 12:26:54 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2010 12:26:54 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/24/2010 12:26:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/24/2010 12:26:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/23/2010 6:14:37 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
1/23/2010 11:26:29 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
1/23/2010 11:25:06 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
1/23/2010 10:08:07 PM, error: Service Control Manager [7022] - The hpqwmiex service hung on starting.

==== End Of File ===========================

Blade81 · Feb 1, 2010

No harm done

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

spot812 · Feb 2, 2010

Post Combofix logs

Today's logs after running Combofix.

COMBOFIX LOG------------------------------------------------------------

ComboFix 10-02-01.02 - Adam Friese2 02/01/2010 23:19:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.527 [GMT -6:00]
Running from: c:\documents and settings\Adam Friese2\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Adam Friese2\Application Data\alot
c:\documents and settings\Adam Friese2\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Adam Friese2\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Adam Friese2\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Adam Friese2\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Adam Friese2\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Adam Friese2\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Adam Friese2\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Adam Friese2\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Adam Friese2\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Adam Friese2\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Adam Friese2\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Adam Friese2\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Adam Friese2\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\products\products.xml
c:\documents and settings\Adam Friese2\Application Data\alot\products\products.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_2\images\default_1612_alot_widget_sudoku.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_2\images\default_1612_alot_widget_sudoku.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_3\images\default_1614_alot_online_games_simon.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_3\images\default_1614_alot_online_games_simon.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_4\images\default_1613_alot_online_games_tetriz.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_4\images\default_1613_alot_online_games_tetriz.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_5\images\default_1763_alot_generic_comment.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_5\images\default_1763_alot_generic_comment.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Button_6\images\2433_icon.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\alot_configure.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\alot_configure.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Adam Friese2\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Adam Friese2\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\toolbar.xml
c:\documents and settings\Adam Friese2\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Adam Friese2\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Adam Friese2\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Adam Friese2\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Adam Friese2\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Adam Friese2\Local Settings\Application Data\{E41F366E-E69B-46EF-9674-036D18C03764}
c:\documents and settings\Adam Friese2\Local Settings\Application Data\{E41F366E-E69B-46EF-9674-036D18C03764}\chrome.manifest
c:\documents and settings\Adam Friese2\Local Settings\Application Data\{E41F366E-E69B-46EF-9674-036D18C03764}\chrome\content\_cfg.js
c:\documents and settings\Adam Friese2\Local Settings\Application Data\{E41F366E-E69B-46EF-9674-036D18C03764}\chrome\content\overlay.xul
c:\documents and settings\Adam Friese2\Local Settings\Application Data\{E41F366E-E69B-46EF-9674-036D18C03764}\install.rdf
c:\documents and settings\All Users\Application Data\feholuty.vbs
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\recycler\S-1-5-21-0121240633-1238042236-866074614-8827
c:\recycler\S-1-5-21-0337553028-7218037948-620289963-2764
c:\recycler\S-1-5-21-0648457188-8642092426-616524393-7943
c:\recycler\S-1-5-21-0887935308-0083226857-561419785-1873
c:\recycler\S-1-5-21-1062838943-7971440413-367788941-2114
c:\recycler\S-1-5-21-1702599705-9549321032-076984884-2146
c:\recycler\S-1-5-21-1799342443-0622239729-865979641-8568
c:\recycler\S-1-5-21-1826807863-3741466468-1647171183-1005
c:\recycler\S-1-5-21-1826807863-3741466468-1647171183-1006
c:\recycler\S-1-5-21-1826807863-3741466468-1647171183-500
c:\recycler\S-1-5-21-1826807863-3741466468-1647171183-501
c:\recycler\S-1-5-21-2851871891-5124012748-716263261-8457
c:\recycler\S-1-5-21-2918727645-2106636115-284604746-0977
c:\recycler\S-1-5-21-3432977285-7108473533-895590097-8266
c:\recycler\S-1-5-21-3625180382-4405375017-259778560-0831
c:\recycler\S-1-5-21-3651006635-7184620377-936280790-6346
c:\recycler\S-1-5-21-4062326483-8920426921-530479364-9636
c:\recycler\S-1-5-21-4072357260-6202841117-221244061-8661
c:\recycler\S-1-5-21-4110169087-9530789168-287110321-1796
c:\recycler\S-1-5-21-4863069656-8014687372-095612897-2451
c:\recycler\S-1-5-21-5970272873-5979835394-137219298-4500
c:\recycler\S-1-5-21-6470327441-4024922985-252353363-9351
c:\recycler\S-1-5-21-7014368179-8504205144-016530771-6869
c:\recycler\S-1-5-21-7115525168-2296482486-371931973-8508
c:\recycler\S-1-5-21-7499709444-2721841636-837693300-9742
c:\recycler\S-1-5-21-7662747030-7916536727-949259400-5301
c:\recycler\S-1-5-21-7665854302-9512318739-172643681-9308
c:\recycler\S-1-5-21-7968574940-1418227404-908733884-2783
c:\recycler\S-1-5-21-8210031301-4275422637-508108229-0198
c:\recycler\S-1-5-21-8517687946-6573326925-153245585-8215
c:\recycler\S-1-5-21-8533248023-1922663829-974155295-1516
c:\recycler\S-1-5-21-8621351845-8245847323-960288194-1333
c:\recycler\S-1-5-21-8715478100-1887047128-429227363-9578
c:\recycler\S-1-5-21-8932646011-3604992222-691632798-2816
c:\recycler\S-1-5-21-9360786754-0600308570-745296726-3164
c:\recycler\S-1-5-21-9678701855-4708095266-706958102-9429
c:\recycler\S-1-5-21-9942216050-1928650284-186254437-4438
c:\windows\jigobesini.exe
c:\windows\kb913800.exe
c:\windows\nuhad._sy
c:\windows\system32\tmp.reg
c:\windows\system32\WORK.DAT
c:\windows\system32\wupd.dat
c:\windows\wofelimoqi.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-01 01:59 . 2010-02-01 02:02 23113 ----a-w- c:\windows\hpqins15.dat
2010-02-01 01:58 . 2010-02-01 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-02-01 01:54 . 2010-02-01 01:59 77352 ----a-w- c:\windows\hpqins05.dat
2010-02-01 01:44 . 2010-02-01 02:02 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\HpUpdate
2010-01-27 00:52 . 2010-01-24 22:08 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-27 00:52 . 2010-01-24 22:08 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-25 02:32 . 2010-01-25 02:32 -------- d-----w- c:\program files\Trend Micro
2010-01-25 02:22 . 2010-01-25 02:22 -------- d-----w- c:\program files\ERUNT
2010-01-24 22:09 . 2010-01-24 22:09 -------- d-----w- C:\$AVG
2010-01-24 22:09 . 2010-01-24 22:09 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-24 22:09 . 2010-01-24 22:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-24 22:09 . 2010-01-24 22:09 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-24 22:09 . 2010-01-24 22:09 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-24 22:09 . 2010-01-24 22:09 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-24 22:09 . 2010-01-24 22:09 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-24 22:08 . 2010-02-02 03:36 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-24 22:08 . 2010-01-24 22:08 -------- d-----w- c:\program files\AVG
