Active DDS report not coming up and search engine results hijack

chickpea · 2009/09/23

[Active] DDS report not coming up and search engine results hijack

Hi there, I'm new to this site and don't know an awful lot about computers. I've downloaded the DDS program but whenever I double click on it, a DOS window flashes up and then disappears too fast for me to read it. I was prompted to come here because everytime I search with google, yahoo etc. I get redirected to a random search engine or a page in my history, rather than the actual search result. I have etrust anti-virus on my computer and I don't know what else to try, as this isn't finding anything. I also can't stay logged in to MSN messenger, as I keep getting an error message and it closes. I know this isn't the proper way to post problems, but I really need some help!

broni · 2009/09/23

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

================================================================

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

chickpea · 2009/09/24

Here's the logs from Combofix. I tried running Hijack this but I keep getting an error message saying 'cannot access the specified device, path or file. You may not have the appropriate permissions to access the item. "

ComboFix 09-09-23.02 - LogOn 24/09/2009 9:37.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.958.608 [GMT 1:00]
Running from: c:\documents and settings\LogOn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LogOn\Application Data\FunWebProducts
c:\documents and settings\LogOn\Application Data\FunWebProducts\Data\LogOn\avatar.dat
c:\documents and settings\LogOn\Application Data\FunWebProducts\Data\LogOn\zbucks.dat
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\recycler\S-1-5-21-2452231569-1352880408-4149497697-1003
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\WinRMSrv.msi

