[Inactiv] Another case of google links redirected, anti-spam sites blocked!

ConcreteFloater · 2009/01/19

Hello all!

I am experiencing exactly the same problems as 'grayfox' (His thread) and 'lisaandre' (Her thread). Needless to say it is driving me mad too and I'm starting to get the impression that my PC is becoming increasingly unstable as a result!

I'm not an expert with computers but am fairly confident. I'm desperate to resolve this problem and would be endlessly grateful for any help and advice.

Many thanks,

CF

PeteC · 2009/01/19

Welcome to WindowsBBS

Read this - it's at the head of the forum and you can hardly miss it - and post the logs requested into this thread.

ConcreteFloater · 2009/01/19

Hello PeteC.

Thank you so much for your quick reply. I'm sorry that I hadn't read '*** READ THIS BEFORE YOU POST A LOG ***'. I took it as only to applying to people who were about to post a log and would have saved us both time had I posted my logs with my initial request for help. Anyway...

Here are the two logs as requested:

The DDS log:

DDS (Ver_09-01-18.01) - NTFSx86
Run by Peter at 18:54:19.71 on 19/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1317 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Kontiki\KHost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Peter\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/apps/vso/en-gb/redir.asp?affid=105-64&installtype=force&dtag=jsswb2j&systempopup=true
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe "
mRun: [<NO NAME>]
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe "
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.3\apdproxy.exe "
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3pro\utility\Spyder3Utility.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdback~1.lnk - c:\program files\my book\wd backup\uBBMonitor.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ShAdmGen - {621483C7-EF15-1660-0E71-00BE5E159BBC} - c:\program files\lxgaheb\ShAdmGen.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\peter\applic~1\mozilla\firefox\profiles\578z67pc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\peter\application data\mozilla\firefox\profiles\578z67pc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\peter\application data\mozilla\firefox\profiles\578z67pc.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-15 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-15 26824]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-15 231704]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-6 12288]

=============== Created Last 30 ================

2009-01-17 20:26 <DIR> --dshr-- C:\resycled
2009-01-17 20:26 255 ---shr-- C:\autorun.inf
2009-01-17 16:00 <DIR> --d----- c:\program files\Lavasoft
2009-01-17 16:00 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-16 19:27 <DIR> --d----- c:\program files\iPod
2009-01-16 19:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 19:27 <DIR> --d----- c:\program files\iTunes
2009-01-15 19:50 <DIR> --d----- c:\docume~1\peter\applic~1\CopyTrans
2009-01-15 19:49 <DIR> --d----- c:\program files\WindSolutions
2009-01-15 19:20 <DIR> --d----- c:\docume~1\peter\applic~1\CopyTransDoctor
2009-01-15 19:19 <DIR> --d----- c:\docume~1\peter\applic~1\CopyTransControlCenter
2009-01-13 12:59 <DIR> --d----- c:\program files\FirmTools
2009-01-12 20:41 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-12 19:42 <DIR> --d----- c:\program files\COMPACT
2009-01-07 15:04 <DIR> --d----- c:\docume~1\peter\applic~1\JAlbum
2009-01-07 14:51 <DIR> --d----- c:\program files\Jalbum8.1
2008-12-31 09:31 <DIR> --d----- c:\program files\Navman
2008-12-31 09:29 <DIR> --d----- c:\program files\AvantGo Connect
2008-12-31 09:28 306,688 a------- c:\windows\IsUninst.exe
2008-12-31 09:28 2,510 a------- c:\windows\Microsoft.MIF
2008-12-23 21:29 21,463 a------- c:\windows\Aware40.mch

==================== Find3M ====================

2008-12-13 06:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-07 01:20 499,712 a------- c:\windows\system32\msvcp71.dll
2008-12-07 01:20 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-04 21:46 180,224 a------- c:\windows\system32\xvidvfw.dll
2008-12-04 21:42 815,104 a------- c:\windows\system32\xvidcore.dll
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-02-10 11:02 40,216 a------- c:\docume~1\peter\applic~1\GDIPFONTCACHEV1.DAT
2007-05-31 20:49 1,004,960 ---sh--- c:\windows\system32\cbeeg.bak1
2008-10-14 17:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat

============= FINISH: 18:54:38.50 ===============

...and the 'Attach' log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 31/05/2007 11:55:40
System Uptime: 19/01/2009 16:22:09 (2 hours ago)

Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | Microprocessor | 1995/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 50 GiB total, 6.482 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
4oD
Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 6.0.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Album Creator
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.0
BBC iPlayer Download Manager
Bonjour
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Connect
CyberSky 4
dBpoweramp Aiff Codec
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
Dell Support 5.0.0 (630)
Dell System Restore
Diskeeper 2008 Pro Premier
Eusing Free Registry Cleaner
Extension Renamer
FLIQLO Screen Saver
FLV Player 2.0 (build 25)
GameShadow
Genuine Fractals 5.0
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
Intellihance Pro 4.2
iTunes
Jalbum 8.1
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kuler
Lightroom
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Magic ISO Maker v5.4 (build 0239)
Mask Pro 4.1
McAfee Uninstaller
mCore
MCU
mDrWiFi
Medieval CUE Splitter
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync 3.7
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.0.5)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
Navman SmartST Desktop for iCN530
Nero 7
neroxml
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Poser 7
PowerDVD 5.7
Quest3D Viewers 3.0e
QuickSet
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sky Anytime
Sonic Encoders
Spybot - Search & Destroy
Spyder3Pro
Suite Shared Configuration CS4
SWiSH Max2
Synaptics Pointing Device Driver
UMVPLStandalone
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vertus Fluid Mask 3 2.100.2-RC2
Victoria 4.2 Base
Victoria 4.2 Morphs++
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
WD Backup
WD Diagnostics
WD Firewire HID Driver
Web Buttons
WebFldrs XP
WinAce Archiver
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

13/01/2009 20:18:26, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
13/01/2009 19:50:22, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
13/01/2009 14:06:50, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001302888B5F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
16/01/2009 10:35:00, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
17/01/2009 12:05:09, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==== End Of File ===========================

WOW!!! Im sure these logs makes some sense to you but to me it's a bit like having my (digital) tarrot read!

Thanks again.

CF

PeteC · 2009/01/19

Ok - that's fine

One of our trained malware analysts will deal with your logs in due course. They are kept extremely busy and all logs are dealt with in the order received.

noahdfear · 2009/01/20

Welcome to WindowsBBS ConcreteFloater

Download RootRepeal to your Desktop.

Extract the compressed file to it's own folder.

Open the folder and doubleclick on RootRepeal.exe to run it.

Click on the Report tab, and then click on: Scan

A window opens asking what to include in the scan.

Check the following boxes then click OK:

Drivers

Files

Processes

SSDT

Stealth Objects

Hidden Services

You will then be asked which drive to scan.

Check C: (or the drive your operating system is installed on, if not C)

Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here.

ConcreteFloater · 2009/01/20

Hello

Thank you so much for your reply. The first time I ran RootRepeal it crached. Here is the report if it helps:

ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x0040e77a
Attempt to read from address: 0x00bd9004

I then rebooted my PC and reran the program. Here is the report as requested:

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/01/20 13:50
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0744000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA632000 Size: 8192 File Visible: No
Status: -

Name: gaopdxmgknoboo.sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxmgknoboo.sys
Address: 0xB09B2000 Size: 176128 File Visible: -
Status: Hidden from Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xADC68000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\gaopdxisjleajk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gaopdxhvisiurx.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gaopdxlsbowmvp.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gaopdxmgknoboo.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gaopdxserv.sys
Status: Invisible to the Windows API!

Hidden Services
-------------------
Service Name: gaopdxserv.sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxmgknoboo.sys

Thanks again for your help.

CF

noahdfear · 2009/01/20

I would like for you to download ComboFix by sUBs from here, saving the file to your desktop. If you are unable to download it on your computer, do you have access to another and flash drive to transfer the file with? If successful, continue as follows.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

ConcreteFloater · 2009/01/21

Hi.

Before rebooting the computer it asked me to note the following files:

c:\windows\system32\drivers\gaopdxmgknoboo.sys
c:\windows\system32\gaopdxisjleajk.dll

Here is the report it generated:

ComboFix 09-01-20.05 - Peter 2009-01-21 10:32:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1503 [GMT 0:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Peter\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\system32\cbeeg.bak1
c:\windows\system32\drivers\gaopdxeiqftuka.sys
c:\windows\system32\drivers\gaopdxhvisiurx.sys
c:\windows\system32\drivers\gaopdxlsbowmvp.sys
c:\windows\system32\drivers\gaopdxmgknoboo.sys
c:\windows\system32\gaopdxisjleajk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-21 10:24 . 2009-01-21 10:25 <DIR> d-------- C:\32788R22FWJFW
2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-17 16:00 . 2009-01-17 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\program files\iTunes
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\program files\iPod
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 19:50 . 2009-01-15 19:50 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTrans
2009-01-15 19:49 . 2009-01-16 11:38 <DIR> d-------- c:\program files\WindSolutions
2009-01-15 19:20 . 2009-01-15 19:41 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTransDoctor
2009-01-15 19:19 . 2009-01-15 19:19 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTransControlCenter
2009-01-14 13:47 . 2009-01-14 13:47 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-14 13:44 . 2009-01-14 13:44 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-13 12:59 . 2009-01-13 12:59 <DIR> d-------- c:\program files\FirmTools
2009-01-12 20:41 . 2009-01-15 17:51 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-12 19:42 . 2009-01-12 19:42 <DIR> d-------- c:\program files\COMPACT
2009-01-07 15:04 . 2009-01-07 15:04 <DIR> d-------- c:\documents and settings\Peter\Application Data\JAlbum
2009-01-07 14:51 . 2009-01-14 14:39 <DIR> d-------- c:\program files\Jalbum8.1
2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d-------- c:\program files\Navman
2008-12-31 09:29 . 2008-12-31 09:29 <DIR> d-------- c:\program files\AvantGo Connect
2008-12-31 09:28 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-31 09:28 . 2008-12-31 09:29 2,510 --a------ c:\windows\Microsoft.MIF
2008-12-23 21:29 . 2008-12-23 21:29 21,463 --a------ c:\windows\Aware40.mch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 10:41 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-19 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-17 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-17 10:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-16 19:27 --------- d-----w c:\program files\Common Files\Apple
2009-01-16 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-14 14:39 --------- d-----w c:\program files\Xvid
2009-01-14 14:39 --------- d-----w c:\program files\Web Buttons
2009-01-14 14:21 --------- d-----w c:\program files\Common Files\Adobe
2009-01-14 09:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 09:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-31 09:29 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-26 23:22 --------- d-----w c:\documents and settings\Peter\Application Data\dBpoweramp
2008-12-26 23:11 --------- d-----w c:\documents and settings\Peter\Application Data\AccurateRip
2008-12-17 10:46 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 01:21 --------- d-----w c:\program files\Common Files\xing shared
2008-12-07 01:21 --------- d-----w c:\program files\Common Files\Real
2008-12-05 23:46 --------- d-----w c:\program files\QuickTime
2008-12-05 23:46 --------- d-----w c:\program files\Bonjour
2008-12-05 17:00 --------- d-----w c:\program files\MudCreek
2008-11-21 18:33 --------- d-----w c:\program files\FLV Player
2008-02-10 11:02 40,216 ----a-w c:\documents and settings\Peter\Application Data\GDIPFONTCACHEV1.DAT
2008-10-14 17:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101420081015\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"LogitechCommunicationsManager "= "c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX "= "c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"4oD "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Adobe Photo Downloader "= "c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"WD Button Manager "= "WDBtnMgr.exe" [2007-05-31 c:\windows\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2007-11-06 6306019]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-05-31 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ShAdmGen "= {621483C7-EF15-1660-0E71-00BE5E159BBC} - c:\program files\lxgaheb\ShAdmGen.dll [2008-10-12 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-15 97928]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 231704]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-06 12288]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35654f90-65f3-11dc-9b5d-0015c5210577}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com i:
\Shell\Open\command - i:\resycled\boot.com i:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dfc6ae1-0f74-11dc-9b3c-0015c5210577}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dfc6ae2-0f74-11dc-9b3c-0015c5210577}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - f:\resycled\boot.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dfc6ae3-0f74-11dc-9b3c-0015c5210577}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - "resycl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc3a4ded-fabd-11dc-9bab-0015c5210577}]
\shell\play\Command - "c:\program files\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L "
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/apps/vso/en-gb/redir.asp?affid=105-64&installtype=force&dtag=jsswb2j&systempopup=true
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 10:40:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Kontiki\KService.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-01-21 10:46:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-21 10:46:26

Pre-Run: 11,162,222,592 bytes free
Post-Run: 12,044,189,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

255 --- E O F --- 2009-01-14 09:36:32

When I restarted all my realtime protection spybot reported a number of changes to the system. I think these may have been as a result of ComboFix asking me to install some windows softwere... sorry though, I can't remember what it was! Some kind of security thing I think. Since installing it I now have a internet explores icon on my desktop. I use Firefox and had removed the explorer icon. Think this is all okay?

Thanks again.

CF

noahdfear · 2009/01/21

Hope you allowed those changes Spybot informed you of. They were no doubt necessary changes being made by ComboFix. It's normal for ComboFix to restore the IE icon on the desktop too.

Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Plug in your USB flash drive.

Double-click Flash_Disinfector.exe to run it.

Follow any prompts that may appear.

Your desktop will vanish for a while, and then reappear. This is normal.

Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
 "ShAdmGen "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35654f90-65f3-11dc-9b5d-0015c5210577}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dfc6ae1-0f74-11dc-9b3c-0015c5210577}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dfc6ae2-0f74-11dc-9b3c-0015c5210577}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dfc6ae3-0f74-11dc-9b3c-0015c5210577}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc3a4ded-fabd-11dc-9bab-0015c5210577}]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

ConcreteFloater · 2009/01/22

Hello again 'noahdfear'.

I followed instructions as specified. When I ran 'Flash Disinfector' I did it on my only USB flash drive but wasn't sure if I needed to fun it with any other form of removable drive so I also ran it with an external drive I have attached and then with my iPod. When I attached my iPod AVG resident shield identified a 'win32/Cryptor' infection almost immediately. I opted to 'heal' it and continued to scan with 'Flash Disinfector'.

The details of the infection found by AVG are as follow:

Infection: win32/Cryptor
Object: I:\resycled\boot.com
Result: Moved to Vault
Process: c:\windows\system32\rundll32.exe

Not sure if any of this is relevant but I imagine it is!

As for the scan with ComboFix, here is the log:

ComboFix 09-01-20.05 - Peter 2009-01-22 13:19:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1192 [GMT 0:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Peter\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-17 16:00 . 2009-01-17 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\program files\iTunes
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\program files\iPod
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 19:50 . 2009-01-15 19:50 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTrans
2009-01-15 19:49 . 2009-01-16 11:38 <DIR> d-------- c:\program files\WindSolutions
2009-01-15 19:20 . 2009-01-15 19:41 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTransDoctor
2009-01-15 19:19 . 2009-01-15 19:19 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTransControlCenter
2009-01-14 13:47 . 2009-01-14 13:47 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-14 13:44 . 2009-01-14 13:44 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-13 12:59 . 2009-01-13 12:59 <DIR> d-------- c:\program files\FirmTools
2009-01-12 20:41 . 2009-01-15 17:51 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-12 19:42 . 2009-01-12 19:42 <DIR> d-------- c:\program files\COMPACT
2009-01-07 15:04 . 2009-01-07 15:04 <DIR> d-------- c:\documents and settings\Peter\Application Data\JAlbum
2009-01-07 14:51 . 2009-01-14 14:39 <DIR> d-------- c:\program files\Jalbum8.1
2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d-------- c:\program files\Navman
2008-12-31 09:29 . 2008-12-31 09:29 <DIR> d-------- c:\program files\AvantGo Connect
2008-12-31 09:28 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-31 09:28 . 2008-12-31 09:29 2,510 --a------ c:\windows\Microsoft.MIF
2008-12-23 21:29 . 2008-12-23 21:29 21,463 --a------ c:\windows\Aware40.mch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 13:19 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-19 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-17 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-17 10:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-16 19:27 --------- d-----w c:\program files\Common Files\Apple
2009-01-16 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-14 14:39 --------- d-----w c:\program files\Xvid
2009-01-14 14:39 --------- d-----w c:\program files\Web Buttons
2009-01-14 14:21 --------- d-----w c:\program files\Common Files\Adobe
2009-01-14 09:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 09:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-31 09:29 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-26 23:22 --------- d-----w c:\documents and settings\Peter\Application Data\dBpoweramp
2008-12-26 23:11 --------- d-----w c:\documents and settings\Peter\Application Data\AccurateRip
2008-12-17 10:46 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-07 01:21 --------- d-----w c:\program files\Common Files\xing shared
2008-12-07 01:21 --------- d-----w c:\program files\Common Files\Real
2008-12-07 01:20 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-07 01:20 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-05 23:46 --------- d-----w c:\program files\QuickTime
2008-12-05 23:46 --------- d-----w c:\program files\Bonjour
2008-12-05 17:00 --------- d-----w c:\program files\MudCreek
2008-12-04 21:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 21:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-02-10 11:02 40,216 ----a-w c:\documents and settings\Peter\Application Data\GDIPFONTCACHEV1.DAT
2008-10-14 17:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101420081015\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-21_10.45.19.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-21 10:36:53 73,676 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-21 10:44:29 73,676 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-21 10:36:53 447,080 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-21 10:44:29 447,080 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"LogitechCommunicationsManager "= "c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX "= "c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"4oD "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Adobe Photo Downloader "= "c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"WD Button Manager "= "WDBtnMgr.exe" [2007-05-31 c:\windows\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2007-11-06 6306019]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-05-31 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ShAdmGen "= {621483C7-EF15-1660-0E71-00BE5E159BBC} - c:\program files\lxgaheb\ShAdmGen.dll [2008-10-12 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-15 97928]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 231704]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-06 12288]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/apps/vso/en-gb/redir.asp?affid=105-64&installtype=force&dtag=jsswb2j&systempopup=true
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 13:20:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-22 13:22:05
ComboFix-quarantined-files.txt 2009-01-22 13:22:03
ComboFix2.txt 2009-01-22 12:56:50
ComboFix3.txt 2009-01-21 10:46:30

Pre-Run: 11,553,116,160 bytes free
Post-Run: 11,534,405,632 bytes free

208 --- E O F --- 2009-01-21 14:50:14

As always, your help is truly appreciated.

Regards,

CF

noahdfear · 2009/01/22

Good job plugging in that ipod ... I'd have never though of it.

I missed one. Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Folder::
c:\program files\lxgaheb
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
 "ShAdmGen "=-
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Next, do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here as well.

ConcreteFloater · 2009/01/24

Hi noahdfear.

This is the ComboFix log:

ComboFix 09-01-20.05 - Peter 2009-01-23 23:11:13.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1108 [GMT 0:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Peter\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\lxgaheb
c:\program files\lxgaheb\ShAdmGen.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-17 16:00 . 2009-01-17 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\program files\iTunes
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\program files\iPod
2009-01-16 19:27 . 2009-01-16 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 19:50 . 2009-01-15 19:50 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTrans
2009-01-15 19:49 . 2009-01-16 11:38 <DIR> d-------- c:\program files\WindSolutions
2009-01-15 19:20 . 2009-01-15 19:41 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTransDoctor
2009-01-15 19:19 . 2009-01-15 19:19 <DIR> d-------- c:\documents and settings\Peter\Application Data\CopyTransControlCenter
2009-01-14 13:47 . 2009-01-14 13:47 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-14 13:44 . 2009-01-14 13:44 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-13 12:59 . 2009-01-13 12:59 <DIR> d-------- c:\program files\FirmTools
2009-01-12 20:41 . 2009-01-15 17:51 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-12 19:42 . 2009-01-12 19:42 <DIR> d-------- c:\program files\COMPACT
2009-01-07 15:04 . 2009-01-07 15:04 <DIR> d-------- c:\documents and settings\Peter\Application Data\JAlbum
2009-01-07 14:51 . 2009-01-14 14:39 <DIR> d-------- c:\program files\Jalbum8.1
2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d-------- c:\program files\Navman
2008-12-31 09:29 . 2008-12-31 09:29 <DIR> d-------- c:\program files\AvantGo Connect
2008-12-31 09:28 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-31 09:28 . 2008-12-31 09:29 2,510 --a------ c:\windows\Microsoft.MIF
2008-12-23 21:29 . 2008-12-23 21:29 21,463 --a------ c:\windows\Aware40.mch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-19 19:29 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-17 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-17 10:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-16 19:27 --------- d-----w c:\program files\Common Files\Apple
2009-01-16 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-14 14:39 --------- d-----w c:\program files\Xvid
2009-01-14 14:39 --------- d-----w c:\program files\Web Buttons
2009-01-14 14:21 --------- d-----w c:\program files\Common Files\Adobe
2009-01-14 09:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 09:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-31 09:29 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-26 23:22 --------- d-----w c:\documents and settings\Peter\Application Data\dBpoweramp
2008-12-26 23:11 --------- d-----w c:\documents and settings\Peter\Application Data\AccurateRip
2008-12-17 10:46 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-07 01:21 --------- d-----w c:\program files\Common Files\xing shared
2008-12-07 01:21 --------- d-----w c:\program files\Common Files\Real
2008-12-07 01:20 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-07 01:20 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-05 23:46 --------- d-----w c:\program files\QuickTime
2008-12-05 23:46 --------- d-----w c:\program files\Bonjour
2008-12-05 17:00 --------- d-----w c:\program files\MudCreek
2008-12-04 21:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 21:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-02-10 11:02 40,216 ----a-w c:\documents and settings\Peter\Application Data\GDIPFONTCACHEV1.DAT
2008-10-14 17:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101420081015\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-21_10.45.19.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-21 10:36:53 73,676 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-22 15:18:26 73,676 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-21 10:36:53 447,080 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-22 15:18:26 447,080 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-22 15:14:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_258.dat
+ 2009-01-22 15:14:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"LogitechCommunicationsManager "= "c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX "= "c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"4oD "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Adobe Photo Downloader "= "c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440]
"kdx "= "c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
"WD Button Manager "= "WDBtnMgr.exe" [2007-05-31 c:\windows\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2007-11-06 6306019]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-05-31 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe "=
"c:\\Program Files\\Kontiki\\KService.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-15 97928]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 231704]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2007-11-06 12288]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

