Solved trojan / "Object is inaccessible."

Van you post the TDSS killer log please.

==

Can you update MBA_M and do a full scan then post the log please.

 

hi here is TDSS log
2010/08/04 17:04:13.0359 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/08/04 17:04:13.0359 ================================================================================
2010/08/04 17:04:13.0359 SystemInfo:
2010/08/04 17:04:13.0359
2010/08/04 17:04:13.0359 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/04 17:04:13.0359 Product type: Workstation
2010/08/04 17:04:13.0359 ComputerName: HOME-8WI9D3OO4Q
2010/08/04 17:04:13.0359 UserName: Dave
2010/08/04 17:04:13.0359 Windows directory: C:\WINDOWS
2010/08/04 17:04:13.0359 System windows directory: C:\WINDOWS
2010/08/04 17:04:13.0359 Processor architecture: Intel x86
2010/08/04 17:04:13.0359 Number of processors: 2
2010/08/04 17:04:13.0359 Page size: 0x1000
2010/08/04 17:04:13.0359 Boot type: Normal boot
2010/08/04 17:04:13.0359 ================================================================================
2010/08/04 17:04:13.0968 Initialize success
2010/08/04 17:04:18.0343 ================================================================================
2010/08/04 17:04:18.0343 Scan started
2010/08/04 17:04:18.0343 Mode: Manual;
2010/08/04 17:04:18.0343 ================================================================================
2010/08/04 17:04:21.0359 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/04 17:04:21.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/04 17:04:22.0515 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/04 17:04:22.0953 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/04 17:04:24.0500 ALCXWDM (9a6aa923f00d368c8ad3bd7485d5cdca) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/04 17:04:25.0750 AnyDVD (a198fd45dfe819c1f9a7bed90339842f) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2010/08/04 17:04:26.0359 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/04 17:04:26.0531 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/04 17:04:27.0281 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/04 17:04:28.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/04 17:04:28.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/04 17:04:28.0859 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/08/04 17:04:29.0218 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/08/04 17:04:29.0515 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/08/04 17:04:29.0859 avipbb (fbb00662821fd743b7d4fb1b5e87e1d1) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/08/04 17:04:30.0062 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/04 17:04:30.0359 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/04 17:04:30.0703 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/04 17:04:31.0156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/04 17:04:31.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/04 17:04:31.0562 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/04 17:04:33.0109 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/04 17:04:33.0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/04 17:04:34.0265 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/04 17:04:34.0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/04 17:04:35.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/04 17:04:35.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/04 17:04:36.0171 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/08/04 17:04:36.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/04 17:04:36.0453 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/04 17:04:36.0656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/04 17:04:36.0890 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/04 17:04:37.0171 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/04 17:04:37.0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/04 17:04:37.0734 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/04 17:04:38.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/04 17:04:38.0546 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/04 17:04:39.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/04 17:04:40.0265 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/04 17:04:40.0671 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2010/08/04 17:04:41.0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/04 17:04:42.0046 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/04 17:04:42.0343 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/04 17:04:42.0671 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/04 17:04:42.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/04 17:04:43.0218 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/04 17:04:43.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/04 17:04:43.0765 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/04 17:04:43.0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/04 17:04:44.0171 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/08/04 17:04:44.0375 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/04 17:04:44.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/04 17:04:45.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/04 17:04:45.0171 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/04 17:04:45.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/04 17:04:45.0609 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/04 17:04:45.0750 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/04 17:04:46.0000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/04 17:04:46.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/04 17:04:46.0609 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/04 17:04:46.0765 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/04 17:04:46.0953 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/04 17:04:47.0234 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/04 17:04:47.0515 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/04 17:04:47.0656 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/04 17:04:47.0781 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/04 17:04:48.0078 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/04 17:04:48.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/04 17:04:48.0515 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/04 17:04:48.0765 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/04 17:04:49.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/04 17:04:49.0203 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/04 17:04:49.0406 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/04 17:04:49.0687 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/04 17:04:49.0875 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/04 17:04:50.0093 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/08/04 17:04:50.0375 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/08/04 17:04:50.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/04 17:04:51.0031 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/04 17:04:51.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/04 17:04:51.0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/04 17:04:51.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/04 17:04:52.0187 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
2010/08/04 17:04:52.0359 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/04 17:04:52.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/04 17:04:53.0000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/04 17:04:53.0234 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/08/04 17:04:53.0468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/04 17:04:53.0921 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/04 17:04:54.0406 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/04 17:04:54.0843 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/08/04 17:04:57.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/04 17:04:57.0437 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/04 17:04:57.0859 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/04 17:04:58.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/04 17:04:58.0656 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/04 17:05:00.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/04 17:05:01.0031 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/04 17:05:01.0671 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/04 17:05:02.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/04 17:05:02.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/04 17:05:03.0343 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/04 17:05:03.0765 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/04 17:05:04.0250 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/04 17:05:04.0656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/04 17:05:05.0031 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/08/04 17:05:05.0421 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/04 17:05:05.0812 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/04 17:05:06.0296 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/08/04 17:05:06.0484 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/08/04 17:05:06.0875 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/04 17:05:07.0359 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/04 17:05:07.0984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/04 17:05:08.0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/04 17:05:09.0343 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/04 17:05:09.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/04 17:05:10.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/04 17:05:10.0468 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/04 17:05:11.0062 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/04 17:05:11.0453 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/04 17:05:11.0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/04 17:05:12.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/04 17:05:13.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/04 17:05:13.0765 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/04 17:05:14.0109 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/04 17:05:14.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/04 17:05:14.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/04 17:05:15.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/04 17:05:15.0968 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/08/04 17:05:16.0312 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/04 17:05:16.0609 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/04 17:05:16.0921 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/04 17:05:17.0250 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/04 17:05:17.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/04 17:05:17.0968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/04 17:05:18.0265 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/08/04 17:05:18.0625 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/08/04 17:05:18.0921 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/04 17:05:19.0203 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/04 17:05:19.0421 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/04 17:05:19.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/04 17:05:20.0000 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2010/08/04 17:05:20.0109 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/04 17:05:20.0296 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2010/08/04 17:05:20.0468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/04 17:05:20.0796 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
2010/08/04 17:05:21.0296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/04 17:05:21.0921 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/08/04 17:05:22.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/04 17:05:23.0234 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/08/04 17:05:23.0703 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/04 17:05:24.0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/04 17:05:24.0515 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/04 17:05:24.0812 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/04 17:05:25.0109 zumbus (6bfb54f73aae470e9299e66cbc7bb632) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2010/08/04 17:05:25.0187 ================================================================================
2010/08/04 17:05:25.0187 Scan finished
2010/08/04 17:05:25.0187 ================================================================================