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-23 18:43 . 2009-09-23 18:47 -------- d-----w- c:\program files\trend micro
2009-09-23 18:43 . 2009-09-23 18:43 -------- d-----w- C:\rsit
2009-09-23 14:51 . 2009-09-23 15:13 -------- d-----w- C:\$AVG8.VAULT$
2009-09-23 14:27 . 2009-09-23 14:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-23 14:27 . 2009-09-23 14:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-23 14:27 . 2009-09-23 14:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-23 14:27 . 2009-09-23 14:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-23 14:25 . 2009-09-24 08:23 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-23 14:25 . 2009-09-23 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-23 14:25 . 2009-09-23 14:25 -------- d-----w- c:\program files\AVG
2009-09-23 14:25 . 2009-09-24 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-23 14:20 . 2009-09-23 14:20 -------- d-----w- c:\documents and settings\LogOn\Application Data\AVG8
2009-09-23 12:58 . 2009-09-24 08:20 0 ----a-r- c:\windows\win32k.sys
2009-09-20 11:34 . 2009-09-20 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure
2009-09-20 09:41 . 2009-09-20 09:41 -------- d-----w- c:\documents and settings\LogOn\Application Data\GameInvest
2009-09-20 09:39 . 2009-09-20 09:39 -------- d-----w- c:\documents and settings\LogOn\Application Data\Merscom
2009-09-19 14:32 . 2009-09-19 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-19 13:58 . 2009-09-19 13:58 -------- d-----w- c:\program files\bfgclient
2009-09-19 13:58 . 2009-09-19 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-09-04 08:25 . 2009-09-04 08:25 -------- d-----w- c:\documents and settings\LogOn\Local Settings\Application Data\Yahoo
2009-09-04 08:22 . 2009-09-04 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-04 08:22 . 2009-09-04 08:22 -------- d-----w- c:\documents and settings\LogOn\Application Data\Yahoo!
2009-09-04 08:21 . 2009-09-04 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-04 08:21 . 2009-09-04 08:22 -------- d-----w- c:\program files\Yahoo!
2009-08-28 13:37 . 2009-08-28 13:37 -------- d-sh--w- c:\documents and settings\LogOn\IECompatCache
2009-08-28 12:02 . 2009-08-28 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 20:30 . 2006-06-13 21:52 8738 ----a-w- c:\documents and settings\LogOn\Application Data\wklnhst.dat
2009-09-23 13:12 . 2005-08-24 02:03 -------- d-----w- c:\program files\PCEye2000
2009-09-21 21:20 . 2009-06-05 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-09-20 11:35 . 2009-02-27 13:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-20 09:39 . 2009-08-10 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-09-20 08:35 . 2009-07-09 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-03 19:41 . 2005-08-24 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 19:41 . 2009-06-05 20:00 -------- d-----w- c:\program files\Electronic Arts
2009-09-01 07:04 . 2009-03-09 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-01 07:04 . 2009-03-09 15:55 -------- d-----w- c:\program files\NOS
2009-08-25 08:12 . 2009-04-12 21:25 -------- d-----w- c:\documents and settings\LogOn\Application Data\Spotify
2009-08-20 15:14 . 2009-06-28 16:59 -------- d-----w- c:\program files\QuickTime
2009-08-16 09:52 . 2009-08-16 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishSavedGames
2009-08-14 17:14 . 2006-10-06 18:21 -------- d-----w- c:\documents and settings\LogOn\Application Data\Image Zone Express
2009-08-14 15:08 . 2005-11-16 18:59 34456 ----a-w- c:\documents and settings\LogOn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 15:32 . 2009-08-10 11:12 -------- d-----w- c:\program files\DOSBox-0.63
2009-08-10 10:24 . 2009-08-10 10:24 -------- d-----w- c:\documents and settings\LogOn\Application Data\Pogo Games
2009-08-10 08:07 . 2009-08-10 08:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-08-09 19:37 . 2009-08-09 19:37 -------- d-----w- c:\documents and settings\LogOn\Application Data\Gamelab
2009-08-09 10:14 . 2009-08-09 10:13 -------- d-----w- c:\documents and settings\LogOn\Application Data\Peace Craft
2009-08-07 07:33 . 2009-08-07 07:33 -------- d-----w- c:\program files\MSBuild
2009-08-07 07:33 . 2009-08-07 07:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 07:29 . 2009-08-07 07:29 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2005-02-14 23:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2005-02-14 23:48 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:08 . 2005-02-14 23:49 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2005-02-15 06:49 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-23 2007832]
"SoundMan "= "SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-16 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Power2GoExpress "= "c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-23 14:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Spotify\\spotify.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [01/06/2005 23:40 97920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/09/2009 15:27 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/09/2009 15:27 108552]
R1 SSHDRV5C;SSHDRV5C;c:\windows\system32\drivers\SSHDRV5C.sys [02/04/2006 02:34 34816]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/09/2009 15:25 297752]
S3 BEL6051(Belkin);Belkin 11Mbps Wireless USB Network Adapter Driver(Belkin);c:\windows\system32\DRIVERS\BEL6051.SYS --> c:\windows\system32\DRIVERS\BEL6051.SYS [?]
S3 kbeepm;kbeepm;\??\c:\docume~1\LogOn\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\LogOn\LOCALS~1\Temp\kbeepm.sys [?]
S3 PCD5CX2;PCD5CX2;\??\c:\docume~1\LogOn\LOCALS~1\Temp\PCD5CX2.sys --> c:\docume~1\LogOn\LOCALS~1\Temp\PCD5CX2.sys [?]
S3 ZDNDIS5;ZDNDIS5 Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.co.uk/
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 09:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\slserv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2009-09-24 9:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-24 08:47

Pre-Run: 133,812,457,472 bytes free
Post-Run: 137,439,858,688 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect

254 --- E O F --- 2009-09-09 12:27

broni · 2009/09/24

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\win32k.sys
c:\docume~1\LogOn\LOCALS~1\Temp\kbeepm.sys


Folder::

Driver::
kbeepm


Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

chickpea · 2009/09/25

Again, I can't run Hijack this. I can't access my anti-virus software either anymore. I can't even unistall it. I'm using AVG 8.5. The search engine results are back to normal, and there are no longer any problems with windows live messenger. I'm now just worried that my machine is unprotected.

