spybot tells me I've got WIN32.delf.uc

P

petemerrill

New member
Hi There,

Hope you can help. It's fair to say I've had a bit of a nightmare with malware of late. Got infected with the security suite a little while ago, I thought I'd managed to clean it, but Spybot is telling me I'm infected with WIN32.delf.uc. Tried cleaning it but it seem to keep getting reported in spybot (could it be a false positive?)

In the hope that you might be able to offer some advice....I've downloaded and run ERUNT as required and I've attached the attach.txt DDS report and pasted DDS.txt below. Hope you can help.

Kind regards

Pete

DDS (Ver_10-03-17.01) - NTFSx86
Run by Pete at 22:33:15.14 on 21/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.473 [GMT 1:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Paladin Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ZyXEL\M-302\M-302.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pete\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\Internet.lnk -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zyxelm~1.lnk - c:\program files\zyxel\m-302\M-302.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mypix.com/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209970709062
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-15 218592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-8-20 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-8-20 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-26 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-26 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-26 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-8-15 233136]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-1 390528]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-15 112592]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
R3 AR5513;ZyXEL 802.11g Wireless Adapter Service;c:\windows\system32\drivers\ar5513.sys [2008-5-6 358464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-8-15 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-8-15 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-8-15 1142224]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-8-20 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-08-20 00:11:55 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-08-20 00:11:55 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-08-20 00:11:55 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-08-16 18:36:13 3244 ----a-w- c:\windows\system32\wbem\Outlook_01cb3d71e6fa39da.mof
2010-08-16 06:06:27 138496 ----a-w- c:\windows\system32\drivers\AFD.SYS
2010-08-16 00:34:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 00:34:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-15 23:44:57 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-15 10:29:58 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-15 10:29:58 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-15 10:29:43 0 d-----w- c:\program files\Spyware Doctor
2010-08-15 10:29:43 0 d-----w- c:\program files\common files\PC Tools
2010-08-15 10:29:43 0 d-----w- c:\docume~1\pete\applic~1\PC Tools
2010-08-15 10:29:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-15 08:59:58 0 d-----w- c:\windows\system32\Registry Patrol
2010-08-15 08:59:53 0 d-----w- c:\program files\Registry Patrol
2010-08-15 08:59:46 0 d-----w- c:\program files\CCleaner
2010-08-15 00:45:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-15 00:45:39 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-15 00:45:38 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-15 00:45:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-15 00:45:28 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-15 00:45:07 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-15 00:45:02 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-15 00:45:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-15 00:44:56 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-15 00:44:54 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-15 00:44:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-15 00:44:35 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-08-15 00:44:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-08-15 00:44:26 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-08-15 00:44:14 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-08-15 00:44:06 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-08-15 00:42:55 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-08-15 00:41:59 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-08-15 00:41:55 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-15 00:41:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-15 00:41:46 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-15 00:41:42 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-15 00:41:36 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-15 00:41:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-15 00:41:27 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-15 00:41:23 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-15 00:41:18 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-15 00:41:14 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-08-15 00:41:09 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-15 00:41:02 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-15 00:39:57 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-15 00:39:53 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-08-15 00:39:52 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-08-15 00:39:46 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-08-15 00:39:43 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-08-15 00:39:36 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-08-15 00:39:30 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-08-15 00:39:26 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-08-15 00:39:22 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-08-15 00:39:14 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-08-15 00:39:10 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-08-15 00:39:06 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-08-15 00:39:01 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-08-15 00:37:59 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-15 00:37:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-08-15 00:37:49 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-08-15 00:37:45 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-08-15 00:37:41 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-15 00:37:36 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-08-15 00:37:33 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-08-15 00:37:28 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-08-15 00:37:24 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-08-15 00:37:22 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-08-15 00:37:18 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-08-15 00:37:08 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-08-15 00:37:03 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-08-15 00:35:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-08-15 00:34:57 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-08-15 00:33:57 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2010-08-15 00:32:55 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-08-15 00:32:43 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-08-15 00:32:36 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-08-15 00:32:31 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-08-15 00:32:26 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-08-15 00:32:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-08-15 00:32:09 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-08-15 00:32:05 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-08-15 00:32:02 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-08-15 00:30:57 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-08-15 00:29:57 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-08-15 00:28:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-08-15 00:27:57 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-08-15 00:26:57 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-15 00:25:59 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-08-15 00:24:53 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-08-15 00:23:59 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-15 00:22:59 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-08-15 00:21:59 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-08-15 00:20:58 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-08-15 00:19:58 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-08-15 00:18:59 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2010-08-15 00:17:58 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll
2010-08-15 00:16:59 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys
2010-08-15 00:15:59 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2010-08-15 00:14:56 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-08-15 00:13:30 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-08-13 08:39:49 2853 ----a-w- c:\windows\erapujaxa.dll
2010-08-12 23:31:03 2853 ----a-w- c:\windows\epetiqefameteqa.dll
2010-08-12 22:52:53 2853 ----a-w- c:\windows\ekurojewujo.dll
2010-08-12 22:43:37 1098 ----a-w- c:\windows\Dyanagoga.dat
2010-08-12 22:43:37 0 ----a-w- c:\windows\Thacihu.bin
2010-08-12 22:41:13 0 d-----w- c:\docume~1\pete\applic~1\7ED0FF19829AB0E75B0EA13A4045FD63
2010-08-05 18:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-03 22:33:45 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-08-15 17:03:55 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-17 12:06:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:06:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 12:06:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-02-23 22:35:56 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-05 15:59:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100520081006\index.dat

============= FINISH: 22:34:11.73 ===============
 
Hello and welcome to Safer Networking.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


1. Rerun DDS and post a fresh DDS and Attach.txt Log in your next post/reply.


2. Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
 
Hi km2357,

Firstly, thank you so much for taking the time to help me out.