2010-01-24 22:08 . 2010-01-24 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-24 07:40 . 2010-01-24 22:08 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-24 07:40 . 2010-01-24 07:40 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-21 06:49 . 2010-01-21 07:02 -------- d-----w- c:\windows\system32\NtmsData
2010-01-21 06:11 . 2010-01-21 06:11 10134 ------r- c:\documents and settings\Adam Friese2\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-01-21 06:11 . 2010-01-21 06:11 -------- d-----w- c:\windows\Downloaded Installations
2010-01-21 00:19 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-21 00:19 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-21 00:19 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 00:19 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 00:19 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-21 00:19 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-20 14:19 . 2010-01-20 14:20 -------- dc-h--w- c:\windows\ie8
2010-01-20 03:52 . 2010-01-20 03:52 5115824 ------w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-18 04:29 . 2010-01-18 04:29 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\Netscape
2010-01-18 03:08 . 2010-01-18 03:08 -------- d-----w- c:\program files\MSXML 6.0
2010-01-18 01:46 . 2010-02-02 04:37 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\HPAppData
2010-01-17 21:33 . 2010-01-17 21:33 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\Malwarebytes
2010-01-17 21:32 . 2010-01-07 22:07 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 21:32 . 2010-01-20 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 21:32 . 2010-01-17 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-17 21:32 . 2010-01-07 22:07 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-17 21:10 . 2009-07-31 16:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-17 21:10 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-17 21:10 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll
2010-01-17 21:10 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\rwnh.dll
2010-01-17 21:10 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2010-01-17 20:52 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-17 20:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-17 20:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-17 20:44 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-17 20:44 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-17 20:36 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-17 20:34 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-17 20:27 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-17 20:27 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-17 20:27 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-17 20:27 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-17 20:27 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-17 20:27 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-17 20:27 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-17 20:27 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-17 20:27 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-17 20:27 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-17 20:27 . 2009-08-05 02:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-17 20:27 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-17 20:25 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-17 20:20 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-17 20:17 . 2010-01-17 20:17 0 ------w- c:\windows\Fdexov.bin
2010-01-17 20:17 . 2010-01-17 20:17 120 ------w- c:\windows\Akejicoxep.dat
2010-01-15 06:19 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-15 06:08 . 2010-01-15 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-15 06:07 . 2010-01-15 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-15 06:07 . 2010-01-15 06:07 -------- d-----w- c:\program files\Common Files\iS3
2010-01-14 05:39 . 2004-08-10 10:13 73728 -c----w- c:\windows\system32\dllcache\ehresja.dll
2010-01-14 05:39 . 2004-08-10 10:13 69632 -c----w- c:\windows\system32\dllcache\ehresko.dll
2010-01-14 05:39 . 2004-08-10 10:13 69632 -c----w- c:\windows\system32\dllcache\ehresfr.dll
2010-01-14 05:39 . 2004-08-10 10:13 69632 -c----w- c:\windows\system32\dllcache\ehresde.dll
2010-01-14 05:39 . 2004-08-10 10:13 61440 -c----w- c:\windows\system32\dllcache\ehreschs.dll
2010-01-14 05:37 . 2008-04-14 00:10 53760 -c----w- c:\windows\system32\dllcache\pintlcsd.dll
2010-01-14 05:36 . 2004-08-10 12:00 10129408 -c----w- c:\windows\system32\dllcache\hwxkor.dll
2010-01-14 05:35 . 2004-08-10 12:00 45568 -c----w- c:\windows\system32\dllcache\browscap.dll
2010-01-14 05:32 . 2004-08-10 12:00 16384 -c----w- c:\windows\system32\dllcache\isignup.exe
2010-01-14 05:17 . 2004-08-10 12:00 24661 -c----w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-14 05:17 . 2004-08-10 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-14 05:17 . 2004-08-10 12:00 13312 -c----w- c:\windows\system32\dllcache\irclass.dll
2010-01-14 05:17 . 2004-08-10 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-14 04:28 . 2010-01-14 04:28 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2010-01-12 02:11 . 2010-01-21 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-12 02:11 . 2010-01-12 02:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-09 20:52 . 2010-01-09 20:52 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 04:28 . 2006-04-14 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-02-01 04:28 . 2009-01-17 20:13 66512 ----a-w- c:\documents and settings\Adam Friese2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 01:45 . 2009-08-18 17:56 156553 ----a-w- c:\windows\hphins26.dat
2010-01-24 23:33 . 2006-04-14 04:08 -------- d-----w- c:\program files\DIGStream
2010-01-21 06:17 . 2009-02-11 21:14 2100 ------w- c:\documents and settings\Adam Friese2\Application Data\wklnhst.dat
2010-01-21 05:20 . 2005-08-17 17:20 94363 ------w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-21 04:22 . 2004-05-04 17:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2010-01-15 09:04 . 2006-04-14 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-15 09:04 . 2006-04-14 04:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-15 06:24 . 2010-01-15 06:16 11176 ------w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-15 06:17 . 2010-01-15 06:17 136 ------w- c:\windows\system32\drivers\kgpfr2.cfg
2010-01-14 05:30 . 2005-08-17 16:53 34380 ------w- c:\windows\system32\emptyregdb.dat
2010-01-06 03:12 . 2009-02-03 21:29 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\AdobeUM
2010-01-05 00:28 . 2007-06-17 22:18 -------- d-----w- c:\program files\FAATP2007
2009-12-24 15:46 . 2009-12-24 15:46 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\ArcSoft
2009-12-21 19:14 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-10-22 18:40 . 2008-10-22 18:40 19712 ------w- c:\program files\Common Files\yheke.pif
2006-10-16 22:24 . 2006-10-16 20:23 22 --sh--w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2005-05-19 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-24 22:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/24/2010 4:09 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/24/2010 4:09 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/24/2010 4:09 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/24/2010 4:09 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/24/2010 4:08 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/24/2010 4:08 PM 2304192]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/24/2010 1:40 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/24/2010 4:08 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/24/2010 4:08 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/24/2010 4:08 PM 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 3:06 AM 231424]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/24/2010 4:08 PM 5832712]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/24/2010 1:40 AM 30104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 23:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1280)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-01 23:29:10
ComboFix-quarantined-files.txt 2010-02-02 05:28