ComboFix 09-09-23.02 - LogOn 25/09/2009 11:47.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.958.537 [GMT 1:00]
Running from: c:\documents and settings\LogOn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LogOn\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\docume~1\LogOn\LOCALS~1\Temp\kbeepm.sys "
"c:\windows\win32k.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\win32k.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KBEEPM
-------\Service_kbeepm

((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-23 18:43 . 2009-09-23 18:47 -------- d-----w- c:\program files\trend micro
2009-09-23 18:43 . 2009-09-23 18:43 -------- d-----w- C:\rsit
2009-09-23 14:51 . 2009-09-23 15:13 -------- d-----w- C:\$AVG8.VAULT$
2009-09-23 14:27 . 2009-09-23 14:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-23 14:27 . 2009-09-23 14:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-23 14:27 . 2009-09-23 14:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-23 14:27 . 2009-09-23 14:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-23 14:25 . 2009-09-25 10:32 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-23 14:25 . 2009-09-23 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-23 14:25 . 2009-09-23 14:25 -------- d-----w- c:\program files\AVG
2009-09-23 14:25 . 2009-09-25 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-23 14:20 . 2009-09-23 14:20 -------- d-----w- c:\documents and settings\LogOn\Application Data\AVG8
2009-09-20 11:34 . 2009-09-20 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure
2009-09-20 09:41 . 2009-09-20 09:41 -------- d-----w- c:\documents and settings\LogOn\Application Data\GameInvest
2009-09-20 09:39 . 2009-09-20 09:39 -------- d-----w- c:\documents and settings\LogOn\Application Data\Merscom
2009-09-19 14:32 . 2009-09-19 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3
2009-09-19 13:58 . 2009-09-19 13:58 -------- d-----w- c:\program files\bfgclient
2009-09-19 13:58 . 2009-09-19 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-09-04 08:25 . 2009-09-04 08:25 -------- d-----w- c:\documents and settings\LogOn\Local Settings\Application Data\Yahoo
2009-09-04 08:22 . 2009-09-04 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-04 08:22 . 2009-09-04 08:22 -------- d-----w- c:\documents and settings\LogOn\Application Data\Yahoo!
2009-09-04 08:21 . 2009-09-04 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-04 08:21 . 2009-09-04 08:22 -------- d-----w- c:\program files\Yahoo!
2009-08-28 13:37 . 2009-08-28 13:37 -------- d-sh--w- c:\documents and settings\LogOn\IECompatCache
2009-08-28 12:02 . 2009-08-28 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 20:30 . 2006-06-13 21:52 8738 ----a-w- c:\documents and settings\LogOn\Application Data\wklnhst.dat
2009-09-23 13:12 . 2005-08-24 02:03 -------- d-----w- c:\program files\PCEye2000
2009-09-21 21:20 . 2009-06-05 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-09-20 11:35 . 2009-02-27 13:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-20 09:39 . 2009-08-10 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-09-20 08:35 . 2009-07-09 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-03 19:41 . 2005-08-24 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 19:41 . 2009-06-05 20:00 -------- d-----w- c:\program files\Electronic Arts
2009-09-01 07:04 . 2009-03-09 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-01 07:04 . 2009-03-09 15:55 -------- d-----w- c:\program files\NOS
2009-08-25 08:12 . 2009-04-12 21:25 -------- d-----w- c:\documents and settings\LogOn\Application Data\Spotify
2009-08-20 15:14 . 2009-06-28 16:59 -------- d-----w- c:\program files\QuickTime
2009-08-16 09:52 . 2009-08-16 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishSavedGames
2009-08-14 17:14 . 2006-10-06 18:21 -------- d-----w- c:\documents and settings\LogOn\Application Data\Image Zone Express
2009-08-14 15:08 . 2005-11-16 18:59 34456 ----a-w- c:\documents and settings\LogOn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 15:32 . 2009-08-10 11:12 -------- d-----w- c:\program files\DOSBox-0.63
2009-08-10 10:24 . 2009-08-10 10:24 -------- d-----w- c:\documents and settings\LogOn\Application Data\Pogo Games
2009-08-10 08:07 . 2009-08-10 08:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-08-09 19:37 . 2009-08-09 19:37 -------- d-----w- c:\documents and settings\LogOn\Application Data\Gamelab
2009-08-09 10:14 . 2009-08-09 10:13 -------- d-----w- c:\documents and settings\LogOn\Application Data\Peace Craft
2009-08-07 07:33 . 2009-08-07 07:33 -------- d-----w- c:\program files\MSBuild
2009-08-07 07:33 . 2009-08-07 07:33 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 07:29 . 2009-08-07 07:29 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2005-02-14 23:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2005-02-14 23:48 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:08 . 2005-02-14 23:49 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2005-02-15 06:49 915456 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-24_08.45.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-25 10:54 . 2009-09-25 10:54 16384 c:\windows\temp\Perflib_Perfdata_970.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-23 2007832]
"SoundMan "= "SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-16 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Power2GoExpress "= "c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-23 14:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Spotify\\spotify.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [01/06/2005 23:40 97920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/09/2009 15:27 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/09/2009 15:27 108552]
R1 SSHDRV5C;SSHDRV5C;c:\windows\system32\drivers\SSHDRV5C.sys [02/04/2006 02:34 34816]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/09/2009 15:25 297752]
S3 BEL6051(Belkin);Belkin 11Mbps Wireless USB Network Adapter Driver(Belkin);c:\windows\system32\DRIVERS\BEL6051.SYS --> c:\windows\system32\DRIVERS\BEL6051.SYS [?]
S3 PCD5CX2;PCD5CX2;\??\c:\docume~1\LogOn\LOCALS~1\Temp\PCD5CX2.sys --> c:\docume~1\LogOn\LOCALS~1\Temp\PCD5CX2.sys [?]
S3 ZDNDIS5;ZDNDIS5 Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.co.uk/
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-25 11:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\windows\system32\slserv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-25 11:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 10:56
ComboFix2.txt 2009-09-24 08:47