 

here MBA log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/4/2010 6:18:53 PM
mbam-log-2010-08-04 (18-18-53).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 176566
Time elapsed: 52 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Latest MBA_M definitions are 4387. Looks like you didn't update before running.
Might be chasing our tail, but you never know what has been added to the later versions

 

oh bugger sry updated and running a new scan now , pc running fine its just the redirects thats annoying would these redirects affect pc in long run ??

 

here is updated log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4387

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/4/2010 8:28:04 PM
mbam-log-2010-08-04 (20-28-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 178615
Time elapsed: 45 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Ok. Lets give Combofix another go as it has been updated recently.

If you have it still on the pc, please delete it then;

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

hi here is combofix log
ComboFix 10-08-04.05 - Dave 08/05/2010 18:29:06.7.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1792 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-03 10:32 . 2010-08-03 11:21 -------- d-----w- c:\program files\trend micro
2010-08-03 10:32 . 2010-08-03 10:32 -------- d-----w- C:\rsit
2010-07-31 12:21 . 2010-08-01 01:06 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2010-07-31 11:06 . 2010-07-31 11:06 -------- d-----w- c:\program files\ESET
2010-07-26 06:59 . 2010-07-26 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Socusoft
2010-07-25 00:36 . 2010-07-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-07-23 12:48 . 2010-07-23 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 12:48 . 2010-07-23 12:48 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcp71.dll
2010-07-23 12:48 . 2010-07-23 12:48 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\jmc.dll
2010-07-23 12:48 . 2010-07-23 12:48 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcr71.dll
2010-07-23 12:48 . 2010-07-23 12:48 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-sse.dll
2010-07-23 12:48 . 2010-07-23 12:48 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-d3d.dll
2010-07-23 12:48 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- C:\_OTL
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 11:45 . 2010-07-22 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
2010-07-21 09:00 . 2010-07-21 09:00 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 09:00 . 2010-07-21 09:00 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 09:00 . 2010-07-21 09:00 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 09:00 . 2010-07-21 09:00 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-16 23:29 . 2010-07-16 23:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 23:29 . 2010-07-16 23:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 23:29 . 2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 23:27 . 2010-07-16 23:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 23:27 . 2010-07-16 23:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 23:27 . 2010-07-16 23:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 23:27 . 2010-07-16 23:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:45 . 2010-07-16 05:57 1901 ----a-w- c:\windows\panose.bin
2010-07-16 05:37 . 2001-04-11 03:03 6144 ----a-w- c:\windows\system32\W95fiber.dll
2010-07-16 05:37 . 2001-04-11 03:03 401484 ----a-w- c:\windows\system32\Msvcrtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-07-16 05:37 . 2001-04-11 03:03 94285 ----a-w- c:\windows\system32\Msvcirtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 133392 ----a-w- c:\windows\system32\Mfco30.dll
2010-07-16 05:37 . 2001-04-11 03:02 322832 ----a-w- c:\windows\system32\Mfc30.dll
2010-07-16 05:37 . 2001-04-11 03:02 212480 ----a-w- c:\windows\Pcdlib32.dll
2010-07-16 05:33 . 1998-10-02 09:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP2.DIR
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-07-14 07:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 08:56 . 2009-04-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-03 09:04 . 2009-04-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-31 05:56 . 2009-04-10 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 05:53 . 2010-05-04 10:08 63488 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-31 05:53 . 2009-04-10 02:24 117760 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-26 10:58 . 2009-04-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-26 10:53 . 2009-04-22 23:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 07:00 . 2010-04-25 02:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-25 07:36 . 2009-11-21 23:03 -------- d-----w- c:\documents and settings\Dave\Application Data\LimeWire
2010-07-25 03:03 . 2010-07-03 06:07 -------- d-----w- c:\program files\etax2010
2010-07-23 12:48 . 2009-04-21 05:23 -------- d-----w- c:\program files\Java
2010-07-21 08:11 . 2009-05-26 07:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Vso
2010-07-16 23:29 . 2009-04-12 10:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:28 . 2009-04-12 10:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-04 06:18 . 2010-07-04 06:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2010-07-02 04:13 . 2009-04-10 11:05 -------- d-----w- c:\program files\Opera
2010-06-26 04:28 . 2010-06-26 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 04:01 . 2009-12-06 08:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-26 03:59 . 2010-06-26 03:59 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-26 03:58 . 2010-06-26 03:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 03:58 . 2010-06-26 03:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-06-22 19:52 . 2010-06-26 03:58 69214784 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\Dave\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-14 14:31 . 2009-04-10 01:23 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-03 00:05 . 2009-04-12 10:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-10 07:37 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-30 01:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 03:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 8:19 PM 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 8:19 PM 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 9:28 AM 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:29 AM 308136]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 01:24]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-08-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]

2010-08-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/webhp?hl=en
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{81fdd779-57e9-0539-b8cd-d06cb867e3fd} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4C9B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=" "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(292)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-05 18:50:28
ComboFix-quarantined-files.txt 2010-08-05 08:50
ComboFix2.txt 2010-07-30 10:35

Pre-Run: 18,550,525,952 bytes free
Post-Run: 18,539,405,312 bytes free

- - End Of File - - 5964501CDF0A73DEE0967E9AB9AC74A8

 

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\documents and settings\All Users\Application Data\vsosdk
c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy

 

Hi crunchie ummm c:\documents and settings\All Users\Application Data\vsosdk scan found nothing..
c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr could not find this file ..
c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy found this file but when opened it there was nothing in it just a empty folder.
when looking for files i had to change settings find hidden folders to find these folders , any ideas why i couldnt find one and the other was empty ??

 

The one you could not find was probably just a registry leftover. The other I am not sure.

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

KillAll::

File::
c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy

ADS::

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

hi crunchie here is new combo fix log been side tracked a bit hence took me a while to get back anyways , had to run combofix in safe mode too ,to complete scan .
ComboFix 10-08-04.05 - Dave 08/07/2010 9:28.9.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1790 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy "
"c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr "
.

((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-03 10:32 . 2010-08-03 11:21 -------- d-----w- c:\program files\trend micro
2010-08-03 10:32 . 2010-08-03 10:32 -------- d-----w- C:\rsit
2010-07-31 12:21 . 2010-08-01 01:06 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2010-07-31 11:06 . 2010-07-31 11:06 -------- d-----w- c:\program files\ESET
2010-07-26 06:59 . 2010-07-26 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Socusoft
2010-07-25 00:36 . 2010-07-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-07-23 12:48 . 2010-07-23 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 12:48 . 2010-07-23 12:48 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcp71.dll
2010-07-23 12:48 . 2010-07-23 12:48 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\jmc.dll
2010-07-23 12:48 . 2010-07-23 12:48 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcr71.dll
2010-07-23 12:48 . 2010-07-23 12:48 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-sse.dll
2010-07-23 12:48 . 2010-07-23 12:48 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-d3d.dll
2010-07-23 12:48 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- C:\_OTL
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 11:45 . 2010-07-22 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
2010-07-21 09:00 . 2010-07-21 09:00 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 09:00 . 2010-07-21 09:00 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 09:00 . 2010-07-21 09:00 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 09:00 . 2010-07-21 09:00 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-16 23:29 . 2010-07-16 23:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 23:29 . 2010-07-16 23:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 23:29 . 2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 23:27 . 2010-07-16 23:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 23:27 . 2010-07-16 23:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 23:27 . 2010-07-16 23:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 23:27 . 2010-07-16 23:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:45 . 2010-07-16 05:57 1901 ----a-w- c:\windows\panose.bin
2010-07-16 05:37 . 2001-04-11 03:03 6144 ----a-w- c:\windows\system32\W95fiber.dll
2010-07-16 05:37 . 2001-04-11 03:03 401484 ----a-w- c:\windows\system32\Msvcrtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-07-16 05:37 . 2001-04-11 03:03 94285 ----a-w- c:\windows\system32\Msvcirtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 133392 ----a-w- c:\windows\system32\Mfco30.dll
2010-07-16 05:37 . 2001-04-11 03:02 322832 ----a-w- c:\windows\system32\Mfc30.dll
2010-07-16 05:37 . 2001-04-11 03:02 212480 ----a-w- c:\windows\Pcdlib32.dll
2010-07-16 05:33 . 1998-10-02 09:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP2.DIR
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-07-14 07:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 22:20 . 2009-04-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-03 09:04 . 2009-04-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-31 05:56 . 2009-04-10 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 05:53 . 2010-05-04 10:08 63488 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-31 05:53 . 2009-04-10 02:24 117760 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-26 10:58 . 2009-04-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-26 10:53 . 2009-04-22 23:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 07:00 . 2010-04-25 02:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-25 07:36 . 2009-11-21 23:03 -------- d-----w- c:\documents and settings\Dave\Application Data\LimeWire
2010-07-25 03:03 . 2010-07-03 06:07 -------- d-----w- c:\program files\etax2010
2010-07-23 12:48 . 2009-04-21 05:23 -------- d-----w- c:\program files\Java
2010-07-21 08:11 . 2009-05-26 07:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Vso
2010-07-16 23:29 . 2009-04-12 10:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:28 . 2009-04-12 10:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-04 06:18 . 2010-07-04 06:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2010-07-02 04:13 . 2009-04-10 11:05 -------- d-----w- c:\program files\Opera
2010-06-26 04:28 . 2010-06-26 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 04:01 . 2009-12-06 08:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-26 03:59 . 2010-06-26 03:59 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-26 03:58 . 2010-06-26 03:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 03:58 . 2010-06-26 03:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-06-22 19:52 . 2010-06-26 03:58 69214784 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\Dave\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-14 14:31 . 2009-04-10 01:23 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-03 00:05 . 2009-04-12 10:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-08-05_08.44.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-06 23:40 . 2010-08-06 23:40 16384 c:\windows\temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-10 07:37 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-30 01:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 03:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 8:19 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 8:19 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 9:28 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:29 AM 308136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 01:24]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-08-06 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]

2010-08-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/webhp?hl=en
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{81fdd779-57e9-0539-b8cd-d06cb867e3fd} - (no file)
BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-07 09:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A48FB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9defbd4
PacketIndicateHandler -> NDIS.sys @ 0xb9ddda0d
SendHandler -> NDIS.sys @ 0xb9df1b40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=" "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\WININET.dll
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\WININET.dll

- - - - - - - > 'Explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-07 09:55:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 23:55
ComboFix2.txt 2010-08-05 08:50
ComboFix3.txt 2010-07-30 10:35

Pre-Run: 18,499,293,184 bytes free
Post-Run: 18,483,650,560 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 8D1F7FBE8BDDC18D27EFA692B456618C

 

Can you run Gmer please and post the log.

 

hi crunchie here is gmer log i had to run it in safe mode cause when it finished i went to save log and it went into not responding and pc froze it happened 3 times thats why i tried safe mode :-

 

I cannot see it.

 

oops sry was watching footy as i did it and didnt realise "doh "

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-08 17:32:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\pggirfow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\system32\svchost.exe[628] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F6000A
.text C:\WINDOWS\Explorer.EXE[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1052] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1052] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\runonceex\1428@rdghixrd "C:\ComboFix\CF19866.cfxxe" /c "C:\ComboFix\Combobatch.bat "

---- EOF - GMER 1.0.15 ----

 

That looks ok.

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

 

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

Nothing there really to be concerned about. Spybot is not worth the space it uses these days.
Are you still getting the re-directs?

 

yes i still get redirected on various google searches but not all , also get random tabs open usually at start up of opening browser