Pre-Run: 28,001,345,536 bytes free
Post-Run: 28,490,244,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=0 LastKnownGood=6 Sets=1,2,3,4,6
- - End Of File - - 01046ED0E1398BAC928A75FE1AED437E

END OF COMBOFIX LOG----------------------------------------------------

DDS2-1-10 LOG-----------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Adam Friese2 at 0:24:12.46 on Tue 02/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.450 [GMT -6:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Adam Friese2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-1-24 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-1-24 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-24 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-24 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-24 360584]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-24 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-1-24 2304192]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-1-24 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-1-24 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-1-24 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-1-24 5832712]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]

=============== Created Last 30 ================

2010-02-02 05:16:48 0 d-sha-r- C:\cmdcons
2010-02-02 05:15:41 98816 ----a-w- c:\windows\sed.exe
2010-02-02 05:15:41 77312 ----a-w- c:\windows\MBR.exe
2010-02-02 05:15:41 261632 ----a-w- c:\windows\PEV.exe
2010-02-02 05:15:41 161792 ----a-w- c:\windows\SWREG.exe
2010-02-01 01:59:50 23113 ----a-w- c:\windows\hpqins15.dat
2010-02-01 01:54:33 77352 ----a-w- c:\windows\hpqins05.dat
2010-02-01 01:44:39 0 d-----w- c:\docume~1\adamfr~2\applic~1\HpUpdate
2010-01-27 01:38:22 787 ------w- c:\windows\hphmdl26.dat.temp
2010-01-27 01:38:22 157438 ------w- c:\windows\hphins26.dat.temp
2010-01-25 02:32:55 0 d-----w- c:\program files\Trend Micro
2010-01-24 22:09:34 0 d-----w- C:\$AVG
2010-01-24 22:09:20 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-24 22:09:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-24 22:09:19 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-24 22:09:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-24 22:09:10 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-24 22:08:57 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-24 22:08:07 0 d-----w- c:\program files\AVG
2010-01-24 22:08:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-24 07:40:22 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-24 07:40:22 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-21 06:49:32 0 d-----w- c:\windows\system32\NtmsData
2010-01-21 06:11:43 0 d-----w- c:\windows\Downloaded Installations
2010-01-21 00:19:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-21 00:19:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-21 00:19:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 00:19:58 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-21 00:19:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 00:19:55 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-20 14:19:40 0 dc-h--w- c:\windows\ie8
2010-01-18 03:08:18 0 d-----w- c:\program files\MSXML 6.0
2010-01-17 21:33:00 0 d-----w- c:\docume~1\adamfr~2\applic~1\Malwarebytes
2010-01-17 21:32:56 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 21:32:54 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-17 21:32:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 21:32:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-17 21:10:45 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-17 21:10:45 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-17 21:10:11 10752 ------w- c:\windows\system32\smtpapi.dll
2010-01-17 21:10:10 9728 ------w- c:\windows\system32\rwnh.dll
2010-01-17 21:10:05 81920 ------w- c:\windows\system32\ieencode.dll
2010-01-17 21:10:02 19569 ----a-w- c:\windows\003413_.tmp
2010-01-17 20:52:43 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-17 20:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-17 20:46:14 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-17 20:44:55 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-17 20:44:55 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-17 20:36:52 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-17 20:34:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-17 20:27:50 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-17 20:27:50 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-17 20:27:50 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-17 20:27:50 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-17 20:27:50 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-17 20:27:50 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-17 20:27:49 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-17 20:27:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-17 20:27:49 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-17 20:27:49 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-17 20:27:48 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-17 20:27:48 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-17 20:25:38 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-17 20:20:18 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-17 20:17:56 0 ------w- c:\windows\Fdexov.bin
2010-01-17 20:17:55 120 ------w- c:\windows\Akejicoxep.dat
2010-01-15 06:19:19 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-15 06:17:39 136 ------w- c:\windows\system32\drivers\kgpfr2.cfg
2010-01-15 06:16:42 11176 ------w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-15 06:08:38 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-01-15 06:07:54 0 d-----w- c:\program files\common files\iS3
2010-01-15 06:07:54 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-01-14 05:39:42 73728 -c----w- c:\windows\system32\dllcache\ehresja.dll
2010-01-14 05:39:42 69632 -c----w- c:\windows\system32\dllcache\ehresko.dll
2010-01-14 05:39:41 69632 -c----w- c:\windows\system32\dllcache\ehresfr.dll
2010-01-14 05:39:41 69632 -c----w- c:\windows\system32\dllcache\ehresde.dll
2010-01-14 05:39:19 61440 -c----w- c:\windows\system32\dllcache\ehreschs.dll
2010-01-14 05:39:03 28288 -c----w- c:\windows\system32\dllcache\xjis.nls
2010-01-14 05:37:59 70144 -c----w- c:\windows\system32\dllcache\pintlphr.exe
2010-01-14 05:36:55 10129408 -c----w- c:\windows\system32\dllcache\hwxkor.dll
2010-01-14 05:35:59 66082 -c----w- c:\windows\system32\dllcache\c_1149.nls
2010-01-14 05:33:31 488 ---h--r- c:\windows\system32\logonui.exe.manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\WindowsShell.Manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\system32\wuaucpl.cpl.manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\system32\sapi.cpl.manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\system32\nwc.cpl.manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\system32\ncpa.cpl.manifest
2010-01-14 05:32:56 16384 -c----w- c:\windows\system32\dllcache\isignup.exe
2010-01-14 05:17:24 24661 -c----w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-14 05:17:24 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-14 05:17:24 13312 -c----w- c:\windows\system32\dllcache\irclass.dll
2010-01-14 05:17:24 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-14 05:17:11 13753 ------r- c:\windows\SET4E.tmp
2010-01-14 05:17:08 1086058 ------r- c:\windows\SET42.tmp
2010-01-14 05:17:08 106147 ------r- c:\windows\SET3F.tmp
2010-01-12 02:11:15 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-12 02:11:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-12 01:56:24 0 d-----w- c:\windows\system32\appmgmt
2010-01-09 20:52:26 0 d-----w- C:\spoolerlogs

==================== Find3M ====================

2010-01-27 01:45:17 156553 ----a-w- c:\windows\hphins26.dat
2010-01-21 06:17:12 2100 ------w- c:\docume~1\adamfr~2\applic~1\wklnhst.dat
2010-01-21 04:22:55 1645320 ------w- c:\windows\system32\gdiplus.dll
2010-01-14 05:30:08 34380 ------w- c:\windows\system32\emptyregdb.dat
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2008-10-22 18:40:49 19712 ------w- c:\program files\common files\yheke.pif
2006-10-16 22:24:00 22 --sh--w- c:\windows\sminst\HPCD.sys

============= FINISH: 0:24:35.79 ===============

END DDS2-1-10 LOG

ATTACH2-1-10 LOG--------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/13/2010 11:39:45 PM
System Uptime: 2/1/2010 10:27:02 PM (2 hours ago)

Motherboard: Hewlett-Packard | | 309B
Processor: AMD Turion(tm) 64 Mobile Technology ML-34 | U23 | 1794/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 61 GiB total, 26.57 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/17/2010 3:26:43 PM - System Checkpoint
RP2: 1/17/2010 7:42:58 PM - Configured Customer Experience Enhancement
RP3: 1/17/2010 8:58:26 PM - Software Distribution Service 3.0
RP4: 1/19/2010 11:07:32 PM - Removed Microsoft .NET Framework 1.1
RP5: 1/20/2010 3:00:18 AM - Software Distribution Service 3.0
RP6: 1/20/2010 6:54:24 AM - Installed Windows Internet Explorer 8.
RP7: 1/20/2010 8:20:40 AM - Installed Windows Internet Explorer 8.
RP8: 1/20/2010 10:29:52 PM - Software Distribution Service 3.0
RP9: 1/20/2010 10:47:39 PM - Installed HP Help and Support
RP10: 1/20/2010 10:50:57 PM - Software Distribution Service 3.0
RP11: 1/21/2010 12:48:48 AM - Software Distribution Service 3.0
RP12: 1/23/2010 5:39:07 PM - System Checkpoint
RP13: 1/23/2010 6:16:38 PM - Software Distribution Service 3.0
RP14: 1/23/2010 6:29:12 PM - Software Distribution Service 3.0
RP15: 1/23/2010 8:20:21 PM - Software Distribution Service 3.0
RP16: 1/23/2010 10:04:24 PM - Software Distribution Service 3.0
RP17: 1/24/2010 1:41:34 AM - Installed AVG 9.0
RP18: 1/24/2010 4:08:01 PM - Installed AVG 9.0
RP19: 1/26/2010 6:52:02 PM - Avg8 Update
RP20: 1/28/2010 12:20:59 AM - System Checkpoint
RP21: 1/30/2010 7:24:38 PM - Avg8 Update
RP22: 1/31/2010 7:54:21 PM - Installed MSVCSetup
RP23: 2/1/2010 9:49:08 PM - System Checkpoint

==== Installed Programs ======================

5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG 9.0
Bejeweled 2 Deluxe (remove only)
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
BufferChm
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant AC-Link Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
D1500
D1500_Help
Destinations
DeviceDiscovery
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
Easy Internet Sign-up
ERUNT 1.1j
ESPNMotion
eSupportQFolder
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
GemMaster Mystic
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP BatteryCheck 2.10 A2
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Photosmart Premier Software 6.0
HP Product Detection
HP QuickPlay 2.0
HP Rhapsody
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HP User Guides--System Recovery
HP User Guides 0026
HP Wireless Assistant 2.00 C1
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.56.1
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
Netscape Browser (remove only)
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OptionalContentQFolder
Otto
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
PSSWCORE
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 G1
Quicken 2006
RandMap
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shop for HP Supplies
SkinsHP1
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
SmartWebPrinting
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy
Status
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
TrayApp
Unload
UnloadSupport
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
Wireless Home Network Setup
Yahoo! Toolbar
Zuma Deluxe from Hewlett-Packard Laptops (remove only)

==== Event Viewer Messages From Past Week ========

2/1/2010 9:30:28 PM, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 0014A5B01EEA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/27/2010 9:38:06 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
1/26/2010 8:09:38 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

==== End Of File ===========================

END ATTACH2-1-10 LOG

Blade81 · Feb 2, 2010

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\Fdexov.bin
c:\windows\Akejicoxep.dat
c:\program files\Common Files\yheke.pif

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (9.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

spot812 · Feb 9, 2010

Put another Log on the fire!

Okay, here's the next batch of logs 2-8-10.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, February 6, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, February 06, 2010 23:30:44
Records in database: 3442697
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
KERPASKY LOG---------------------------------------------------
Scan area - My Computer:
C:\
E:\

Scan statistics:
Objects scanned: 168846
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:01:47

No threats found. Scanned area is clean.

Selected area has been scanned.

END KERPASKY LOG------------------------------------------------

DDS LOG----------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Adam Friese2 at 20:18:40.87 on Mon 02/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.461 [GMT -6:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Adam Friese2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-1-24 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-1-24 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-24 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-24 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-24 360584]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-24 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-1-24 2304192]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-1-24 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-1-24 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-1-24 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-1-24 5832712]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]

=============== Created Last 30 ================

2010-02-08 16:11:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-06 23:04:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-06 23:04:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-02 05:16:48 0 d-sha-r- C:\cmdcons
2010-02-02 05:15:41 98816 ----a-w- c:\windows\sed.exe
2010-02-02 05:15:41 77312 ----a-w- c:\windows\MBR.exe
2010-02-02 05:15:41 261632 ----a-w- c:\windows\PEV.exe
2010-02-02 05:15:41 161792 ----a-w- c:\windows\SWREG.exe
2010-02-01 01:59:50 23113 ----a-w- c:\windows\hpqins15.dat
2010-02-01 01:54:33 77352 ----a-w- c:\windows\hpqins05.dat
2010-02-01 01:44:39 0 d-----w- c:\docume~1\adamfr~2\applic~1\HpUpdate
2010-01-27 01:38:22 787 ------w- c:\windows\hphmdl26.dat.temp
2010-01-27 01:38:22 157438 ------w- c:\windows\hphins26.dat.temp
2010-01-25 02:32:55 0 d-----w- c:\program files\Trend Micro
2010-01-24 22:09:34 0 d-----w- C:\$AVG
2010-01-24 22:09:20 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-24 22:09:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-24 22:09:19 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-24 22:09:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-24 22:09:10 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-24 22:08:57 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-24 22:08:07 0 d-----w- c:\program files\AVG
2010-01-24 22:08:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-24 07:40:22 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-24 07:40:22 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-21 06:49:32 0 d-----w- c:\windows\system32\NtmsData
2010-01-21 06:11:43 0 d-----w- c:\windows\Downloaded Installations
2010-01-21 00:19:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-21 00:19:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-21 00:19:58 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 00:19:58 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-21 00:19:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 00:19:55 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-20 14:19:40 0 dc-h--w- c:\windows\ie8
2010-01-18 03:08:18 0 d-----w- c:\program files\MSXML 6.0
2010-01-17 21:33:00 0 d-----w- c:\docume~1\adamfr~2\applic~1\Malwarebytes
2010-01-17 21:32:56 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 21:32:54 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-17 21:32:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 21:32:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-17 21:10:45 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-17 21:10:45 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-17 21:10:11 10752 ------w- c:\windows\system32\smtpapi.dll
2010-01-17 21:10:10 9728 ------w- c:\windows\system32\rwnh.dll
2010-01-17 21:10:05 81920 ------w- c:\windows\system32\ieencode.dll
2010-01-17 21:10:02 19569 ----a-w- c:\windows\003413_.tmp
2010-01-17 20:52:43 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-17 20:46:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-17 20:46:14 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-17 20:44:55 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-17 20:44:55 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-17 20:36:52 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-17 20:34:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-17 20:27:50 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-17 20:27:50 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-17 20:27:50 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-17 20:27:50 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-17 20:27:50 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-17 20:27:50 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-17 20:27:49 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-17 20:27:49 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-17 20:27:49 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-17 20:27:49 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-17 20:27:48 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-17 20:27:48 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-17 20:25:38 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-17 20:20:18 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-15 06:19:19 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-15 06:17:39 136 ------w- c:\windows\system32\drivers\kgpfr2.cfg
2010-01-15 06:16:42 11176 ------w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-15 06:08:38 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-01-15 06:07:54 0 d-----w- c:\program files\common files\iS3
2010-01-15 06:07:54 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-01-14 05:39:42 73728 -c----w- c:\windows\system32\dllcache\ehresja.dll
2010-01-14 05:39:42 69632 -c----w- c:\windows\system32\dllcache\ehresko.dll
2010-01-14 05:39:41 69632 -c----w- c:\windows\system32\dllcache\ehresfr.dll
2010-01-14 05:39:41 69632 -c----w- c:\windows\system32\dllcache\ehresde.dll
2010-01-14 05:39:19 61440 -c----w- c:\windows\system32\dllcache\ehreschs.dll
2010-01-14 05:39:03 28288 -c----w- c:\windows\system32\dllcache\xjis.nls
2010-01-14 05:37:59 70144 -c----w- c:\windows\system32\dllcache\pintlphr.exe
2010-01-14 05:36:55 10129408 -c----w- c:\windows\system32\dllcache\hwxkor.dll
2010-01-14 05:35:59 66082 -c----w- c:\windows\system32\dllcache\c_1149.nls
2010-01-14 05:33:31 488 ---h--r- c:\windows\system32\logonui.exe.manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\WindowsShell.Manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\system32\wuaucpl.cpl.manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\system32\sapi.cpl.manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\system32\nwc.cpl.manifest
2010-01-14 05:33:24 749 ---h--r- c:\windows\system32\ncpa.cpl.manifest
2010-01-14 05:32:56 16384 -c----w- c:\windows\system32\dllcache\isignup.exe
2010-01-14 05:17:24 24661 -c----w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-14 05:17:24 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-14 05:17:24 13312 -c----w- c:\windows\system32\dllcache\irclass.dll
2010-01-14 05:17:24 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-14 05:17:11 13753 ------r- c:\windows\SET4E.tmp
2010-01-14 05:17:08 1086058 ------r- c:\windows\SET42.tmp
2010-01-14 05:17:08 106147 ------r- c:\windows\SET3F.tmp
2010-01-12 02:11:15 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-12 02:11:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-12 01:56:24 0 d-----w- c:\windows\system32\appmgmt

==================== Find3M ====================

2010-02-08 23:35:43 2596 ----a-w- c:\docume~1\adamfr~2\applic~1\wklnhst.dat
2010-01-27 01:45:17 156553 ----a-w- c:\windows\hphins26.dat
2010-01-21 04:22:55 1645320 ------w- c:\windows\system32\gdiplus.dll
2010-01-14 05:30:08 34380 ------w- c:\windows\system32\emptyregdb.dat
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2006-10-16 22:24:00 22 --sh--w- c:\windows\sminst\HPCD.sys

============= FINISH: 20:19:12.31 ===============

END DDS LOG------------------------------------------------------------

ATTATCH LOG-----------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/13/2010 11:39:45 PM
System Uptime: 2/8/2010 6:25:10 PM (2 hours ago)

Motherboard: Hewlett-Packard | | 309B
Processor: AMD Turion(tm) 64 Mobile Technology ML-34 | U23 | 1794/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 61 GiB total, 26.706 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/17/2010 3:26:43 PM - System Checkpoint
RP2: 1/17/2010 7:42:58 PM - Configured Customer Experience Enhancement
RP3: 1/17/2010 8:58:26 PM - Software Distribution Service 3.0
RP4: 1/19/2010 11:07:32 PM - Removed Microsoft .NET Framework 1.1
RP5: 1/20/2010 3:00:18 AM - Software Distribution Service 3.0
RP6: 1/20/2010 6:54:24 AM - Installed Windows Internet Explorer 8.
RP7: 1/20/2010 8:20:40 AM - Installed Windows Internet Explorer 8.
RP8: 1/20/2010 10:29:52 PM - Software Distribution Service 3.0
RP9: 1/20/2010 10:47:39 PM - Installed HP Help and Support
RP10: 1/20/2010 10:50:57 PM - Software Distribution Service 3.0
RP11: 1/21/2010 12:48:48 AM - Software Distribution Service 3.0
RP12: 1/23/2010 5:39:07 PM - System Checkpoint
RP13: 1/23/2010 6:16:38 PM - Software Distribution Service 3.0
RP14: 1/23/2010 6:29:12 PM - Software Distribution Service 3.0
RP15: 1/23/2010 8:20:21 PM - Software Distribution Service 3.0
RP16: 1/23/2010 10:04:24 PM - Software Distribution Service 3.0
RP17: 1/24/2010 1:41:34 AM - Installed AVG 9.0
RP18: 1/24/2010 4:08:01 PM - Installed AVG 9.0
RP19: 1/26/2010 6:52:02 PM - Avg8 Update
RP20: 1/28/2010 12:20:59 AM - System Checkpoint
RP21: 1/30/2010 7:24:38 PM - Avg8 Update
RP22: 1/31/2010 7:54:21 PM - Installed MSVCSetup
RP23: 2/1/2010 9:49:08 PM - System Checkpoint
RP24: 2/3/2010 8:04:31 PM - System Checkpoint
RP25: 2/4/2010 12:01:26 PM - Avg8 Update
RP26: 2/4/2010 4:57:02 PM - Avg8 Update
RP27: 2/6/2010 4:27:53 PM - Removed Adobe Reader 6.0.1
RP28: 2/6/2010 4:42:39 PM - Installed Adobe Reader 9.3.
RP29: 2/6/2010 5:02:39 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP30: 2/6/2010 5:03:56 PM - Installed Java(TM) 6 Update 18
RP31: 2/7/2010 5:37:01 PM - System Checkpoint
RP32: 2/8/2010 6:14:46 PM - System Checkpoint

==== Installed Programs ======================

5 Card Slingo from Hewlett-Packard Laptops (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG 9.0
Bejeweled 2 Deluxe (remove only)
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
BufferChm
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant AC-Link Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
D1500
D1500_Help
Destinations
DeviceDiscovery
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
Easy Internet Sign-up
ERUNT 1.1j
ESPNMotion
eSupportQFolder
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
GemMaster Mystic
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP BatteryCheck 2.10 A2
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Photosmart Premier Software 6.0
HP Product Detection
HP QuickPlay 2.0
HP Rhapsody
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HP User Guides--System Recovery
HP User Guides 0026
HP Wireless Assistant 2.00 C1
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
Java Auto Updater
Java(TM) 6 Update 18
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.56.1
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
Netscape Browser (remove only)
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OptionalContentQFolder
Otto
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
PSSWCORE
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quick Launch Buttons 5.20 G1
Quicken 2006
RandMap
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shop for HP Supplies
SkinsHP1
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
SmartWebPrinting
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy
Status
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
TrayApp
Unload
UnloadSupport
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
Wireless Home Network Setup
Yahoo! Toolbar
Zuma Deluxe from Hewlett-Packard Laptops (remove only)

==== Event Viewer Messages From Past Week ========

2/2/2010 8:43:56 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
2/2/2010 8:42:34 AM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
2/1/2010 10:28:00 PM, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 0014A5B01EEA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

END ATTATCH LOG----------------------------------------------------

COMBOFIX LOG-------------------------------------------------------

ComboFix 10-02-01.02 - Adam Friese2 02/06/2010 16:00:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.356 [GMT -6:00]
Running from: c:\documents and settings\Adam Friese2\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adam Friese2\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\program files\Common Files\yheke.pif"
"c:\windows\Akejicoxep.dat"
"c:\windows\Fdexov.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\yheke.pif
c:\windows\Akejicoxep.dat
c:\windows\Fdexov.bin