Pre-Run: 137,301,913,600 bytes free
Post-Run: 137,384,730,624 bytes free

239 --- E O F --- 2009-09-09 12:27

broni · 2009/09/25

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

================================================================

Uninstall HJT. Download fresh copy and see, if it works.

Uninstall AVG, using AVG Remover: http://www.avg.com/download-tools

Install one of these:

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

Let me know....

chickpea · 2009/09/26

Both combofix and HJT were unistalled without problems. I downloaded a new copy of HJT and I'm still getting the same error message. AVG was unistalled successfully and I replaced it with Avast! antivirus and Comodo firewall. I have disabled windows firewall as intructed.
Are there any other issues to sort out or should my computer be fine now? The original problems have be sorted and I'm happy with the new anti-virus software. It all seems to be running fine with no problems. I'm so very grateful for your help!

broni · 2009/09/26

I'm glad to see your computer running better

See, if you can run DDS now.

chickpea · 2009/09/27

Yes, DDS will run now. Here's the logs

DDS (Ver_09-09-24.01) - NTFSx86
Run by LogOn at 12:03:04.09 on 27/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.958.427 [GMT 1:00]

AV: avast! antivirus 4.8.1356 [VPS 090926-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\LogOn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.co.uk/
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe "
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll

============= SERVICES / DRIVERS ===============

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2005-6-1 97920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-26 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-9-26 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-9-26 25160]
R1 SSHDRV5C;SSHDRV5C;c:\windows\system32\drivers\SSHDRV5C.sys [2006-4-2 34816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-26 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-26 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-9-26 723632]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-26 352920]
S3 BEL6051(Belkin);Belkin 11Mbps Wireless USB Network Adapter Driver(Belkin);c:\windows\system32\drivers\bel6051.sys --> c:\windows\system32\drivers\BEL6051.SYS [?]
S3 PCD5CX2;PCD5CX2;\??\c:\docume~1\logon\locals~1\temp\pcd5cx2.sys --> c:\docume~1\logon\locals~1\temp\PCD5CX2.sys [?]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-6-4 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-6-4 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-6-4 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-6-4 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-6-4 86368]
S3 ZDNDIS5;ZDNDIS5 Protocol Driver;\??\c:\windows\system32\zdndis5.sys --> c:\windows\system32\ZDNDIS5.SYS [?]

