« previous next »
Pages: [1]

Author Topic: Computer malware/spyware  (Read 791 times)

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer malware/spyware
« on: July 05, 2010, 02:57:29 AM »
Im at my friends house and cannot fix his computer. The internet works fine, however there is a virus scanner pop up window that says that his computer is infected and asks him to purchase the software to rid of the virus. He never installed that paticular virus scanner. He had avg, but it is an inactive license. I tried to download malware bytes etc. and the programs will not launch. I was able to boot into safe mode and get spybot search and destroy installed but it will not update. (nor scan) I cannot do anything aside from browse the internet. I cannot run hijack this in normal mode, or any other program for that matter.

I was able to do a hijack scan in safemode. Here are the results


ALogfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:28 AM, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kgleceps] C:\Documents and Settings\Justin Dreyer\Local Settings\Application Data\banfxfmjy\navylbftssd.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Zinaps7] "C:\Documents and Settings\Justin Dreyer\Application Data\Zinaps7\Zinaps7.exe" /MIN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin Dreyer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [kgleceps] C:\Documents and Settings\Justin Dreyer\Local Settings\Application Data\banfxfmjy\navylbftssd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Justin Dreyer\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Justin Dreyer\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Justin Dreyer\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Justin Dreyer\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Risk\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Risk\Images\armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\x\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\x\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11380 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer malware/spyware
« Reply #1 on: July 05, 2010, 09:08:34 AM »
Download ComboFix only this location
[color="#0000FF"]Link [/color]
[color="#FF0000"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline resevil83

  • Full Member
  • ***
  • Posts: 189
  • Karma: +0/-0
    • View Profile
Computer malware/spyware
« Reply #2 on: July 05, 2010, 11:19:46 PM »
ComboFix 10-07-04.04 - Justin Dreyer 07/05/2010  23:04:13.1.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.792 [GMT -5:00]
Running from: c:\documents and settings\Justin Dreyer\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\SpyAway
c:\documents and settings\All Users\Start Menu\Programs\SpyAway\SpyAway.lnk
c:\documents and settings\All Users\Start Menu\Programs\SpyAway\Uninstall SpyAway.lnk
c:\documents and settings\Justin Dreyer\Application Data\inst.exe
c:\documents and settings\Justin Dreyer\Local Settings\Application Data\banfxfmjy
c:\documents and settings\Justin Dreyer\Local Settings\Application Data\banfxfmjy\navylbftssd.exe
c:\documents and settings\Justin Dreyer\Start Menu\Programs\Zinaps7
c:\documents and settings\Justin Dreyer\Start Menu\Programs\Zinaps7\Uninstall Zinaps Anti-Spyware 7.0.lnk
c:\documents and settings\Justin Dreyer\Start Menu\Programs\Zinaps7\Zinaps Anti-Spyware 7.0.lnk
c:\program files\Smart-Shopper
c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
c:\program files\Smart-Shopper\cs\antiphishing\antiphishing.html
c:\program files\Smart-Shopper\cs\antiphishing\phishAlert.gif
c:\program files\Smart-Shopper\cs\antiphishing\x.gif
c:\program files\Smart-Shopper\cs\antiphishing\xActive.gif
c:\program files\Smart-Shopper\Uninst.exe
c:\program files\UNWISE.EXE
c:\windows\default.htm
c:\windows\didduid.ini
c:\windows\Installer\id53.exe
c:\windows\system32\lclcfg32.ini
c:\windows\system32\lfd32.ini

.
(((((((((((((((((((((((((   Files Created from 2010-06-06 to 2010-07-06  )))))))))))))))))))))))))))))))
.

2010-07-05 07:31 . 2010-07-05 23:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-05 07:31 . 2010-07-05 07:31   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-07-05 07:12 . 2010-07-05 07:16   --------   d-----w-   c:\documents and settings\Justin Dreyer\Application Data\QuickScan
2010-07-05 07:12 . 2010-05-31 21:34   702120   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-05 07:12 . 2010-05-31 21:34   868456   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-05 07:10 . 2010-07-05 07:10   --------   d-----w-   c:\program files\ESET
2010-07-05 07:04 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 07:04 . 2010-07-05 07:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-05 07:04 . 2010-07-05 07:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 07:04 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-05 04:57 . 2009-11-25 18:02   1230080   ----a-w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-07-05 04:57 . 2010-07-05 04:57   --------   d-sh--w-   c:\documents and settings\Justin Dreyer\PrivacIE
2010-07-03 03:40 . 2010-07-01 18:51   43008   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-03 03:40 . 2010-07-01 18:51   338944   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-03 03:40 . 2010-07-01 18:51   346112   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-03 03:40 . 2010-07-01 18:52   1496064   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-06-25 12:13 . 2010-06-25 12:13   2292280   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Google\Google Pinyin 2\pinyin-2.3.13.82\GooglePinyinUpdater.exe
2010-06-09 02:16 . 2010-05-06 10:41   743424   ------w-   c:\windows\system32\dllcache\iedvtool.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 07:20 . 2007-06-22 00:07   59384   ----a-w-   c:\documents and settings\Justin Dreyer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 04:57 . 2009-04-19 03:06   --------   d-----w-   c:\documents and settings\Justin Dreyer\Application Data\Smart-Shopper
2010-07-05 04:57 . 2010-03-18 07:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-05 01:33 . 2008-04-28 02:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2010-07-01 03:32 . 2009-06-15 00:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-07-01 03:28 . 2009-06-15 00:29   --------   d-----w-   c:\documents and settings\Justin Dreyer\Application Data\ZoomBrowser EX
2010-06-28 03:20 . 2007-07-01 03:03   --------   d-----w-   c:\program files\Starcraft
2010-06-12 01:41 . 2009-02-01 06:32   1   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-26 00:31 . 2010-05-26 00:31   503808   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5471906d-n\msvcp71.dll
2010-05-26 00:31 . 2010-05-26 00:31   499712   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5471906d-n\jmc.dll
2010-05-26 00:31 . 2010-05-26 00:31   348160   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5471906d-n\msvcr71.dll
2010-05-09 13:59 . 2007-07-02 22:29   --------   d-----w-   c:\program files\Google
2010-05-06 10:41 . 2005-08-16 09:18   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-08-16 09:18   1851264   ----a-w-   c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2005-08-16 09:18   285696   ----a-w-   c:\windows\system32\atmfd.dll
2010-04-17 17:25 . 2010-04-17 17:25   2257392   ----a-w-   c:\documents and settings\Justin Dreyer\Application Data\Google\Google Pinyin 2\pinyin-2.2.12.74\GooglePinyinUpdater.exe
2010-04-15 17:19 . 2010-03-25 03:19   0   ----a-w-   c:\documents and settings\Justin Dreyer\Local Settings\Application Data\prvlcl.dat
2008-01-24 03:46 . 2008-01-24 03:45   24   --sh--w-   c:\windows\SDE69E7A8.tmp
2008-06-07 02:06 . 2008-06-07 02:05   10856   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02   1230080   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AIM"="c:\progra~1\AIM\aim.exe" [2006-08-01 67112]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2008-05-28 89024]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"Google Update"="c:\documents and settings\Justin Dreyer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2002-05-02 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 196608]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-22 149280]
"Google Pinyin 2 Autoupdater"="c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2010-06-25 1214520]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-03-30 2064224]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-21 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-18 13:34   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-05 16:23   87352   ----a-w-   c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [3/18/2010 2:41 AM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/18/2010 2:41 AM 52872]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2010 2:41 AM 242696]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/18/2010 2:40 AM 30104]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2010 2:41 AM 216200]
S2 Apache2.2;Apache2.2;c:\x\apache\bin\httpd.exe [12/9/2008 6:10 PM 24636]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/18/2010 8:34 AM 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/18/2010 8:34 AM 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [3/18/2010 8:34 AM 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/18/2010 8:34 AM 5888008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 3:25 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/18/2010 2:40 AM 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/18/2010 2:41 AM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/18/2010 2:41 AM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/18/2010 2:40 AM 26120]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [6/21/2007 6:04 PM 13225]
.
Contents of the 'Scheduled Tasks' folder

2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2010-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-28 21:22]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:25]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:25]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1460767002-2885596104-3398615566-1005Core.job
- c:\documents and settings\Justin Dreyer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 01:38]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1460767002-2885596104-3398615566-1005UA.job
- c:\documents and settings\Justin Dreyer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 01:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Justin Dreyer\Start Menu\Programs\UltimateBet\UltimateBet.lnk
FF - ProfilePath - c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\
FF - component: c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Justin Dreyer\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
HKCU-Run-Aim6 - (no file)
HKCU-Run-kgleceps - c:\documents and settings\Justin Dreyer\Local Settings\Application Data\banfxfmjy\navylbftssd.exe
HKLM-Run-Easy Dock - (no file)
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-kgleceps - c:\documents and settings\Justin Dreyer\Local Settings\Application Data\banfxfmjy\navylbftssd.exe
MSConfigStartUp-Microsoft Windows Adapter 5.1 - c:\documents and settings\Justin Dreyer\Application Data\fvylo.exe
AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 23:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2010-07-05  23:12:26
ComboFix-quarantined-files.txt  2010-07-06 04:12
ComboFix2.txt  2009-05-09 05:27

Pre-Run: 75,300,802,560 bytes free
Post-Run: 76,298,006,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 101FCE957F68BC6767067E991FC68C63
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer malware/spyware
« Reply #3 on: July 05, 2010, 11:51:13 PM »
Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot\
Reboot your computer, back in Windows

Copy ALL the below in the Code box and paste to an empty notepad file
Don't use anything else than notepad or the script will not work
To open Notepad you can go to Start>Programs>> Accessories, and then clicking Notepad.


Code: [Select]
Folder::
c:\documents and settings\Justin Dreyer\Application Data\Smart-Shopper
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
Save this as txtfile on your desktop, with the exact name of
CFScript

Temporarily disable your AntiVirus software so it won't interfere with this next step

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..
I'll need to see that log again

Keep me informed how things are now running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mengskx

  • Full Member
  • ***
  • Posts: 174
  • Karma: +0/-0
    • View Profile
Computer malware/spyware
« Reply #4 on: July 10, 2010, 02:35:53 AM »
I will take over for resevil.

ComboFix 10-07-04.04 - Justin Dreyer 07/06/2010   3:06.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.419 [GMT -5:00]
Running from: c:\documents and settings\Justin Dreyer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Justin Dreyer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((   Files Created from 2010-06-06 to 2010-07-06  )))))))))))))))))))))))))))))))
.

2010-07-06 04:27 . 2010-07-06 04:27   --------   d-----w-   c:\documents and settings\Justin Dreyer\Application Data\Malwarebytes
2010-07-05 07:31 . 2010-07-06 04:45   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-07-05 07:31 . 2010-07-05 23:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-05 07:12 . 2010-07-05 07:16   --------   d-----w-   c:\documents and settings\Justin Dreyer\Application Data\QuickScan
2010-07-05 07:10 . 2010-07-05 07:10   --------   d-----w-   c:\program files\ESET
2010-07-05 07:04 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 07:04 . 2010-07-06 04:27   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-05 07:04 . 2010-07-05 07:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 07:04 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-05 04:57 . 2010-07-05 04:57   --------   d-sh--w-   c:\documents and settings\Justin Dreyer\PrivacIE
2010-06-09 02:16 . 2010-05-06 10:41   743424   ------w-   c:\windows\system32\dllcache\iedvtool.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 07:51 . 2010-03-18 07:41   242896   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-06 07:51 . 2010-03-18 07:41   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-07-06 07:42 . 2008-01-24 03:44   --------   d-----w-   c:\program files\SlySoft
2010-07-06 04:24 . 2008-04-28 02:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2010-07-05 07:20 . 2007-06-22 00:07   59384   ----a-w-   c:\documents and settings\Justin Dreyer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 04:57 . 2010-03-18 07:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-01 03:32 . 2009-06-15 00:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-07-01 03:28 . 2009-06-15 00:29   --------   d-----w-   c:\documents and settings\Justin Dreyer\Application Data\ZoomBrowser EX
2010-06-28 03:20 . 2007-07-01 03:03   --------   d-----w-   c:\program files\Starcraft
2010-05-09 13:59 . 2007-07-02 22:29   --------   d-----w-   c:\program files\Google
2010-05-06 10:41 . 2005-08-16 09:18   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-08-16 09:18   1851264   ----a-w-   c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2005-08-16 09:18   285696   ----a-w-   c:\windows\system32\atmfd.dll
2010-04-15 17:19 . 2010-03-25 03:19   0   ----a-w-   c:\documents and settings\Justin Dreyer\Local Settings\Application Data\prvlcl.dat
2008-01-24 03:46 . 2008-01-24 03:45   24   --sh--w-   c:\windows\SDE69E7A8.tmp
2008-06-07 02:06 . 2008-06-07 02:05   10856   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02   1230080   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AIM"="c:\progra~1\AIM\aim.exe" [2006-08-01 67112]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"Google Update"="c:\documents and settings\Justin Dreyer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2002-05-02 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 196608]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-22 149280]
"Google Pinyin 2 Autoupdater"="c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2010-06-25 1214520]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-06 2065248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-21 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-18 13:34   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-05 16:23   87352   ----a-w-   c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [3/18/2010 2:41 AM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/18/2010 2:41 AM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2010 2:41 AM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2010 2:41 AM 242896]
R2 Apache2.2;Apache2.2;c:\x\apache\bin\httpd.exe [12/9/2008 6:10 PM 24636]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/18/2010 8:34 AM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/18/2010 8:34 AM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/6/2010 2:50 AM 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/18/2010 2:40 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/18/2010 2:41 AM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/18/2010 2:41 AM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/18/2010 2:40 AM 26120]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/18/2010 8:34 AM 5888008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 3:25 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/18/2010 2:40 AM 30104]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [6/21/2007 6:04 PM 13225]
.
Contents of the 'Scheduled Tasks' folder

2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2010-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-28 21:22]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:25]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:25]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1460767002-2885596104-3398615566-1005Core.job
- c:\documents and settings\Justin Dreyer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 01:38]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1460767002-2885596104-3398615566-1005UA.job
- c:\documents and settings\Justin Dreyer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 01:38]
.
.
------- Supplementary Scan -------
.
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Justin Dreyer\Start Menu\Programs\UltimateBet\UltimateBet.lnk
FF - ProfilePath - c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\
FF - component: c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Justin Dreyer\Application Data\Mozilla\Firefox\Profiles\srbrfkmt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Justin Dreyer\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 03:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\WININET.dll
c:\program files\Stardock\CursorFX\CurXP0.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-07-06  03:44:39
ComboFix-quarantined-files.txt  2010-07-06 08:44
ComboFix2.txt  2010-07-06 04:12
ComboFix3.txt  2009-05-09 05:27

Pre-Run: 75,041,767,424 bytes free
Post-Run: 75,030,544,384 bytes free

- - End Of File - - 17C45DF28A1826A44F44EAD63BD0BF5C
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer malware/spyware
« Reply #5 on: July 10, 2010, 11:43:12 AM »
Hello again mengskx
Can you let me know how things are now running

In addition:
Download DDS and save it to your desktop from [color="#FF0000"]here[/color]
Disable any script blocker, and then right  click  on dds.scr and choose to "Run as Admin"
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to this topic.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mengskx