As requested I've posted below the DDS.txt info and attached the DDS zip file. Finally I've run gmer. I had no rootkit warnings. The first time I ran it I had all boxes ticked except Show all, the scan hung on a Netbios file for 3 hours so I assumed it had gone wrong somehow and ended up having to shutdown (hold down the button) and start it up again. Apologies if I was wrong to do this. I then ran it again after re-reading your instructions and just had Sections ticked and everything else unticked. It scanned both my C drive and my F drive (2nd HDD). The resulting .txt file I've copied below. BTW, after gmer had run and was closed my PC became pretty much unusable with lsass.exe thrashing the CPU. Was fine after a reboot. Thought I'd better mention it.

Thank you once again

Look forward to hearing from you.

Pete.

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Pete at 19:22:34.31 on 25/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.261 [GMT 1:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Paladin Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\ZyXEL\M-302\M-302.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pete\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\Internet.lnk -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zyxelm~1.lnk - c:\program files\zyxel\m-302\M-302.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mypix.com/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209970709062
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-15 218592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-8-20 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-8-20 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-26 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-26 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-26 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-8-15 233136]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-1 390528]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-15 112592]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
R3 AR5513;ZyXEL 802.11g Wireless Adapter Service;c:\windows\system32\drivers\ar5513.sys [2008-5-6 358464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-8-15 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-8-15 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-8-15 1142224]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-8-20 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-08-20 00:11:55 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-08-20 00:11:55 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-08-20 00:11:55 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-08-16 18:36:13 3244 ----a-w- c:\windows\system32\wbem\Outlook_01cb3d71e6fa39da.mof
2010-08-16 06:06:27 138496 ----a-w- c:\windows\system32\drivers\AFD.SYS
2010-08-16 00:34:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 00:34:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-15 23:44:57 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-15 10:29:58 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-15 10:29:58 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-15 10:29:43 0 d-----w- c:\program files\Spyware Doctor
2010-08-15 10:29:43 0 d-----w- c:\program files\common files\PC Tools
2010-08-15 10:29:43 0 d-----w- c:\docume~1\pete\applic~1\PC Tools
2010-08-15 10:29:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-15 08:59:58 0 d-----w- c:\windows\system32\Registry Patrol
2010-08-15 08:59:53 0 d-----w- c:\program files\Registry Patrol
2010-08-15 08:59:46 0 d-----w- c:\program files\CCleaner
2010-08-15 00:45:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-15 00:45:39 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-15 00:45:38 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-15 00:45:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-15 00:45:28 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-15 00:45:07 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-15 00:45:02 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-15 00:45:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-15 00:44:56 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-15 00:44:54 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-15 00:44:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-15 00:44:35 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-08-15 00:44:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-08-15 00:44:26 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-08-15 00:44:14 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-08-15 00:44:06 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-08-15 00:42:55 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-08-15 00:41:59 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-08-15 00:41:55 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-15 00:41:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-15 00:41:46 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-15 00:41:42 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-15 00:41:36 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-15 00:41:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-15 00:41:27 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-15 00:41:23 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-15 00:41:18 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-15 00:41:14 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-08-15 00:41:09 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-15 00:41:02 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-15 00:39:57 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-15 00:39:53 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-08-15 00:39:52 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-08-15 00:39:46 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-08-15 00:39:43 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-08-15 00:39:36 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-08-15 00:39:30 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-08-15 00:39:26 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-08-15 00:39:22 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-08-15 00:39:14 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-08-15 00:39:10 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-08-15 00:39:06 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-08-15 00:39:01 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-08-15 00:37:59 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-15 00:37:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-08-15 00:37:49 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-08-15 00:37:45 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-08-15 00:37:41 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-15 00:37:36 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-08-15 00:37:33 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-08-15 00:37:28 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-08-15 00:37:24 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-08-15 00:37:22 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-08-15 00:37:18 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-08-15 00:37:08 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-08-15 00:37:03 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-08-15 00:35:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-08-15 00:34:57 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-08-15 00:33:57 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2010-08-15 00:32:55 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-08-15 00:32:43 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-08-15 00:32:36 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-08-15 00:32:31 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-08-15 00:32:26 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-08-15 00:32:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-08-15 00:32:09 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-08-15 00:32:05 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-08-15 00:32:02 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-08-15 00:30:57 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-08-15 00:29:57 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-08-15 00:28:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-08-15 00:27:57 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-08-15 00:26:57 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-15 00:25:59 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-08-15 00:24:53 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-08-15 00:23:59 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-15 00:22:59 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-08-15 00:21:59 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-08-15 00:20:58 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-08-15 00:19:58 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-08-15 00:18:59 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2010-08-15 00:17:58 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll
2010-08-15 00:16:59 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys
2010-08-15 00:15:59 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2010-08-15 00:14:56 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-08-15 00:13:30 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-08-13 08:39:49 2853 ----a-w- c:\windows\erapujaxa.dll
2010-08-12 23:31:03 2853 ----a-w- c:\windows\epetiqefameteqa.dll
2010-08-12 22:52:53 2853 ----a-w- c:\windows\ekurojewujo.dll
2010-08-12 22:43:37 1098 ----a-w- c:\windows\Dyanagoga.dat
2010-08-12 22:43:37 0 ----a-w- c:\windows\Thacihu.bin
2010-08-12 22:41:13 0 d-----w- c:\docume~1\pete\applic~1\7ED0FF19829AB0E75B0EA13A4045FD63
2010-08-05 18:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-03 22:33:45 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-08-15 17:03:55 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-17 12:06:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:06:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 12:06:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-02-23 22:35:56 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-05 15:59:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100520081006\index.dat