=============== Created Last 30 ================

2009-09-26 12:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-09-26 12:30 179,792 a------- c:\windows\system32\guard32.dll
2009-09-26 12:30 132,296 a------- c:\windows\system32\drivers\cmdguard.sys
2009-09-26 12:30 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-09-26 12:30 <DIR> --d----- c:\program files\COMODO
2009-09-26 11:06 <DIR> --ds---- C:\ComboFix
2009-09-24 09:36 <DIR> a-dshr-- C:\cmdcons
2009-09-23 19:43 <DIR> --d----- c:\program files\trend micro
2009-09-23 15:51 <DIR> --d----- C:\$AVG8.VAULT$
2009-09-23 15:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-23 15:25 <DIR> --d----- c:\program files\AVG
2009-09-23 15:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-23 15:20 <DIR> --d----- c:\docume~1\logon\applic~1\AVG8
2009-09-20 12:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sprouts Adventure
2009-09-20 10:41 <DIR> --d----- c:\docume~1\logon\applic~1\GameInvest
2009-09-20 10:39 <DIR> --d----- c:\docume~1\logon\applic~1\Merscom
2009-09-19 15:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy3
2009-09-19 14:58 <DIR> --d----- c:\program files\bfgclient
2009-09-19 14:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2009-09-04 09:21 <DIR> --d----- c:\program files\Yahoo!
2009-08-28 14:37 <DIR> --dsh--- c:\documents and settings\logon\IECompatCache
2009-08-28 13:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap

==================== Find3M ====================

2009-09-23 21:30 8,738 a------- c:\docume~1\logon\applic~1\wklnhst.dat
2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:09 915,456 -------- c:\windows\system32\wininet.dll
2006-05-22 20:26 33,200 ac------ c:\docume~1\logon\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 12:03:36.42 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 15/11/2005 04:29:40
System Uptime: 27/09/2009 11:51:09 (1 hours ago)

Motherboard: | | RS/RX482SB400
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 1999/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 184 GiB total, 127.98 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 26/09/2009 11:08:34 - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AiO_Scan_CDA
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Antivirus
Big Fish Games Client
Bonjour
BufferChm
Choice Guard
COMODO Internet Security
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
eSupportQFolder
F300
F300_Help
Fax_CDA
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
Immortal Cities
InstantShareDevicesMFC
iPod for Windows 2005-10-12
iTunes
Japanese Fonts Support For Adobe Reader 9
MarketResearch
Master of Olympus - Zeus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Works
Microsoft WSE 3.0 Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NewCopy_CDA
PCEye2000
PCFriendly
Pepakura Designer 3
Power2Go 4.0
PowerDVD
PowerStarter
ProductContextNPI
QuickTime
Readme
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Scan
ScannerCopy
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Shockwave
Sierra Utilities
Smart Link 56K Voice Modem
SolutionCenter
Sony Ericsson PC Suite
Spotify
Status
System Requirements Lab
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

25/09/2009 11:52:17, error: PlugPlayManager [11] - The device Root\LEGACY_KBEEPM\0000 disappeared from the system without first being prepared for removal.
24/09/2009 09:42:22, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
24/09/2009 09:41:59, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'addins' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
24/09/2009 09:35:07, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
24/09/2009 00:46:29, error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\D.
24/09/2009 00:12:30, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

broni · 2009/09/27

Very good

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 4.
Post fresh HijackThis log (if it'll run).
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Active DDS report not coming up and search engine results hijack

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active DDS report not coming up and search engine results hijack

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

chickpea Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches