Solved trojan / "Object is inaccessible."

davee · 2010/07/24

hi the scan came up empty no infections there was nothing in report hence nothing to save n copy

crunchie · 2010/07/24

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop

Physically disconnect from the internet.

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

Double click combofix.exe & follow the prompts.

When finished, it will produce a log. Please save that log to post in your next reply.

Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

davee · 2010/07/24

hi here is log from combofix

ComboFix 10-07-23.02 - Dave 07/24/2010 22:29:45.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1565 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dave\Application Data\inst.exe
c:\program files\Fast Browser Search

.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-23 12:48 . 2010-07-23 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 12:48 . 2010-07-23 12:48 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcp71.dll
2010-07-23 12:48 . 2010-07-23 12:48 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\jmc.dll
2010-07-23 12:48 . 2010-07-23 12:48 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcr71.dll
2010-07-23 12:48 . 2010-07-23 12:48 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-sse.dll
2010-07-23 12:48 . 2010-07-23 12:48 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-d3d.dll
2010-07-23 12:48 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- C:\_OTL
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 11:45 . 2010-07-22 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
2010-07-21 09:00 . 2010-07-21 09:00 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 09:00 . 2010-07-21 09:00 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 09:00 . 2010-07-21 09:00 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 09:00 . 2010-07-21 09:00 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-20 10:53 . 2010-07-24 12:40 766976 ----a-w- c:\windows\system32\drivers\nhhnsuyy.sys
2010-07-16 23:29 . 2010-07-16 23:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 23:29 . 2010-07-16 23:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 23:29 . 2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 23:27 . 2010-07-16 23:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 23:27 . 2010-07-16 23:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 23:27 . 2010-07-16 23:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 23:27 . 2010-07-16 23:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:45 . 2010-07-16 05:57 1901 ----a-w- c:\windows\panose.bin
2010-07-16 05:38 . 2001-04-11 03:02 58368 ----a-w- c:\windows\pfpick.dll
2010-07-16 05:38 . 2001-04-11 03:02 53760 ----a-w- c:\windows\Ptpick32.dll
2010-07-16 05:38 . 2001-04-11 03:02 48128 ----a-w- c:\windows\Kpsys32.dll
2010-07-16 05:38 . 2001-04-11 03:02 31744 ----a-w- c:\windows\Kpsharp.dll
2010-07-16 05:38 . 2001-04-11 03:02 31232 ----a-w- c:\windows\Kpscale.dll
2010-07-16 05:38 . 2001-04-11 03:02 243712 ----a-w- c:\windows\Kpcp32.dll
2010-07-16 05:38 . 2001-04-11 03:02 70144 ----a-w- c:\windows\Kpfp32.dll
2010-07-16 05:38 . 2001-04-11 03:02 42483 ----a-w- c:\windows\Icccodes.dat
2010-07-16 05:33 . 1998-10-02 09:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP2.DIR
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-07-14 07:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-04 06:21 . 2010-07-04 06:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\UserData
2010-07-04 06:19 . 2010-07-04 06:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-04 06:19 . 2010-07-04 06:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-07-04 06:18 . 2010-07-04 06:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-03 06:07 . 2010-07-11 06:14 -------- d-----w- c:\program files\etax2010
2010-06-26 03:59 . 2008-08-26 00:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-26 03:59 . 2010-06-26 03:59 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-26 03:58 . 2010-02-26 04:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-06-26 03:58 . 2010-02-26 04:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-06-26 03:58 . 2010-02-26 04:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-06-26 03:58 . 2010-02-26 04:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-06-26 03:58 . 2010-06-26 03:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 03:58 . 2010-06-26 03:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 03:58 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 11:55 . 2009-04-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-23 12:48 . 2009-04-21 05:23 -------- d-----w- c:\program files\Java
2010-07-22 07:18 . 2009-04-10 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-21 11:45 . 2009-04-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 08:11 . 2009-05-26 07:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Vso
2010-07-19 04:33 . 2009-11-21 23:03 -------- d-----w- c:\documents and settings\Dave\Application Data\LimeWire
2010-07-18 04:27 . 2010-04-25 02:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-16 23:29 . 2009-04-12 10:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:28 . 2009-04-12 10:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 05:37 . 2009-04-22 23:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-02 04:13 . 2009-04-10 11:05 -------- d-----w- c:\program files\Opera
2010-06-26 04:28 . 2010-06-26 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 04:01 . 2009-12-06 08:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\Dave\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-14 14:31 . 2009-04-10 01:23 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-06 03:09 . 2009-04-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-06 01:50 . 2010-06-06 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-06-06 01:46 . 2010-06-06 01:46 -------- d-----w- c:\program files\SlySoft
2010-06-06 00:33 . 2009-12-06 08:59 -------- d-----w- c:\documents and settings\Dave\Application Data\Nokia Multimedia Player
2010-06-05 00:04 . 2009-11-20 08:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 00:05 . 2009-04-12 10:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 10:08 . 2010-05-04 10:08 63488 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-04 10:08 . 2010-05-04 10:08 52224 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-04 10:08 . 2009-04-10 02:24 117760 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lkxnvjhk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-10 07:37 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-30 01:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 03:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 8:19 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 8:19 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 9:28 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:29 AM 308136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - nhhnsuyy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 01:24]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-07-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]

2010-05-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com?tid={E0E9D429-A149-438b-A954-A1CD0A58B347}
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{81fdd779-57e9-0539-b8cd-d06cb867e3fd} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 22:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A3BBB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9e4f852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nhhnsuyy]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=" "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\WININET.dll
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-24 22:43:56
ComboFix-quarantined-files.txt 2010-07-24 12:43

Pre-Run: 13,817,475,072 bytes free
Post-Run: 13,918,633,984 bytes free

- - End Of File - - 889B22BFCB752F979EC74ED5EC058C35

crunchie · 2010/07/24

1. Please open Notepad

Click Start , then Run

Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::

File::
c:\windows\system32\drivers\nhhnsuyy.sys
c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
Driver::
nhhnsuyy

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lkxnvjhk]
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

davee · 2010/07/24

here they are and thnx so much for for everything your doing

ComboFix 10-07-23.02 - Dave 07/24/2010 23:47:31.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1567 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy "
"c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr "
"c:\windows\system32\drivers\nhhnsuyy.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\nhhnsuyy.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NHHNSUYY
-------\Service_nhhnsuyy

((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-23 12:48 . 2010-07-23 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 12:48 . 2010-07-23 12:48 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcp71.dll
2010-07-23 12:48 . 2010-07-23 12:48 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\jmc.dll
2010-07-23 12:48 . 2010-07-23 12:48 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcr71.dll
2010-07-23 12:48 . 2010-07-23 12:48 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-sse.dll
2010-07-23 12:48 . 2010-07-23 12:48 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-d3d.dll
2010-07-23 12:48 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- C:\_OTL
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 11:45 . 2010-07-22 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
2010-07-21 09:00 . 2010-07-21 09:00 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 09:00 . 2010-07-21 09:00 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 09:00 . 2010-07-21 09:00 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 09:00 . 2010-07-21 09:00 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-16 23:29 . 2010-07-16 23:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 23:29 . 2010-07-16 23:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 23:29 . 2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 23:27 . 2010-07-16 23:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 23:27 . 2010-07-16 23:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 23:27 . 2010-07-16 23:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 23:27 . 2010-07-16 23:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:45 . 2010-07-16 05:57 1901 ----a-w- c:\windows\panose.bin
2010-07-16 05:38 . 2001-04-11 03:02 58368 ----a-w- c:\windows\pfpick.dll
2010-07-16 05:38 . 2001-04-11 03:02 53760 ----a-w- c:\windows\Ptpick32.dll
2010-07-16 05:38 . 2001-04-11 03:02 48128 ----a-w- c:\windows\Kpsys32.dll
2010-07-16 05:38 . 2001-04-11 03:02 31744 ----a-w- c:\windows\Kpsharp.dll
2010-07-16 05:38 . 2001-04-11 03:02 31232 ----a-w- c:\windows\Kpscale.dll
2010-07-16 05:38 . 2001-04-11 03:02 243712 ----a-w- c:\windows\Kpcp32.dll
2010-07-16 05:38 . 2001-04-11 03:02 70144 ----a-w- c:\windows\Kpfp32.dll
2010-07-16 05:38 . 2001-04-11 03:02 42483 ----a-w- c:\windows\Icccodes.dat
2010-07-16 05:33 . 1998-10-02 09:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP2.DIR
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-07-14 07:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-04 06:21 . 2010-07-04 06:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\UserData
2010-07-04 06:19 . 2010-07-04 06:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-04 06:19 . 2010-07-04 06:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-07-04 06:18 . 2010-07-04 06:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-04 06:18 . 2010-07-04 06:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2010-07-03 06:07 . 2010-07-11 06:14 -------- d-----w- c:\program files\etax2010
2010-06-26 03:59 . 2008-08-26 00:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-26 03:59 . 2010-06-26 03:59 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-26 03:58 . 2010-02-26 04:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-06-26 03:58 . 2010-02-26 04:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-06-26 03:58 . 2010-02-26 04:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-06-26 03:58 . 2010-02-26 04:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-06-26 03:58 . 2010-06-26 03:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 03:58 . 2010-06-26 03:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 03:58 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 12:45 . 2009-04-10 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-24 11:55 . 2009-04-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-23 12:48 . 2009-04-21 05:23 -------- d-----w- c:\program files\Java
2010-07-21 11:45 . 2009-04-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 08:11 . 2009-05-26 07:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Vso
2010-07-19 04:33 . 2009-11-21 23:03 -------- d-----w- c:\documents and settings\Dave\Application Data\LimeWire
2010-07-18 04:27 . 2010-04-25 02:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-16 23:29 . 2009-04-12 10:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:28 . 2009-04-12 10:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 05:37 . 2009-04-22 23:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-02 04:13 . 2009-04-10 11:05 -------- d-----w- c:\program files\Opera
2010-06-26 04:28 . 2010-06-26 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 04:01 . 2009-12-06 08:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\Dave\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-14 14:31 . 2009-04-10 01:23 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-06 03:09 . 2009-04-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-06 01:50 . 2010-06-06 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-06-06 01:46 . 2010-06-06 01:46 -------- d-----w- c:\program files\SlySoft
2010-06-06 00:33 . 2009-12-06 08:59 -------- d-----w- c:\documents and settings\Dave\Application Data\Nokia Multimedia Player
2010-06-05 00:04 . 2009-11-20 08:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 00:05 . 2009-04-12 10:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 10:08 . 2010-05-04 10:08 63488 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-04 10:08 . 2010-05-04 10:08 52224 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-04 10:08 . 2009-04-10 02:24 117760 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-24_12.40.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-24 13:57 . 2010-07-24 13:57 16384 c:\windows\temp\Perflib_Perfdata_758.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-10 07:37 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-30 01:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 03:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 8:19 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 8:19 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 9:28 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:29 AM 308136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 01:24]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-07-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]

2010-05-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com?tid={E0E9D429-A149-438b-A954-A1CD0A58B347}
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{81fdd779-57e9-0539-b8cd-d06cb867e3fd} - (no file)
BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 23:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A482B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9e4f852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=" "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\WININET.dll
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\WININET.dll

- - - - - - - > 'Explorer.exe'(1256)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-25 00:04:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 14:04
ComboFix2.txt 2010-07-24 12:43

Pre-Run: 13,915,611,136 bytes free
Post-Run: 13,807,554,560 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 22556FBF05A4034E9A966B53FF0EEF70

crunchie · 2010/07/24

How are things after running the latest fix?

davee · 2010/07/24

seems ok but when i started computer this morning a message came up comofix cant find file ....... i click ok the computer boots as normal

crunchie · 2010/07/24

Just give it another day and a few more reboots and see how things are.

Let me know, then we can tie up any loose ends.

davee · 2010/07/24

Ok thnx again for all your help , ill post back cheers

davee · 2010/07/27

Hi Crunchie just an update of how things are going pc seems fine . but , when i boot up i still get a message say , windows can not find C:\combofix c\=19866.cfxxe make sure you type name corectly and try again. also when i open google for a search and type in whatever, then click the link to take me to the particular site i get redirected not allways but probably about 50 % of the time . any help will be appreciated . cheers

crunchie · 2010/07/27

Click START then RUN

Now type Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

=======

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

davee · 2010/07/28

Hi crunching scan came up clean no threats / i uninstalled combofix but still have the same message when i boot up pc / and im still get redirected in my browser on some searches . cheers

crunchie · 2010/07/28

Can you run OTL again please and post the log.

davee · 2010/07/28

here is log from OTL

OTL logfile created on: 7/28/2010 10:32:40 PM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 11.12 Gb Free Space | 28.47% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 43.87 Gb Free Space | 39.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8WI9D3OO4Q
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/23 18:10:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2010/07/22 17:18:09 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\60da54b3-32d7-44f8-805b-d8e177483dc4.exe
PRC - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/17 09:29:21 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 09:29:17 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 09:29:17 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 09:28:18 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 09:28:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/03/19 17:27:46 | 005,248,312 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

========== Modules (SafeList) ==========

MOD - [2010/07/23 18:10:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2010/07/21 18:59:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/17 09:29:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/11/06 08:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dave\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 10:05:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/26 17:02:31 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 02:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/19 13:04:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 13:04:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 17:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/07 13:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2010/01/02 03:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 14:22:54 | 000,095,576 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/06 15:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/05/18 19:50:30 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 15:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/02 06:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={E0E9D429-A149-438b-A954-A1CD0A58B347}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/26 14:00:13 | 000,000,000 | ---D | M]

[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/11/22 09:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/07/24 23:58:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {81fdd779-57e9-0539-b8cd-d06cb867e3fd} - No CLSID value found.
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell(R))
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 11:24:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/28 19:24:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/27 21:11:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/27 20:51:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/26 21:01:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2010/07/26 16:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/25 10:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/07/24 23:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/23 22:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/23 22:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/23 22:48:04 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/23 22:48:04 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/23 22:48:04 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/23 22:42:52 | 000,875,296 | ---- | C] (Oracle) -- C:\Documents and Settings\Dave\Desktop\jre-6u21-windows-i586-iftw-rv.exe
[2010/07/23 21:05:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/23 18:10:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/07/22 19:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes
[2010/07/22 19:16:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 19:16:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\uealgoipr
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/21 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/21 20:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\xetblruxy
[2010/07/21 20:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
[2010/07/21 19:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/19 20:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\unthinkable
[2010/07/18 15:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\Any Video Converter
[2010/07/17 17:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\videos
[2010/07/17 09:29:17 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 15:37:42 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msvcrtd.dll
[2010/07/16 15:37:42 | 000,322,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mfc30.dll
[2010/07/16 15:37:42 | 000,133,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mfco30.dll
[2010/07/16 15:37:42 | 000,094,285 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msvcirtd.dll
[2010/07/16 15:37:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W95fiber.dll
[2010/07/16 15:37:41 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\Pcdlib32.dll
[2010/07/16 15:33:43 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP2.DIR
[2010/07/16 15:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP1.DIR
[2010/07/14 17:00:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/11 16:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\hl
[2010/07/06 19:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\New Folder
[2010/07/03 16:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\etax2010

========== Files - Modified Within 30 Days ==========

[2010/07/28 22:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/28 22:02:34 | 000,002,661 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\kaspersky.html
[2010/07/28 19:23:59 | 000,140,961 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\internode_notice_F2074805-1280228098-14883.pdf
[2010/07/28 19:00:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/28 18:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/28 17:46:06 | 062,646,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/28 17:39:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/28 17:38:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 17:38:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/27 23:18:43 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Dave\NTUSER.DAT
[2010/07/27 23:18:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dave\ntuser.ini
[2010/07/27 23:18:37 | 006,422,374 | -H-- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\IconCache.db
[2010/07/27 21:07:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/27 20:51:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/26 18:15:26 | 000,051,334 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/26 17:35:00 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 16:57:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 13:55:50 | 000,109,184 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/25 13:50:37 | 000,108,120 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/25 13:03:41 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/24 23:58:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/23 22:42:53 | 000,875,296 | ---- | M] (Oracle) -- C:\Documents and Settings\Dave\Desktop\jre-6u21-windows-i586-iftw-rv.exe
[2010/07/23 22:17:42 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 18:10:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/22 21:24:58 | 000,001,165 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 21:24:58 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/19 21:48:49 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/19 14:58:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/19 12:39:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/17 13:11:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/17 09:29:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 09:29:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 09:28:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/16 16:07:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:57:08 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2010/07/15 16:18:27 | 001,778,547 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:49 | 004,054,198 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:43:13 | 004,744,640 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 14:59:56 | 006,778,880 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/07/02 14:13:11 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

========== Files Created - No Company Name ==========

[2010/07/28 22:02:34 | 000,002,661 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\kaspersky.html
[2010/07/28 19:23:59 | 000,140,961 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\internode_notice_F2074805-1280228098-14883.pdf
[2010/07/26 18:15:33 | 000,051,334 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\29856_1412723292538_1666219019_995475_2027858_n.jpg
[2010/07/23 22:17:42 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SystemLook.exe
[2010/07/23 16:46:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2010/07/20 21:50:54 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Dave\avgrep.txt
[2010/07/20 20:45:14 | 000,012,395 | ---- | C] () -- C:\Documents and Settings\Dave\hs_err_pid3200.log
[2010/07/19 20:10:44 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\vso_ts_preview.xml
[2010/07/17 13:11:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/16 16:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:45:35 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2010/07/16 15:37:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/07/15 16:18:17 | 001,778,547 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\DemolitionCall1.wmv
[2010/07/08 16:27:26 | 004,054,198 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Mitre 10 Advert.wmv
[2010/07/05 13:02:21 | 000,058,257 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9055.jpg
[2010/07/05 12:59:28 | 000,097,912 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_9-1.jpg
[2010/07/05 12:41:36 | 000,064,813 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31446_1372203959580_1666219019_905554_8123457_n.jpg
[2010/07/05 12:08:43 | 000,074,169 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1416476466365_1666219019_1004698_8228200_n.jpg
[2010/07/05 11:48:23 | 000,181,419 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535677844_1666219019_1010374_2621558_n.jpg
[2010/07/05 11:48:18 | 000,170,467 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\31856_1418535597842_1666219019_1010373_3420771_n.jpg
[2010/07/04 16:18:41 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/07/04 13:42:35 | 004,744,640 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\TEXASFLASHLIGHT_.WMV
[2010/07/03 16:08:06 | 000,109,184 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.TAX
[2010/07/03 16:08:06 | 000,108,120 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DAVE 2010.BAK
[2010/07/03 16:07:13 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\e-tax 2010.lnk
[2010/07/03 14:59:16 | 006,778,880 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\etax2010_1.msi
[2010/02/15 16:54:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/30 14:44:55 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2009/12/01 17:42:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL
[2009/10/19 20:06:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/04 14:14:28 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/07/04 14:09:29 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/05/04 17:00:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/28 07:39:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/04/18 13:59:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 15:05:45 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/10 13:16:51 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/04/10 13:16:39 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/04/10 12:15:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
< End of report >

crunchie · 2010/07/28

I was hoping to see the problem entry in that log .

Are you able to re-download combofix and run it again please.

Use the same link that was first given.

I will have to catch up tomorrow as it is past my bedtime .

davee · 2010/07/29

Hi Crunchie am having trouble running combo fix it just seems to stop after it starts i let it run for about 30 mins last night and nothing happened so i tried again this evening and it did same i left it run for just under an hour . should it take that long . i thought it must be stalled so i rebboted to start pc again .

crunchie · 2010/07/29

Can you try it in safe mode please.

If you still have problems, we can try something else .

davee · 2010/07/30

Hi Crunchie worked in safe mode here is log

ComboFix 10-07-28.01 - Dave 07/30/2010 16:46:38.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1566 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-26 06:59 . 2010-07-26 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Socusoft
2010-07-25 00:36 . 2010-07-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-07-23 12:48 . 2010-07-23 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 12:48 . 2010-07-23 12:48 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcp71.dll
2010-07-23 12:48 . 2010-07-23 12:48 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\jmc.dll
2010-07-23 12:48 . 2010-07-23 12:48 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcr71.dll
2010-07-23 12:48 . 2010-07-23 12:48 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-sse.dll
2010-07-23 12:48 . 2010-07-23 12:48 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-d3d.dll
2010-07-23 12:48 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- C:\_OTL
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 11:45 . 2010-07-22 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
2010-07-21 09:00 . 2010-07-21 09:00 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 09:00 . 2010-07-21 09:00 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 09:00 . 2010-07-21 09:00 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 09:00 . 2010-07-21 09:00 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-16 23:29 . 2010-07-16 23:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 23:29 . 2010-07-16 23:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 23:29 . 2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 23:27 . 2010-07-16 23:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 23:27 . 2010-07-16 23:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 23:27 . 2010-07-16 23:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 23:27 . 2010-07-16 23:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:45 . 2010-07-16 05:57 1901 ----a-w- c:\windows\panose.bin
2010-07-16 05:37 . 2001-04-11 03:03 6144 ----a-w- c:\windows\system32\W95fiber.dll
2010-07-16 05:37 . 2001-04-11 03:03 401484 ----a-w- c:\windows\system32\Msvcrtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-07-16 05:37 . 2001-04-11 03:03 94285 ----a-w- c:\windows\system32\Msvcirtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 133392 ----a-w- c:\windows\system32\Mfco30.dll
2010-07-16 05:37 . 2001-04-11 03:02 322832 ----a-w- c:\windows\system32\Mfc30.dll
2010-07-16 05:37 . 2001-04-11 03:02 212480 ----a-w- c:\windows\Pcdlib32.dll
2010-07-16 05:33 . 1998-10-02 09:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP2.DIR
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-07-14 07:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-04 06:21 . 2010-07-04 06:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\UserData
2010-07-04 06:19 . 2010-07-04 06:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-04 06:19 . 2010-07-04 06:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-07-04 06:18 . 2010-07-04 06:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-03 06:07 . 2010-07-25 03:03 -------- d-----w- c:\program files\etax2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 10:01 . 2009-04-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-28 12:03 . 2009-04-10 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-26 10:58 . 2009-04-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-26 10:53 . 2009-04-22 23:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 07:00 . 2010-04-25 02:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-25 07:36 . 2009-11-21 23:03 -------- d-----w- c:\documents and settings\Dave\Application Data\LimeWire
2010-07-23 12:48 . 2009-04-21 05:23 -------- d-----w- c:\program files\Java
2010-07-21 08:11 . 2009-05-26 07:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Vso
2010-07-16 23:29 . 2009-04-12 10:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:28 . 2009-04-12 10:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 04:13 . 2009-04-10 11:05 -------- d-----w- c:\program files\Opera
2010-06-26 04:28 . 2010-06-26 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 04:01 . 2009-12-06 08:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-26 03:59 . 2010-06-26 03:59 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-26 03:58 . 2010-06-26 03:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 03:58 . 2010-06-26 03:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-06-22 19:52 . 2010-06-26 03:58 69214784 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\Dave\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-14 14:31 . 2009-04-10 01:23 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-06 03:09 . 2009-04-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-06 01:50 . 2010-06-06 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-06-06 01:46 . 2010-06-06 01:46 -------- d-----w- c:\program files\SlySoft
2010-06-06 00:33 . 2009-12-06 08:59 -------- d-----w- c:\documents and settings\Dave\Application Data\Nokia Multimedia Player
2010-06-05 00:04 . 2009-11-20 08:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 00:05 . 2009-04-12 10:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 10:08 . 2010-05-04 10:08 63488 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-04 10:08 . 2010-05-04 10:08 52224 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-04 10:08 . 2009-04-10 02:24 117760 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-10 07:37 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-30 01:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 03:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 8:19 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 8:19 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 9:28 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:29 AM 308136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 01:24]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-07-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]

2010-05-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com?tid={E0E9D429-A149-438b-A954-A1CD0A58B347}
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{81fdd779-57e9-0539-b8cd-d06cb867e3fd} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A490B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9defbd4
PacketIndicateHandler -> NDIS.sys @ 0xb9dfba21
SendHandler -> NDIS.sys @ 0xb9defd44
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=" "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\WININET.dll
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-30 17:00:18
ComboFix-quarantined-files.txt 2010-07-30 07:00
ComboFix2.txt 2010-07-27 11:10

Pre-Run: 13,544,751,104 bytes free
Post-Run: 13,644,816,384 bytes free

- - End Of File - - 46522874766149DB741DF1AD22AA9030

crunchie · 2010/07/30

Still getting the message?

1. Please open Notepad

Click Start , then Run

Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::

FileLook::
c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

davee · 2010/07/30

hi here is log i had to run it in safe mode again and yes message about combofix still comes up at start up

ComboFix 10-07-28.01 - Dave 07/30/2010 20:16:07.6.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1790 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-26 06:59 . 2010-07-26 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Socusoft
2010-07-25 00:36 . 2010-07-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-07-23 12:48 . 2010-07-23 12:48 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 12:48 . 2010-07-23 12:48 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcp71.dll
2010-07-23 12:48 . 2010-07-23 12:48 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\jmc.dll
2010-07-23 12:48 . 2010-07-23 12:48 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7b0cd43b-n\msvcr71.dll
2010-07-23 12:48 . 2010-07-23 12:48 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-sse.dll
2010-07-23 12:48 . 2010-07-23 12:48 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7346e290-n\decora-d3d.dll
2010-07-23 12:48 . 2010-06-21 18:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-23 11:05 . 2010-07-23 11:05 -------- d-----w- C:\_OTL
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 09:16 . 2010-07-22 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 09:16 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 11:45 . 2010-07-22 09:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uealgoipr
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\xetblruxy
2010-07-21 10:32 . 2010-07-21 10:32 -------- d-----w- c:\documents and settings\Dave\Application Data\8926D9C51CB41E81AD43AAED097E3035
2010-07-21 09:00 . 2010-07-21 09:00 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 09:00 . 2010-07-21 09:00 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 09:00 . 2010-07-21 09:00 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 09:00 . 2010-07-21 09:00 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-16 23:29 . 2010-07-16 23:29 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 23:29 . 2010-07-16 23:29 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 23:29 . 2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 23:27 . 2010-07-16 23:27 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 23:27 . 2010-07-16 23:27 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 23:27 . 2010-07-16 23:27 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 23:27 . 2010-07-16 23:27 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 05:45 . 2010-07-16 05:57 1901 ----a-w- c:\windows\panose.bin
2010-07-16 05:37 . 2001-04-11 03:03 6144 ----a-w- c:\windows\system32\W95fiber.dll
2010-07-16 05:37 . 2001-04-11 03:03 401484 ----a-w- c:\windows\system32\Msvcrtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-07-16 05:37 . 2001-04-11 03:03 94285 ----a-w- c:\windows\system32\Msvcirtd.dll
2010-07-16 05:37 . 2001-04-11 03:03 133392 ----a-w- c:\windows\system32\Mfco30.dll
2010-07-16 05:37 . 2001-04-11 03:02 322832 ----a-w- c:\windows\system32\Mfc30.dll
2010-07-16 05:37 . 2001-04-11 03:02 212480 ----a-w- c:\windows\Pcdlib32.dll
2010-07-16 05:33 . 1998-10-02 09:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP2.DIR
2010-07-16 05:29 . 2010-07-16 05:29 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-07-14 07:00 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-04 06:21 . 2010-07-04 06:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\UserData
2010-07-04 06:19 . 2010-07-04 06:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-04 06:19 . 2010-07-04 06:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-07-04 06:18 . 2010-07-04 06:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-03 06:07 . 2010-07-25 03:03 -------- d-----w- c:\program files\etax2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 10:01 . 2009-04-30 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-28 12:03 . 2009-04-10 02:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-26 10:58 . 2009-04-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-26 10:53 . 2009-04-22 23:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 07:00 . 2010-04-25 02:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-25 07:36 . 2009-11-21 23:03 -------- d-----w- c:\documents and settings\Dave\Application Data\LimeWire
2010-07-23 12:48 . 2009-04-21 05:23 -------- d-----w- c:\program files\Java
2010-07-21 08:11 . 2009-05-26 07:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Vso
2010-07-16 23:29 . 2009-04-12 10:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 23:28 . 2009-04-12 10:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-02 04:13 . 2009-04-10 11:05 -------- d-----w- c:\program files\Opera
2010-06-26 04:28 . 2010-06-26 04:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-26 04:01 . 2009-12-06 08:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-26 03:59 . 2010-06-26 03:59 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-26 03:58 . 2010-06-26 03:58 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-26 03:58 . 2010-06-26 03:58 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-26 03:56 . 2010-06-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-06-22 19:52 . 2010-06-26 03:58 69214784 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-22 19:52 . 2010-06-22 19:52 69214784 ----a-w- c:\documents and settings\Dave\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-14 14:31 . 2009-04-10 01:23 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-06 03:09 . 2009-04-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-06 01:50 . 2010-06-06 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-06-06 01:46 . 2010-06-06 01:46 -------- d-----w- c:\program files\SlySoft
2010-06-06 00:33 . 2009-12-06 08:59 -------- d-----w- c:\documents and settings\Dave\Application Data\Nokia Multimedia Player
2010-06-05 00:04 . 2009-11-20 08:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 00:05 . 2009-04-12 10:19 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 10:08 . 2010-05-04 10:08 63488 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-04 10:08 . 2010-05-04 10:08 52224 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-04 10:08 . 2009-04-10 02:24 117760 ----a-w- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-30_06.56.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-30 10:28 . 2010-07-30 10:28 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 23:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 07:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-10 07:37 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-30 01:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 03:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 8:19 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 8:19 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/17/2010 9:28 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:29 AM 308136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 01:24]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]

2010-07-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]

2010-05-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 08:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com?tid={E0E9D429-A149-438b-A954-A1CD0A58B347}
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{81fdd779-57e9-0539-b8cd-d06cb867e3fd} - (no file)
BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 20:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A49DB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9defbd4
PacketIndicateHandler -> NDIS.sys @ 0xb9dfba21
SendHandler -> NDIS.sys @ 0xb9defd44
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=" "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=" "
"Installed "= "1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\WININET.dll
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\WININET.dll

- - - - - - - > 'Explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-30 20:35:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 10:35
ComboFix2.txt 2010-07-30 07:00
ComboFix3.txt 2010-07-27 11:10

Pre-Run: 18,850,992,128 bytes free
Post-Run: 18,834,575,360 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 5269A25ED2C37A44DAF830A2CB011491

Log in or Sign up

Solved trojan / "Object is inaccessible."

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

Share This Page

Log in or Sign up

Solved trojan / "Object is inaccessible."

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

crunchie Inactive

davee Inactive Thread Starter

Share This Page

Useful Searches