============= FINISH: 19:23:37.85 ===============

And now the gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-25 21:02:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Pete\LOCALS~1\Temp\pxtdipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 16E 804E49C8 7 Bytes [B2, 69, A8, F4, B0, 70, 4D] {MOV DL, 0x69; TEST AL, 0xf4; MOV AL, 0x70; DEC EBP}
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6266360, 0x37388D, 0xE8000020]
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xBA22A000, 0x44527, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xBA27C224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xBA27C000, 0x7000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB9FEF400, 0x88182, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xBA093820] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xBA093820]
.protectÿÿÿÿhardlockunknown last code section [0xBA093600, 0x50F6, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xBA093600, 0x50F6, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1180] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414E10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1180] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1180] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1180] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2864] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00438FF0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2864] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2864] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022

---- EOF - GMER 1.0.15 ----
 
Remove one of your Anti Virus programs.

You are operating your computer with multiple Anti Virus programs running in memory at once:

Spyware Doctor with AntiVirus

AVG Anti-Virus Free

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them.

Regarding Paladin Antivirus, I don't see in your Installed Programs list in Attach.txt. Did you recently uninstall this program?


IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
 
Hi km2357,

Thank you for your continued support.

I have removed Spydoctor and kept AVG.

Paladin Antivirus was actually one of those fake AV's I git infected with but was removed by Malwarebytes. I got infected from the same torrent search engine that infected me this time. Lesson learnt!!!

I have removed BitTorrent.

Did the combofix thing following the instructions. BTW I got a warning saying there's a new version and did I want to download it. To be safe I said no. Also during the scan it got to Stage 2 completed and then I got a warning saying PEV.cfxxe has encountered a problem etc etc. I clicked don't send and the scan continued.

Finally I also appear to have a new internet explorer icon on my desktop??

All the best

Pete

Here's the log from combofix:

ComboFix 10-08-26.01 - Pete 26/08/2010 20:29:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.438 [GMT 1:00]
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pete\Application Data\inst.exe
c:\documents and settings\Pete\Local Settings\Application Data\{EA94AAF7-A350-418D-97FF-5EB5C53ED281}
c:\documents and settings\Pete\Local Settings\Application Data\{EA94AAF7-A350-418D-97FF-5EB5C53ED281}\chrome.manifest
c:\documents and settings\Pete\Local Settings\Application Data\{EA94AAF7-A350-418D-97FF-5EB5C53ED281}\chrome\content\_cfg.js
c:\documents and settings\Pete\Local Settings\Application Data\{EA94AAF7-A350-418D-97FF-5EB5C53ED281}\chrome\content\overlay.xul
c:\documents and settings\Pete\Local Settings\Application Data\{EA94AAF7-A350-418D-97FF-5EB5C53ED281}\install.rdf
C:\Thumbs.db
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x64\racodec.ax
c:\windows\Downloaded Program Files\x86
c:\windows\Downloaded Program Files\x86\racodec.ax
c:\windows\ekurojewujo.dll
c:\windows\epetiqefameteqa.dll
c:\windows\erapujaxa.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 19:15 . 2010-08-26 19:15 -------- d-----w- c:\documents and settings\Pete\Application Data\AVG9
2010-08-21 21:31 . 2010-08-21 21:31 -------- d-----w- c:\program files\ERUNT
2010-08-16 06:06 . 2010-08-16 06:06 138496 ----a-w- c:\windows\system32\drivers\AFD.SYS
2010-08-16 00:34 . 2010-08-16 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-16 00:34 . 2010-08-16 00:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-15 23:44 . 2010-08-16 06:48 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-15 10:29 . 2010-08-26 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-15 08:59 . 2010-08-15 08:59 -------- d-----w- c:\windows\system32\Registry Patrol
2010-08-15 08:59 . 2010-08-15 08:59 -------- d-----w- c:\program files\Registry Patrol
2010-08-15 08:59 . 2010-08-15 08:59 -------- d-----w- c:\program files\CCleaner
2010-08-15 00:45 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-15 00:45 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-15 00:45 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-15 00:45 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-15 00:45 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-15 00:45 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-15 00:45 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-15 00:45 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-15 00:44 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-15 00:44 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-15 00:44 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-15 00:44 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-08-15 00:44 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-08-15 00:44 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-08-15 00:44 . 2001-08-17 12:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-08-15 00:44 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-08-15 00:42 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-08-15 00:41 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-08-15 00:41 . 2001-08-17 21:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-15 00:41 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-15 00:41 . 2001-08-17 21:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-15 00:41 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-15 00:41 . 2001-08-17 12:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-15 00:41 . 2001-08-17 21:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-15 00:41 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-15 00:41 . 2001-08-17 21:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-15 00:41 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-15 00:41 . 2001-08-17 12:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-08-15 00:41 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-15 00:41 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-15 00:39 . 2001-08-17 11:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-15 00:39 . 2001-08-17 13:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-08-15 00:39 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-08-15 00:39 . 2001-08-17 11:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-08-15 00:39 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-08-15 00:39 . 2001-08-17 12:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-08-15 00:39 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-08-15 00:39 . 2001-08-17 11:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-08-15 00:39 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-08-15 00:39 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-08-15 00:39 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-08-15 00:39 . 2001-08-17 13:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-08-15 00:39 . 2001-08-17 13:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-08-15 00:37 . 2001-08-17 21:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-15 00:37 . 2001-08-17 12:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-08-15 00:37 . 2001-08-17 21:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-08-15 00:37 . 2001-08-17 13:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-08-15 00:37 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-15 00:37 . 2001-08-17 11:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-08-15 00:37 . 2001-08-17 21:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-08-15 00:37 . 2001-08-17 11:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-08-15 00:37 . 2001-08-17 12:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-08-15 00:37 . 2008-04-13 18:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-08-15 00:37 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-08-15 00:37 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-08-15 00:37 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-08-15 00:35 . 2001-08-17 11:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-08-15 00:34 . 2001-08-17 12:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-08-15 00:33 . 2001-08-17 11:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2010-08-15 00:32 . 2001-08-17 21:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-08-15 00:32 . 2001-08-17 12:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-08-15 00:32 . 2001-08-17 12:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-08-15 00:32 . 2001-08-17 12:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-08-15 00:32 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-08-15 00:32 . 2001-08-17 12:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-08-15 00:32 . 2001-08-17 12:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-08-15 00:32 . 2001-08-17 12:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-08-15 00:32 . 2001-08-17 12:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-08-15 00:30 . 2001-08-17 13:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-08-15 00:29 . 2001-08-17 21:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-08-15 00:28 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-08-15 00:27 . 2001-08-17 11:50 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-08-15 00:26 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-15 00:25 . 2001-08-17 21:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-08-15 00:24 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-08-15 00:23 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-15 00:22 . 2001-08-17 21:34 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-08-15 00:21 . 2001-08-17 12:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-08-15 00:20 . 2001-08-17 12:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-08-15 00:19 . 2001-08-17 11:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-08-15 00:18 . 2001-08-17 11:11 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2010-08-15 00:17 . 2001-08-17 21:36 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll
2010-08-15 00:16 . 2001-08-17 11:19 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys
2010-08-15 00:15 . 2001-08-17 13:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2010-08-15 00:14 . 2001-08-17 11:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-08-15 00:13 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-08-12 22:43 . 2010-08-15 08:13 1098 ----a-w- c:\windows\Dyanagoga.dat
2010-08-12 22:43 . 2010-08-14 23:09 0 ----a-w- c:\windows\Thacihu.bin
2010-08-12 22:41 . 2010-08-12 22:43 -------- d-----w- c:\documents and settings\Pete\Application Data\7ED0FF19829AB0E75B0EA13A4045FD63
2010-08-05 18:19 . 2010-08-05 18:19 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-03 22:33 . 2010-08-03 22:33 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 18:53 . 2009-09-17 21:50 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-08-26 18:51 . 2008-08-05 00:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-15 22:15 . 2009-09-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-08-15 22:15 . 2009-09-17 21:38 -------- d-----w- c:\program files\Kodak
2010-08-15 22:07 . 2009-06-25 23:52 -------- d-----w- c:\program files\The Rosetta Stone
2010-08-15 22:05 . 2008-05-05 11:25 -------- d-----w- c:\program files\IrfanView
2010-08-15 12:28 . 2008-05-04 19:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-15 12:20 . 2008-05-05 11:25 -------- d-----w- c:\program files\Google
2010-08-15 12:12 . 2010-03-18 00:28 -------- d-----w- c:\program files\Fruit Machine Emulation
2010-08-15 12:03 . 2010-03-22 20:49 -------- d-----w- c:\program files\ART Inc
2010-08-15 12:01 . 2009-02-27 22:10 -------- d-----w- c:\program files\1st Sound Recorder
2010-08-05 18:29 . 2010-08-05 18:29 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\18481\RapportMS.dll
2010-08-05 18:29 . 2010-08-05 18:29 468200 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus.dll
2010-08-05 18:29 . 2010-08-05 18:29 34536 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys
2010-08-03 22:34 . 2010-06-03 21:49 -------- d-----w- c:\program files\iTunes
2010-08-03 22:33 . 2008-11-19 20:33 -------- d-----w- c:\program files\Common Files\Apple
2010-08-03 22:23 . 2010-08-03 22:23 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-24 19:11 . 2009-01-17 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-19 21:14 . 2010-07-19 21:14 -------- d-----w- c:\program files\Bonjour
2010-07-17 12:06 . 2010-02-26 14:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:06 . 2010-07-17 12:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 12:06 . 2010-02-26 14:11 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 14:58 . 2010-06-23 14:58 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb8.tmp.exe
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-05-02 21:32 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 08:21 . 2010-02-26 14:11 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-25 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Pete\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-8 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 12:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\ArcSoft\\Media Browser\\ArcMediaService.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [05/08/2010 19:19 58984]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/02/2010 15:11 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/02/2010 15:11 243024]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 11:39 390528]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys [05/08/2010 19:29 34536]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [05/08/2010 19:19 168936]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 13:06 308136]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [05/08/2010 19:19 763112]
R3 AR5513;ZyXEL 802.11g Wireless Adapter Service;c:\windows\system32\drivers\ar5513.sys [06/05/2008 23:29 358464]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 11:41 135664]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:41]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:41]

2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{312E01F4-408D-47D3-B0CF-663923D70A5F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 20:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-26 20:46:51
ComboFix-quarantined-files.txt 2010-08-26 19:46

Pre-Run: 14,810,079,232 bytes free
Post-Run: 14,885,773,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - BA0111359A8769730A06EAF6FC9F29C5
 
BTW I got a warning saying there's a new version and did I want to download it. To be safe I said no.
Click to expand...

When you get the message from ComboFix saying that there is a new version available, you want to click yes and download it. It's always best to have the latest version of ComboFix. :)


Finally I also appear to have a new internet explorer icon on my desktop??
Click to expand...

ComboFix will make Internet Explorer your default browser. Did you delete the IE icon off of your Desktop before? It looks like ComboFix added it back in.



Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    KILLALL::

File::

c:\windows\Dyanagoga.dat
c:\windows\Thacihu.bin

Folder::

c:\Program Files\DNA

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-

DDS::

uInternet Settings,ProxyServer = http=127.0.0.1:6522
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    CFScriptB-4.gif



    Note: This CFScript is for use on PeteMerrill's computer only! Do not use it on your computer.

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step # 2: Restore Proxy Settings

In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 2 has been completed.
 
Hi

Please find below the combofix log and DDS. I've also attacehed the DDS log as well.

BTW when I ran combofix it did reboot but never came back up. I left it overnight but no joy so did a hard re-boot this morning. Cobofix continued ;o)

Many thanks

Pete

Combofix:

ComboFix 10-08-26.01 - Pete 27/08/2010 2:05.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.422 [GMT 1:00]
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pete\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\windows\Dyanagoga.dat"
"c:\windows\Thacihu.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\windows\Dyanagoga.dat
c:\windows\Thacihu.bin

.
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-26 19:15 . 2010-08-26 19:15 -------- d-----w- c:\documents and settings\Pete\Application Data\AVG9
2010-08-21 21:31 . 2010-08-21 21:31 -------- d-----w- c:\program files\ERUNT
2010-08-16 06:06 . 2010-08-16 06:06 138496 ----a-w- c:\windows\system32\drivers\AFD.SYS
2010-08-16 00:34 . 2010-08-16 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-16 00:34 . 2010-08-16 00:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-15 23:44 . 2010-08-16 06:48 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-15 10:29 . 2010-08-26 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-15 08:59 . 2010-08-15 08:59 -------- d-----w- c:\windows\system32\Registry Patrol
2010-08-15 08:59 . 2010-08-15 08:59 -------- d-----w- c:\program files\Registry Patrol
2010-08-15 08:59 . 2010-08-15 08:59 -------- d-----w- c:\program files\CCleaner
2010-08-15 00:45 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-15 00:45 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-15 00:45 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-15 00:45 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-15 00:45 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-15 00:45 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-15 00:45 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-15 00:45 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-15 00:44 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-15 00:44 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-15 00:44 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-15 00:44 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-08-15 00:44 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-08-15 00:44 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-08-15 00:44 . 2001-08-17 12:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-08-15 00:44 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-08-15 00:42 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-08-15 00:41 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-08-15 00:41 . 2001-08-17 21:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-15 00:41 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-15 00:41 . 2001-08-17 21:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-15 00:41 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-15 00:41 . 2001-08-17 12:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-15 00:41 . 2001-08-17 21:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-15 00:41 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-15 00:41 . 2001-08-17 21:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-15 00:41 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-15 00:41 . 2001-08-17 12:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-08-15 00:41 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-15 00:41 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-15 00:39 . 2001-08-17 11:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-15 00:39 . 2001-08-17 13:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-08-15 00:39 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-08-15 00:39 . 2001-08-17 11:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-08-15 00:39 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-08-15 00:39 . 2001-08-17 12:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-08-15 00:39 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-08-15 00:39 . 2001-08-17 11:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-08-15 00:39 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-08-15 00:39 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-08-15 00:39 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-08-15 00:39 . 2001-08-17 13:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-08-15 00:39 . 2001-08-17 13:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-08-15 00:37 . 2001-08-17 21:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-15 00:37 . 2001-08-17 12:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-08-15 00:37 . 2001-08-17 21:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-08-15 00:37 . 2001-08-17 13:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-08-15 00:37 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-15 00:37 . 2001-08-17 11:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-08-15 00:37 . 2001-08-17 21:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-08-15 00:37 . 2001-08-17 11:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-08-15 00:37 . 2001-08-17 12:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-08-15 00:37 . 2008-04-13 18:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-08-15 00:37 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-08-15 00:37 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-08-15 00:37 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-08-15 00:35 . 2001-08-17 11:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-08-15 00:34 . 2001-08-17 12:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-08-15 00:33 . 2001-08-17 11:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2010-08-15 00:32 . 2001-08-17 21:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-08-15 00:32 . 2001-08-17 12:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-08-15 00:32 . 2001-08-17 12:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-08-15 00:32 . 2001-08-17 12:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-08-15 00:32 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-08-15 00:32 . 2001-08-17 12:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-08-15 00:32 . 2001-08-17 12:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-08-15 00:32 . 2001-08-17 12:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-08-15 00:32 . 2001-08-17 12:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-08-15 00:30 . 2001-08-17 13:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-08-15 00:29 . 2001-08-17 21:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-08-15 00:28 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-08-15 00:27 . 2001-08-17 11:50 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-08-15 00:26 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-15 00:25 . 2001-08-17 21:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-08-15 00:24 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-08-15 00:23 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-15 00:22 . 2001-08-17 21:34 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-08-15 00:21 . 2001-08-17 12:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-08-15 00:20 . 2001-08-17 12:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-08-15 00:19 . 2001-08-17 11:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-08-15 00:18 . 2001-08-17 11:11 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2010-08-15 00:17 . 2001-08-17 21:36 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll
2010-08-15 00:16 . 2001-08-17 11:19 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys
2010-08-15 00:15 . 2001-08-17 13:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2010-08-15 00:14 . 2001-08-17 11:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-08-15 00:13 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-08-12 22:41 . 2010-08-12 22:43 -------- d-----w- c:\documents and settings\Pete\Application Data\7ED0FF19829AB0E75B0EA13A4045FD63
2010-08-05 18:19 . 2010-08-05 18:19 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-03 22:33 . 2010-08-03 22:33 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 18:51 . 2008-08-05 00:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-15 22:15 . 2009-09-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-08-15 22:15 . 2009-09-17 21:38 -------- d-----w- c:\program files\Kodak
2010-08-15 22:07 . 2009-06-25 23:52 -------- d-----w- c:\program files\The Rosetta Stone
2010-08-15 22:05 . 2008-05-05 11:25 -------- d-----w- c:\program files\IrfanView
2010-08-15 12:28 . 2008-05-04 19:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-15 12:20 . 2008-05-05 11:25 -------- d-----w- c:\program files\Google
2010-08-15 12:12 . 2010-03-18 00:28 -------- d-----w- c:\program files\Fruit Machine Emulation
2010-08-15 12:03 . 2010-03-22 20:49 -------- d-----w- c:\program files\ART Inc
2010-08-15 12:01 . 2009-02-27 22:10 -------- d-----w- c:\program files\1st Sound Recorder
2010-08-03 22:34 . 2010-06-03 21:49 -------- d-----w- c:\program files\iTunes
2010-08-03 22:33 . 2008-11-19 20:33 -------- d-----w- c:\program files\Common Files\Apple
2010-07-24 19:11 . 2009-01-17 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-19 21:14 . 2010-07-19 21:14 -------- d-----w- c:\program files\Bonjour
2010-07-17 12:06 . 2010-02-26 14:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:06 . 2010-07-17 12:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 12:06 . 2010-02-26 14:11 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 08:21 . 2010-02-26 14:11 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-25 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="NvMCTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Pete\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-8 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 12:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\ArcSoft\\Media Browser\\ArcMediaService.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [05/08/2010 19:19 58984]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/02/2010 15:11 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/02/2010 15:11 243024]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 11:39 390528]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys [05/08/2010 19:29 34536]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [05/08/2010 19:19 168936]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 13:06 308136]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [05/08/2010 19:19 763112]
R3 AR5513;ZyXEL 802.11g Wireless Adapter Service;c:\windows\system32\drivers\ar5513.sys [06/05/2008 23:29 358464]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 11:41 135664]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:41]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:41]

2010-08-27 c:\windows\Tasks\User_Feed_Synchronization-{312E01F4-408D-47D3-B0CF-663923D70A5F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 08:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6372)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\system32\acs.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\devldr32.exe
c:\program files\ZyXEL\M-302\M-302.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-27 08:38:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-27 07:38
ComboFix2.txt 2010-08-26 19:46

Pre-Run: 14,866,300,928 bytes free
Post-Run: 14,857,879,552 bytes free

- - End Of File - - 266540AEEC358CD8800A1C64D267898B


DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Pete at 8:41:00.10 on 27/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.553 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ZyXEL\M-302\M-302.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pete\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\Internet.lnk -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zyxelm~1.lnk - c:\program files\zyxel\m-302\M-302.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mypix.com/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209970709062
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-26 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-26 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-26 243024]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-1 390528]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
R3 AR5513;ZyXEL 802.11g Wireless Adapter Service;c:\windows\system32\drivers\ar5513.sys [2008-5-6 358464]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2010-08-26 19:27:36 0 d-sha-r- C:\cmdcons
2010-08-26 19:21:00 98816 ----a-w- c:\windows\sed.exe
2010-08-26 19:21:00 77312 ----a-w- c:\windows\MBR.exe
2010-08-26 19:21:00 256512 ----a-w- c:\windows\PEV.exe
2010-08-26 19:21:00 161792 ----a-w- c:\windows\SWREG.exe
2010-08-26 19:15:16 0 d-----w- c:\docume~1\pete\applic~1\AVG9
2010-08-16 18:36:13 3244 ----a-w- c:\windows\system32\wbem\Outlook_01cb3d71e6fa39da.mof
2010-08-16 06:06:27 138496 ----a-w- c:\windows\system32\drivers\AFD.SYS
2010-08-16 00:34:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 00:34:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-15 23:44:57 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-15 10:29:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-15 08:59:58 0 d-----w- c:\windows\system32\Registry Patrol
2010-08-15 08:59:53 0 d-----w- c:\program files\Registry Patrol
2010-08-15 08:59:46 0 d-----w- c:\program files\CCleaner
2010-08-15 00:45:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-15 00:45:39 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-15 00:45:38 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-15 00:45:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-15 00:45:28 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-15 00:45:07 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-15 00:45:02 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-15 00:45:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-15 00:44:56 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-15 00:44:54 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-15 00:44:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-15 00:44:35 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-08-15 00:44:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-08-15 00:44:26 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-08-15 00:44:14 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-08-15 00:44:06 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-08-15 00:42:55 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-08-15 00:41:59 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-08-15 00:41:55 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-15 00:41:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-15 00:41:46 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-15 00:41:42 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-15 00:41:36 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-15 00:41:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-15 00:41:27 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-15 00:41:23 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-15 00:41:18 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-15 00:41:14 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-08-15 00:41:09 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-15 00:41:02 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-15 00:39:57 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-15 00:39:53 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-08-15 00:39:52 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-08-15 00:39:46 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-08-15 00:39:43 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-08-15 00:39:36 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-08-15 00:39:30 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-08-15 00:39:26 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-08-15 00:39:22 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-08-15 00:39:14 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-08-15 00:39:10 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-08-15 00:39:06 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-08-15 00:39:01 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-08-15 00:37:59 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-15 00:37:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-08-15 00:37:49 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-08-15 00:37:45 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-08-15 00:37:41 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-15 00:37:36 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-08-15 00:37:33 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-08-15 00:37:28 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-08-15 00:37:24 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-08-15 00:37:22 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-08-15 00:37:18 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-08-15 00:37:08 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-08-15 00:37:03 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-08-15 00:35:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-08-15 00:34:57 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-08-15 00:33:57 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2010-08-15 00:32:55 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-08-15 00:32:43 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-08-15 00:32:36 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-08-15 00:32:31 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-08-15 00:32:26 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-08-15 00:32:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-08-15 00:32:09 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-08-15 00:32:05 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-08-15 00:32:02 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-08-15 00:30:57 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-08-15 00:29:57 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-08-15 00:28:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-08-15 00:27:57 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-08-15 00:26:57 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-15 00:25:59 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-08-15 00:24:53 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-08-15 00:23:59 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-15 00:22:59 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-08-15 00:21:59 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-08-15 00:20:58 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-08-15 00:19:58 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-08-15 00:18:59 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2010-08-15 00:17:58 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll
2010-08-15 00:16:59 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys
2010-08-15 00:15:59 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2010-08-15 00:14:56 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-08-15 00:13:30 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-08-12 22:41:13 0 d-----w- c:\docume~1\pete\applic~1\7ED0FF19829AB0E75B0EA13A4045FD63
2010-08-05 18:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-03 22:33:45 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-07-17 12:06:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:06:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 12:06:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-02-23 22:35:56 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-05 15:59:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100520081006\index.dat

============= FINISH: 8:41:10.98 ===============
 
Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u21.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • Java(TM) 6 Update 7

    Java(TM) 6 Update 17

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.



Step # 2 Run CCleaner

CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 24 hours
  • Then select the items you wish to clean up.
  • In the Windows Tab:
  • Clean all entries in the Internet Explorer section except Cookies
  • Clean all the entries in the Windows Explorer section
  • Clean all entries in the System section
  • Clean all entries in the Advanced section
  • Clean any others that you choose
  • In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it
  • Clean all in the Opera section if you use it
  • Clean Sun Java in the Internet Section
  • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO



Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


Post the MalwareBytes' Log in your next post/reply.
 
Hi km2357,

Thanks for your continued support.

Apologies for not coming back to you sooner, been away for a couple of days.

Removed all Java installs then re-started. For some reason it didn't come out of the restart. Waited until all HDD activity had ceased and then did a hard shutdown. rebooted and all was fine. Updated to the newest version of Java as requested.

Ran CCleaner following all your instructions.

Opened Malwarebytes, updated the app, performed quick scan...No malicious items were detected! Log below.

All the best

Pete

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/08/2010 21:18:22
mbam-log-2010-08-30 (21-18-22).txt

Scan type: Quick scan
Objects scanned: 156004
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Your database version of MalwareBytes' (Database version: 4052) is out of date. The latest version is in the 4510's (4516 as I type this). Open up MalwareBytes' again, update it again and run another Quick Scan and post the log in your next post/reply.


Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

  • First, go to Add/Remove Programs and uninstall Adobe Reader 8.1.4.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.3.4 is a large program and if you prefer a smaller program you can get Foxit 4.1.1 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 4.1.1 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay


Step # 2: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. The updated MalwareBytes' Log
2. The Kaspersky Log
3. A fresh DDS Log
4. How is your computer doing, any problems?
 
Hi,

All done, the Kaspersky thing took over 4hrs to run! Computer is fine other than the reboot situation I explained in earlier posts. Mbam found some threats :sad: Here are the reports....

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4517

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/08/2010 21:09:36
mbam-log-2010-08-31 (21-09-36).txt

Scan type: Quick scan
Objects scanned: 178938
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 1, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 31, 2010 18:50:17
Records in database: 4170225
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 101893
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:01:54

No threats found. Scanned area is clean.

Selected area has been scanned.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Pete at 7:37:32.50 on 01/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.658 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ZyXEL\M-302\M-302.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Pete\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\Internet.lnk -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zyxelm~1.lnk - c:\program files\zyxel\m-302\M-302.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mypix.com/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209970709062
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-26 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-26 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-26 243024]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-1 390528]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
R3 AR5513;ZyXEL 802.11g Wireless Adapter Service;c:\windows\system32\drivers\ar5513.sys [2008-5-6 358464]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2010-08-30 19:23:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-30 19:23:13 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 19:27:36 0 d-sha-r- C:\cmdcons
2010-08-26 19:21:00 98816 ----a-w- c:\windows\sed.exe
2010-08-26 19:21:00 77312 ----a-w- c:\windows\MBR.exe
2010-08-26 19:21:00 256512 ----a-w- c:\windows\PEV.exe
2010-08-26 19:21:00 161792 ----a-w- c:\windows\SWREG.exe
2010-08-26 19:15:16 0 d-----w- c:\docume~1\pete\applic~1\AVG9
2010-08-16 18:36:13 3244 ----a-w- c:\windows\system32\wbem\Outlook_01cb3d71e6fa39da.mof
2010-08-16 06:06:27 138496 ----a-w- c:\windows\system32\drivers\AFD.SYS
2010-08-16 00:34:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 00:34:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-15 23:44:57 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-15 10:29:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-15 08:59:58 0 d-----w- c:\windows\system32\Registry Patrol
2010-08-15 08:59:53 0 d-----w- c:\program files\Registry Patrol
2010-08-15 08:59:46 0 d-----w- c:\program files\CCleaner
2010-08-15 00:45:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-15 00:45:39 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-15 00:45:38 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-08-15 00:45:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-08-15 00:45:28 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-08-15 00:45:07 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-08-15 00:45:02 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-08-15 00:45:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-08-15 00:44:56 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-15 00:44:54 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-08-15 00:44:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-15 00:44:35 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-08-15 00:44:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-08-15 00:44:26 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-08-15 00:44:14 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-08-15 00:44:06 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-08-15 00:42:55 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-08-15 00:41:59 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-08-15 00:41:55 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-08-15 00:41:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-15 00:41:46 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-08-15 00:41:42 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-08-15 00:41:36 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-08-15 00:41:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-08-15 00:41:27 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-08-15 00:41:23 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2010-08-15 00:41:18 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-08-15 00:41:14 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2010-08-15 00:41:09 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2010-08-15 00:41:02 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-08-15 00:39:57 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-08-15 00:39:53 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-08-15 00:39:52 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-08-15 00:39:46 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-08-15 00:39:43 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-08-15 00:39:36 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-08-15 00:39:30 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-08-15 00:39:26 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-08-15 00:39:22 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-08-15 00:39:14 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-08-15 00:39:10 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2010-08-15 00:39:06 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-08-15 00:39:01 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-08-15 00:37:59 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-08-15 00:37:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-08-15 00:37:49 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-08-15 00:37:45 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-08-15 00:37:41 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-15 00:37:36 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-08-15 00:37:33 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-08-15 00:37:28 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-08-15 00:37:24 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-08-15 00:37:22 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-08-15 00:37:18 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-08-15 00:37:08 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-08-15 00:37:03 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-08-15 00:35:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-08-15 00:34:57 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-08-15 00:33:57 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2010-08-15 00:32:55 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-08-15 00:32:43 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-08-15 00:32:36 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-08-15 00:32:31 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-08-15 00:32:26 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-08-15 00:32:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-08-15 00:32:09 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-08-15 00:32:05 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-08-15 00:32:02 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-08-15 00:30:57 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-08-15 00:29:57 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2010-08-15 00:28:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-08-15 00:27:57 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-08-15 00:26:57 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-08-15 00:25:59 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-08-15 00:24:53 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-08-15 00:23:59 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-08-15 00:22:59 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-08-15 00:21:59 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-08-15 00:20:58 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-08-15 00:19:58 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-08-15 00:18:59 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2010-08-15 00:17:58 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll
2010-08-15 00:16:59 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys
2010-08-15 00:15:59 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2010-08-15 00:14:56 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-08-15 00:13:30 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-08-12 22:41:13 0 d-----w- c:\docume~1\pete\applic~1\7ED0FF19829AB0E75B0EA13A4045FD63
2010-08-05 18:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-03 22:33:45 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-07-17 12:06:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:06:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 12:06:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-02-23 22:35:56 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-05 15:59:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100520081006\index.dat

============= FINISH: 7:38:28.56 ===============


Many thanks

Pete
 
Kaspersky is clean and your DDS Logs look good. :)

It looks like what MBAM found and deleted was leftover registry entries.

Computer is fine other than the reboot situation I explained in earlier posts.
Click to expand...

Have you had any problems with rebooting the computer since you last reported it (when you updated Java)?
 
Hi There,

Yes tried it just now, did a restart and it doesn't restart. Lots of HD activity and then idle. Bizarre. Not a huge problem as long as you don't think it's connected to Malware or something like that?

So do you think I'm free from disease :laugh:

All the best

Pete
 
That's strange, I don't think your reboot problem/situation has to do with malware/spyware as I don't see any in your most recent logs. The problem may be hardware related.

Here are some general troubleshooting forums which can better help diagnose and fix your rebooting problem than I can. :)


Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require free registration before posting for help.


Since there appear no more malware-related problems, you're good to go. :)


You can delete the following off of your computer:


DDS.scr
The two DDS Logs
GMER.zip
GMER.exe
The GMER Log


To remove ComboFix, do the following:

Go to Start > Run - type in ComboFix /Uninstall & click OK


Empty your Recycle Bin.


Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  • This will remove all restore points except the new one you just created.
.

Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.


Make your Internet Explorer more secure This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it asks you if you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK
  • Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
    Opera.
    If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
  • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.

Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

If your computer is running slow, click here for instructions on how to help speed up your computer.

Good luck!

Please reply one last time so that I know you have read my post and this thread can be closed.
 
Hi,

Have followed all your instructions. All does indeed appear to be well. Thank you so much for all your help and time. You're a saint!

Hopefully I won't need to call on your services again!

Thank you and all the best :bigthumb:

Pete
 
You're welcome. I'm glad I was able to help you out. :)

Good luck and safe surfing!

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top