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-05 01:00 . 2010-02-05 01:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-01 01:59 . 2010-02-01 02:02 23113 ----a-w- c:\windows\hpqins15.dat
2010-02-01 01:58 . 2010-02-01 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-02-01 01:54 . 2010-02-01 01:59 77352 ----a-w- c:\windows\hpqins05.dat
2010-02-01 01:44 . 2010-02-01 02:02 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\HpUpdate
2010-01-25 02:32 . 2010-01-25 02:32 -------- d-----w- c:\program files\Trend Micro
2010-01-25 02:22 . 2010-01-25 02:22 -------- d-----w- c:\program files\ERUNT
2010-01-24 22:09 . 2010-01-24 22:09 -------- d-----w- C:\$AVG
2010-01-24 22:09 . 2010-01-24 22:09 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-24 22:09 . 2010-01-24 22:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-24 22:09 . 2010-01-24 22:09 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-24 22:09 . 2010-01-24 22:09 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-24 22:09 . 2010-01-24 22:09 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-24 22:09 . 2010-01-24 22:09 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-24 22:08 . 2010-02-06 15:56 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-24 22:08 . 2010-01-24 22:08 -------- d-----w- c:\program files\AVG
2010-01-24 22:08 . 2010-01-24 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-24 07:40 . 2010-01-24 22:08 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-24 07:40 . 2010-01-24 07:40 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-21 06:49 . 2010-01-21 07:02 -------- d-----w- c:\windows\system32\NtmsData
2010-01-21 06:11 . 2010-01-21 06:11 -------- d-----w- c:\windows\Downloaded Installations
2010-01-21 00:19 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-21 00:19 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-21 00:19 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 00:19 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 00:19 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-21 00:19 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-20 14:19 . 2010-01-20 14:20 -------- dc-h--w- c:\windows\ie8
2010-01-18 04:29 . 2010-01-18 04:29 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\Netscape
2010-01-18 03:08 . 2010-01-18 03:08 -------- d-----w- c:\program files\MSXML 6.0
2010-01-18 01:46 . 2010-02-06 21:47 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\HPAppData
2010-01-17 21:33 . 2010-01-17 21:33 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\Malwarebytes
2010-01-17 21:32 . 2010-01-07 22:07 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 21:32 . 2010-01-20 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 21:32 . 2010-01-17 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-17 21:32 . 2010-01-07 22:07 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-17 21:10 . 2009-07-31 16:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-17 21:10 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-17 21:10 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll
2010-01-17 21:10 . 2008-04-14 00:12 9728 ------w- c:\windows\system32\rwnh.dll
2010-01-17 21:10 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2010-01-17 20:52 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-17 20:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-17 20:46 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-17 20:44 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-17 20:44 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-17 20:36 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-17 20:34 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-17 20:27 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-17 20:27 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-17 20:27 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-17 20:27 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-17 20:27 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-17 20:27 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-17 20:27 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-17 20:27 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-17 20:27 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-17 20:27 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-17 20:27 . 2009-08-05 02:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-17 20:27 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-17 20:25 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-17 20:20 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-15 06:19 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-15 06:08 . 2010-01-15 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-15 06:07 . 2010-01-15 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-15 06:07 . 2010-01-15 06:07 -------- d-----w- c:\program files\Common Files\iS3
2010-01-14 05:39 . 2004-08-10 10:13 73728 -c----w- c:\windows\system32\dllcache\ehresja.dll
2010-01-14 05:39 . 2004-08-10 10:13 69632 -c----w- c:\windows\system32\dllcache\ehresko.dll
2010-01-14 05:39 . 2004-08-10 10:13 69632 -c----w- c:\windows\system32\dllcache\ehresfr.dll
2010-01-14 05:39 . 2004-08-10 10:13 69632 -c----w- c:\windows\system32\dllcache\ehresde.dll
2010-01-14 05:39 . 2004-08-10 10:13 61440 -c----w- c:\windows\system32\dllcache\ehreschs.dll
2010-01-14 05:37 . 2008-04-14 00:10 53760 -c----w- c:\windows\system32\dllcache\pintlcsd.dll
2010-01-14 05:36 . 2004-08-10 12:00 10129408 -c----w- c:\windows\system32\dllcache\hwxkor.dll
2010-01-14 05:35 . 2004-08-10 12:00 45568 -c----w- c:\windows\system32\dllcache\browscap.dll
2010-01-14 05:32 . 2004-08-10 12:00 16384 -c----w- c:\windows\system32\dllcache\isignup.exe
2010-01-14 05:17 . 2004-08-10 12:00 24661 -c----w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-14 05:17 . 2004-08-10 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-14 05:17 . 2004-08-10 12:00 13312 -c----w- c:\windows\system32\dllcache\irclass.dll
2010-01-14 05:17 . 2004-08-10 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-14 04:28 . 2010-01-14 04:28 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2010-01-12 02:11 . 2010-01-21 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-12 02:11 . 2010-01-12 02:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-09 20:52 . 2010-01-09 20:52 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 01:02 . 2009-02-11 21:14 2264 ----a-w- c:\documents and settings\Adam Friese2\Application Data\wklnhst.dat
2010-02-01 04:28 . 2006-04-14 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-02-01 04:28 . 2009-01-17 20:13 66512 ----a-w- c:\documents and settings\Adam Friese2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 01:45 . 2009-08-18 17:56 156553 ----a-w- c:\windows\hphins26.dat
2010-01-24 23:33 . 2006-04-14 04:08 -------- d-----w- c:\program files\DIGStream
2010-01-24 22:08 . 2010-01-27 00:52 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-24 22:08 . 2010-01-27 00:52 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-21 06:11 . 2010-01-21 06:11 10134 ------r- c:\documents and settings\Adam Friese2\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-01-21 05:20 . 2005-08-17 17:20 94363 ------w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-21 04:22 . 2004-05-04 17:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2010-01-20 03:52 . 2010-01-20 03:52 5115824 ------w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 09:04 . 2006-04-14 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-15 09:04 . 2006-04-14 04:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-15 06:24 . 2010-01-15 06:16 11176 ------w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-15 06:17 . 2010-01-15 06:17 136 ------w- c:\windows\system32\drivers\kgpfr2.cfg
2010-01-14 05:30 . 2005-08-17 16:53 34380 ------w- c:\windows\system32\emptyregdb.dat
2010-01-06 03:12 . 2009-02-03 21:29 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\AdobeUM
2010-01-05 00:28 . 2007-06-17 22:18 -------- d-----w- c:\program files\FAATP2007
2009-12-24 15:46 . 2009-12-24 15:46 -------- d-----w- c:\documents and settings\Adam Friese2\Application Data\ArcSoft
2009-12-21 19:14 . 2004-08-10 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-10-16 22:24 . 2006-10-16 20:23 22 --sh--w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2005-05-19 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-24 22:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/24/2010 4:09 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/24/2010 4:09 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/24/2010 4:09 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/24/2010 4:09 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/24/2010 4:08 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/24/2010 4:08 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/24/2010 4:08 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/24/2010 1:40 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/24/2010 4:08 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/24/2010 4:08 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/24/2010 4:08 PM 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 3:06 AM 231424]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/24/2010 1:40 AM 30104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 16:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-02-06 16:16:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-06 22:16
ComboFix2.txt 2010-02-02 05:29

Pre-Run: 29,277,274,112 bytes free
Post-Run: 29,252,927,488 bytes free

- - End Of File - - B0636C6D7BA79F3E03CD2E887107D7EE

END COMBOFIX LOG----------------------------------------------------

Blade81 · Feb 9, 2010

That's looking better

How's the system running now?

spot812 · Feb 15, 2010

System Much Better

Blad81, Thank you. System is running better than it has in quites some time now. :2thumb:
I am still having the same two error messages reported in my first post. Now that we know that the system is clear of any "heebee-geebees", I can go after their solutions. Since these two errors showed up about the same time as all of the other virus and malware symptoms, I suspect that either the virus or something I did while trying to get rid of the virus is the cause of these errors. Hopefully, re-installing the associated programs will solve them.
Thanks you once again for all of your help.
:thanks:

Blade81 · Feb 15, 2010

You're welcome

You can uninstall ComboFix now:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

Let me know how it goes reinstalling those associated programs.

Blade81 · Feb 23, 2010

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

"Malware Defense" infection

spot812

New member

Blade81

Security Expert: Emeritus

spot812

New member

Blade81

Security Expert: Emeritus

spot812

New member

Blade81

Security Expert: Emeritus

spot812

New member

Blade81

Security Expert: Emeritus

spot812

New member

Blade81

Security Expert: Emeritus

spot812

New member

Blade81

Security Expert: Emeritus

Blade81

Security Expert: Emeritus