SSODL-ShAdmGen-{621483C7-EF15-1660-0E71-00BE5E159BBC} - c:\program files\lxgaheb\ShAdmGen.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/apps/vso/en-gb/redir.asp?affid=105-64&installtype=force&dtag=jsswb2j&systempopup=true
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\578z67pc.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 23:14:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-23 23:16:08
ComboFix-quarantined-files.txt 2009-01-23 23:16:06
ComboFix2.txt 2009-01-22 13:22:06
ComboFix3.txt 2009-01-22 12:56:50
ComboFix4.txt 2009-01-21 10:46:30

Pre-Run: 11,270,512,640 bytes free
Post-Run: 11,418,537,984 bytes free

217 --- E O F --- 2009-01-21 14:50:14

...and the Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 23, 2009 17:01:56
Records in database: 1675780
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 177822
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:34:18

No malware has been detected. The scan area is clean.

The selected area was scanned.

I just thought (probbly a bit late to ask now) should I have done this scan with my external hard drive attached and also my iPod or will it be enough to scan them with an updated AVG once my C-drive is clean?

Also... I have started having exactly the same symptoms and problems with my desktop!!! Just as it seamed we were winning. Could I please ask you to take a look at the DDS log files that I made of my desktop too. I would fully understand if I am asking too much of you. If you are happy to help me with the second PC I will attach the DDS logs to another post below this one so as not to cause any confusion.

Once again, many thanks.

CF

ConcreteFloater · 2009/01/24

Hi.

As I mentioned, here are the DDS logs from my desktop.

The DDS log:

DDS (Ver_09-01-18.01) - NTFSx86
Run by Delia at 16:24:10.12 on 24/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1616 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Documents and Settings\Delia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE "
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.4\apdproxy.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3pro\utility\Spyder3Utility.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\delia\applic~1\mozilla\firefox\profiles\x99p6ruf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-14 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-14 26824]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-7-6 14095]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-3-19 12288]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-14 231704]

=============== Created Last 30 ================

2009-01-17 15:48 <DIR> --d----- c:\program files\Lavasoft
2009-01-17 15:47 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-16 13:42 <DIR> --dshr-- C:\resycled
2009-01-16 12:43 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-01-05 16:41 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-06-14 13:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061420080615\index.dat

============= FINISH: 16:24:24.78 ===============

...and the 'attach' log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/03/2008 13:16:10
System Uptime: 24/01/2009 16:02:16 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7345
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU 1 | 2671/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 40 GiB total, 6.328 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 115.036 GiB free.
E: is FIXED (NTFS) - 120 GiB total, 58.391 GiB free.
F: is FIXED (NTFS) - 86 GiB total, 74.03 GiB free.
G: is FIXED (NTFS) - 20 GiB total, 10.816 GiB free.
X: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP112: 20/10/2008 10:47:01 - System Checkpoint
RP113: 21/10/2008 10:32:34 - Software Distribution Service 3.0
RP114: 22/10/2008 08:21:21 - Avg8 Update
RP115: 23/10/2008 09:11:00 - System Checkpoint
RP116: 25/10/2008 13:15:22 - System Checkpoint
RP117: 26/10/2008 11:55:15 - Software Distribution Service 3.0
RP118: 27/10/2008 15:54:44 - System Checkpoint
RP119: 28/10/2008 17:45:58 - System Checkpoint
RP120: 30/10/2008 08:34:23 - System Checkpoint
RP121: 31/10/2008 12:57:33 - System Checkpoint
RP122: 03/11/2008 12:10:07 - System Checkpoint
RP123: 04/11/2008 14:48:37 - System Checkpoint
RP124: 05/11/2008 16:07:29 - System Checkpoint
RP125: 06/11/2008 16:39:48 - System Checkpoint
RP126: 07/11/2008 17:56:50 - System Checkpoint
RP127: 12/11/2008 14:30:31 - Avg8 Update
RP128: 14/11/2008 09:56:26 - Software Distribution Service 3.0
RP129: 16/11/2008 13:12:43 - System Checkpoint
RP130: 18/11/2008 14:10:59 - System Checkpoint
RP131: 20/11/2008 10:14:51 - System Checkpoint
RP132: 21/11/2008 16:35:59 - System Checkpoint
RP133: 24/11/2008 09:39:13 - System Checkpoint
RP134: 25/11/2008 11:30:45 - System Checkpoint
RP135: 27/11/2008 13:39:54 - Avg8 Update
RP136: 28/11/2008 13:46:09 - System Checkpoint
RP137: 30/11/2008 17:33:54 - System Checkpoint
RP138: 01/12/2008 19:10:31 - System Checkpoint
RP139: 02/12/2008 19:59:04 - System Checkpoint
RP140: 03/12/2008 20:08:07 - System Checkpoint
RP141: 04/12/2008 20:37:35 - System Checkpoint
RP142: 05/12/2008 20:54:32 - System Checkpoint
RP143: 07/12/2008 16:52:15 - System Checkpoint
RP144: 08/12/2008 19:02:46 - System Checkpoint
RP145: 09/12/2008 23:29:21 - System Checkpoint
RP146: 11/12/2008 02:11:59 - Software Distribution Service 3.0
RP147: 11/12/2008 13:52:49 - Software Distribution Service 3.0
RP148: 12/12/2008 14:47:26 - System Checkpoint
RP149: 13/12/2008 10:16:07 - Avg8 Update
RP150: 14/12/2008 17:02:00 - System Checkpoint
RP151: 15/12/2008 18:33:30 - System Checkpoint
RP152: 19/12/2008 10:46:28 - Installed Navman SmartST Desktop for iCN530
RP153: 19/12/2008 17:04:27 - Software Distribution Service 3.0
RP154: 05/01/2009 10:45:47 - System Checkpoint
RP155: 05/01/2009 16:41:32 - Installed Java(TM) 6 Update 11
RP156: 06/01/2009 18:17:31 - System Checkpoint
RP157: 07/01/2009 18:22:19 - System Checkpoint
RP158: 08/01/2009 20:22:26 - System Checkpoint
RP159: 10/01/2009 12:21:32 - System Checkpoint
RP160: 11/01/2009 18:05:34 - System Checkpoint
RP161: 12/01/2009 18:24:19 - System Checkpoint
RP162: 13/01/2009 19:23:23 - System Checkpoint
RP163: 14/01/2009 16:25:27 - Software Distribution Service 3.0
RP164: 14/01/2009 20:05:41 - Installed QuickTime
RP165: 15/01/2009 21:31:50 - System Checkpoint
RP166: 16/01/2009 12:43:58 - Installed iTunes
RP167: 16/01/2009 12:57:46 - Removed iTunes
RP168: 16/01/2009 14:13:54 - Installed iTunes
RP169: 16/01/2009 14:32:19 - Removed iTunes

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
America's Army
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bonjour
Connect
Diskeeper 2008 Pro Premier
EPSON Printer Software
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Java(TM) 6 Update 11
Java(TM) 6 Update 7
kuler
Lightroom
Logitech iTouch Software
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 6.0 Parser (KB933579)
Navman SmartST Desktop for iCN530
NotamPlot v2.3 2.3
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
QuickTime
Real Alternative 1.8.0 Lite
Realtek High Definition Audio Driver
Search Settings 1.2
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Spyder3Pro
Suite Shared Configuration CS4
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
ViewSonic Windows XP Signed Files
WebFldrs XP
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

18/01/2009 12:02:08, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
17/01/2009 18:33:30, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/01/2009 18:33:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
17/01/2009 18:31:52, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
17/01/2009 18:31:52, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:31:52, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:31:52, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:31:52, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:31:52, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:31:52, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:31:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
17/01/2009 16:29:48, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
17/01/2009 15:35:58, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BETSY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AACE56FD-6913-4CDE-88A. The master browser is stopping or an election is being forced.
17/01/2009 11:24:14, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0019DBF6EA3F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
19/01/2009 09:45:13, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 0019DBF6EA3F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

I would appreciate your thoughts.

Regards,

CF

noahdfear · 2009/01/25

Lets finish up on the first machine. ComboFix log looks great on the first machine. Lets get an online scan to be sure we haven't overlooked anything. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

Now, slightly different infection on the desktop, but we'll attack it with the same tool. Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

ConcreteFloater · 2009/01/27

Hello again.

The log from Kaspersky looks promising:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 26, 2009 17:36:56
Records in database: 1703269
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 325578
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:54:23

No malware has been detected. The scan area is clean.

The selected area was scanned.

...and here is the ComboFix log from my desktop. After running ComboFix I can now at least update and run AVG:

ComboFix 09-01-21.04 - Delia 2009-01-27 10:46:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1688 [GMT 0:00]
Running from: c:\documents and settings\Delia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\system32\drivers\gaopdxyvbnyfjk.sys
c:\windows\system32\gaopdxrjlkltiq.dll
D:\resycled
d:\resycled\boot.com
E:\resycled
e:\resycled\boot.com
F:\resycled
f:\resycled\boot.com
G:\resycled
g:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-21 15:12 . 2009-01-21 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-20 14:50 . 2009-01-20 14:50 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-20 14:49 . 2009-01-20 14:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-17 16:28 . 2009-01-17 16:28 <DIR> d-------- c:\documents and settings\Administrator
2009-01-17 15:48 . 2009-01-17 15:48 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 15:48 . 2009-01-17 15:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-17 15:47 . 2009-01-17 15:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-16 12:43 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-14 20:09 . 2009-01-16 12:44 <DIR> d-------- c:\documents and settings\Delia\Application Data\Apple Computer
2009-01-14 20:05 . 2009-01-14 20:07 <DIR> d-------- c:\program files\QuickTime
2009-01-14 20:05 . 2009-01-16 12:42 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-14 20:05 . 2009-01-14 20:05 <DIR> d-------- c:\program files\Apple Software Update
2009-01-14 20:05 . 2009-01-14 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-14 20:05 . 2009-01-14 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-05 16:41 . 2009-01-05 16:41 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 14:51 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-16 12:43 --------- d-----w c:\program files\Bonjour
2009-01-14 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-05 16:41 --------- d-----w c:\program files\Java
2008-12-19 10:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 10:46 --------- d-----w c:\program files\Navman
2008-12-19 10:45 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-19 10:45 --------- d-----w c:\program files\AvantGo Connect
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-06-14 13:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061420080615\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "= "c:\program files\Search Settings\kb127\SearchSettings.dll" [2008-06-12 1111904]

[HKEY_CLASSES_ROOT\clsid\{e312764e-7706-43f1-8dab-fcdd2b1e416d}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}]
[HKEY_CLASSES_ROOT\SearchSettings.BHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-06-12 15:57 1111904 --a------ c:\program files\Search Settings\kb127\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-08-01 7618560]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Photo Downloader "= "c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SearchSettings "= "c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"zBrowser Launcher "= "c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RTHDCPL "= "RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"nwiz "= "nwiz.exe" [2006-08-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter "= "NvMCTray.dll" [2006-08-01 c:\windows\system32\nvmctray.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-06-30 135680]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2008-03-19 6333954]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter "= ac3filter.acm
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm
"MSACM.CEGSM "= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP "= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-14 97928]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-07-06 14095]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-03-19 12288]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-14 231704]
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Delia\Application Data\Mozilla\Firefox\Profiles\x99p6ruf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 10:50:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-27 10:52:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-27 10:52:00

Pre-Run: 8,564,240,384 bytes free
Post-Run: 11,318,767,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

175 --- E O F --- 2009-01-14 16:26:58

Thanks as always,

CF

noahdfear · 2009/01/27

On the first machine;

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete dds.scr from the desktop.
Delete all RootRepeal files.
Delete Flash_Disinfector
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.

Uninstall all of the following Java components then install the latest version from here.

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

On the desktop machine, uninstall Search Settings then run DDS again and post the dds.txt log.

ConcreteFloater · 2009/01/31

Hello.

Sorry for the delay... very busy few days! All done. Un-installation went fine. I had to delete C:\ComboFix and C:\ComboFix.txt file by hand but I doubt that is a problem is it?

The log files from the desktop:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Delia at 13:36:31.37 on 30/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1372 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\control.exe
C:\WINDOWS\system32\control.exe
C:\Documents and Settings\Delia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE "
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.4\apdproxy.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3pro\utility\Spyder3Utility.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\delia\applic~1\mozilla\firefox\profiles\x99p6ruf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-14 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-14 26824]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-7-6 14095]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-3-19 12288]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-14 231704]

=============== Created Last 30 ================

2009-01-27 10:29 <DIR> a-dshr-- C:\cmdcons
2009-01-27 10:28 161,792 a------- c:\windows\SWREG.exe
2009-01-27 10:28 98,816 a------- c:\windows\sed.exe
2009-01-27 10:28 <DIR> --d----- C:\ComboFix
2009-01-17 15:48 <DIR> --d----- c:\program files\Lavasoft
2009-01-17 15:47 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-16 12:43 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-01-05 16:41 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-06-14 13:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061420080615\index.dat

============= FINISH: 13:36:35.45 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/03/2008 13:16:10
System Uptime: 30/01/2009 11:22:36 (2 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7345
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU 1 | 2671/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 40 GiB total, 10.147 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 115.373 GiB free.
E: is FIXED (NTFS) - 120 GiB total, 57.95 GiB free.
F: is FIXED (NTFS) - 86 GiB total, 74.03 GiB free.
G: is FIXED (NTFS) - 20 GiB total, 10.816 GiB free.
X: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP121: 31/10/2008 12:57:33 - System Checkpoint
RP122: 03/11/2008 12:10:07 - System Checkpoint
RP123: 04/11/2008 14:48:37 - System Checkpoint
RP124: 05/11/2008 16:07:29 - System Checkpoint
RP125: 06/11/2008 16:39:48 - System Checkpoint
RP126: 07/11/2008 17:56:50 - System Checkpoint
RP127: 12/11/2008 14:30:31 - Avg8 Update
RP128: 14/11/2008 09:56:26 - Software Distribution Service 3.0
RP129: 16/11/2008 13:12:43 - System Checkpoint
RP130: 18/11/2008 14:10:59 - System Checkpoint
RP131: 20/11/2008 10:14:51 - System Checkpoint
RP132: 21/11/2008 16:35:59 - System Checkpoint
RP133: 24/11/2008 09:39:13 - System Checkpoint
RP134: 25/11/2008 11:30:45 - System Checkpoint
RP135: 27/11/2008 13:39:54 - Avg8 Update
RP136: 28/11/2008 13:46:09 - System Checkpoint
RP137: 30/11/2008 17:33:54 - System Checkpoint
RP138: 01/12/2008 19:10:31 - System Checkpoint
RP139: 02/12/2008 19:59:04 - System Checkpoint
RP140: 03/12/2008 20:08:07 - System Checkpoint
RP141: 04/12/2008 20:37:35 - System Checkpoint
RP142: 05/12/2008 20:54:32 - System Checkpoint
RP143: 07/12/2008 16:52:15 - System Checkpoint
RP144: 08/12/2008 19:02:46 - System Checkpoint
RP145: 09/12/2008 23:29:21 - System Checkpoint
RP146: 11/12/2008 02:11:59 - Software Distribution Service 3.0
RP147: 11/12/2008 13:52:49 - Software Distribution Service 3.0
RP148: 12/12/2008 14:47:26 - System Checkpoint
RP149: 13/12/2008 10:16:07 - Avg8 Update
RP150: 14/12/2008 17:02:00 - System Checkpoint
RP151: 15/12/2008 18:33:30 - System Checkpoint
RP152: 19/12/2008 10:46:28 - Installed Navman SmartST Desktop for iCN530
RP153: 19/12/2008 17:04:27 - Software Distribution Service 3.0
RP154: 05/01/2009 10:45:47 - System Checkpoint
RP155: 05/01/2009 16:41:32 - Installed Java(TM) 6 Update 11
RP156: 06/01/2009 18:17:31 - System Checkpoint
RP157: 07/01/2009 18:22:19 - System Checkpoint
RP158: 08/01/2009 20:22:26 - System Checkpoint
RP159: 10/01/2009 12:21:32 - System Checkpoint
RP160: 11/01/2009 18:05:34 - System Checkpoint
RP161: 12/01/2009 18:24:19 - System Checkpoint
RP162: 13/01/2009 19:23:23 - System Checkpoint
RP163: 14/01/2009 16:25:27 - Software Distribution Service 3.0
RP164: 14/01/2009 20:05:41 - Installed QuickTime
RP165: 15/01/2009 21:31:50 - System Checkpoint
RP166: 16/01/2009 12:43:58 - Installed iTunes
RP167: 16/01/2009 12:57:46 - Removed iTunes
RP168: 16/01/2009 14:13:54 - Installed iTunes
RP169: 16/01/2009 14:32:19 - Removed iTunes
RP170: 27/01/2009 11:45:09 - System Checkpoint
RP171: 28/01/2009 17:24:05 - System Checkpoint
RP172: 30/01/2009 13:18:51 - Removed Search Settings 1.2.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color NA Recommended Settings
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
America's Army
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bonjour
Connect
Diskeeper 2008 Pro Premier
EPSON Printer Software
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Java(TM) 6 Update 11
Java(TM) 6 Update 7
kuler
Lightroom
Logitech iTouch Software
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 6.0 Parser (KB933579)
Navman SmartST Desktop for iCN530
NotamPlot v2.3 2.3
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
QuickTime
Real Alternative 1.8.0 Lite
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Spyder3Pro
Suite Shared Configuration CS4
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
ViewSonic Windows XP Signed Files
WebFldrs XP
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

25/01/2009 12:04:39, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
25/01/2009 09:49:44, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 0019DBF6EA3F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
24/01/2009 16:09:52, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BETSY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AACE56FD-6913-4CDE-88A. The master browser is stopping or an election is being forced.

==== End Of File ===========================

Thank you, thank you, thank you,

CF

PS: Really, where the hell do these infections come from... I honestly thought I was pretty well covered when it comes to PC security!!! Do you have any suggestions on how I can defend from any future problems?

ConcreteFloater · 2009/01/31

Hello.

Sorry, posted twice by accident... second one deleted.

CF

noahdfear · 2009/01/31

Log looks good. Lets get an online scan. Do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

ConcreteFloater · 2009/02/02

Hello.

Here is the Kaspersky log but it seems that it has found a couple of things. Interestingly AVG does not detect these. Is AVG and good in your opinion?

Thank you.

CF

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 01, 2009 16:02:58
Records in database: 1735157
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
X:\

Scan statistics:
Files scanned: 160236
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:03:07

File name / Threat name / Threats count
C:\Documents and Settings\Delia\Local Settings\Application Data\Microsoft\Outlook\OutlHotmail-00000006.pst Infected: Trojan-Downloader.Win32.Pif.fd 1
D:\My Documents\My Documents\Riccardo\05. Computer downloads\mpegs.exe Infected: Trojan.Win32.Dialer.g 1

The selected area was scanned.

Log in or Sign up

[Inactiv] Another case of google links redirected, anti-spam sites blocked!

ConcreteFloater Inactive Thread Starter

PeteC SuperGeek Staff

ConcreteFloater Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

Share This Page

Log in or Sign up

[Inactiv] Another case of google links redirected, anti-spam sites blocked!

ConcreteFloater Inactive Thread Starter

PeteC SuperGeek Staff

ConcreteFloater Inactive Thread Starter

PeteC SuperGeek Staff

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

ConcreteFloater Inactive Thread Starter

noahdfear Inactive

ConcreteFloater Inactive Thread Starter

Share This Page

Useful Searches