  • Full Member
  • ***
  • Posts: 174
  • Karma: +0/-0
    • View Profile
Computer malware/spyware
« Reply #6 on: July 12, 2010, 01:32:42 AM »
DDS (Ver_10-03-17.01) - NTFSx86  
Run by Justin Dreyer at  1:11:42.75 on Mon 07/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.342 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
svchost.exe
C:\x\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\x\mysql\bin\mysqld.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\x\apache\bin\httpd.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\HWDiag\bin\PcdrEngine.exe
C:\Documents and Settings\Justin Dreyer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [Google Update] "c:\documents and settings\justin dreyer\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\launchpd.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [razer] c:\program files\razer\razerhid.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\justin dreyer\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\risk\images\stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\risk\images\armhelper.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\justin~1\applic~1\mozilla\firefox\profiles\srbrfkmt.default\
FF - component: c:\documents and settings\justin dreyer\application data\mozilla\firefox\profiles\srbrfkmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\justin dreyer\application data\mozilla\firefox\profiles\srbrfkmt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\justin dreyer\application data\mozilla\firefox\profiles\srbrfkmt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\justin dreyer\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-3-18 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-18 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-18 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-18 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-18 242896]
R2 Apache2.2;Apache2.2;c:\x\apache\bin\httpd.exe [2008-12-9 24636]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-18 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-18 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-7-6 2331544]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-28 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-18 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-3-18 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-3-18 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-3-18 26120]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-18 5888008]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-18 30104]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2007-6-21 13225]
S4 LMIRfsClientNP;LMIRfsClientNP;


=============== Created Last 30 ================

2010-07-07 17:52:41   0   d--h--w-   C:\$AVG
2010-07-06 04:27:57   0   d-----w-   c:\docume~1\justin~1\applic~1\Malwarebytes
2010-07-06 03:59:56   0   d-sha-r-   C:\cmdcons
2010-07-06 03:54:36   98816   ----a-w-   c:\windows\sed.exe
2010-07-06 03:54:36   77312   ----a-w-   c:\windows\MBR.exe
2010-07-06 03:54:36   256512   ----a-w-   c:\windows\PEV.exe
2010-07-06 03:54:36   161792   ----a-w-   c:\windows\SWREG.exe
2010-07-05 07:31:03   0   d-----w-   c:\program files\Spybot - Search & Destroy
2010-07-05 07:31:03   0   d-----w-   c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-05 07:12:55   0   d-----w-   c:\docume~1\justin~1\applic~1\QuickScan
2010-07-05 07:10:49   0   d-----w-   c:\program files\ESET
2010-07-05 07:04:05   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 07:04:04   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-07-05 07:04:04   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-05 07:04:04   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-05 04:57:18   0   d-sh--w-   c:\documents and settings\justin dreyer\PrivacIE
2010-06-25 12:13:59   2162744   ----a-w-   c:\windows\system32\GooglePinyin2.ime

==================== Find3M  ====================

2010-07-06 07:51:56   242896   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-05-05 13:30:57   173056   ------w-   c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50   1851264   ----a-w-   c:\windows\system32\win32k.sys
2010-05-02 05:22:50   1851264   ------w-   c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08   285696   ----a-w-   c:\windows\system32\atmfd.dll
2010-04-20 05:30:08   285696   ------w-   c:\windows\system32\dllcache\atmfd.dll
2008-06-07 02:06:05   10856   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-03-18 07:28:19   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010031820100319\index.dat

============= FINISH:  1:13:18.89 ===============





The results told me to zip this and attach the "attach" file. I could not upload it because the board said I do not have permission, so here is the copy paste method:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/21/2007 5:47:21 PM
System Uptime: 7/6/2010 2:55:46 AM (143 hours ago)

Motherboard: Dell Inc.           |  | 0HJ054
Processor:              Intel(R) Pentium(R) D  CPU 2.66GHz | Microprocessor | 2659/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 69.836 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP990: 4/6/2010 11:26:29 AM - System Checkpoint
RP991: 4/7/2010 1:28:51 PM - System Checkpoint
RP992: 4/8/2010 2:26:31 PM - System Checkpoint
RP993: 4/9/2010 3:26:31 PM - System Checkpoint
RP994: 4/10/2010 4:26:31 PM - System Checkpoint
RP995: 4/11/2010 5:26:31 PM - System Checkpoint
RP996: 4/12/2010 6:26:31 PM - System Checkpoint
RP997: 4/13/2010 6:41:01 PM - System Checkpoint
RP998: 4/14/2010 7:26:31 PM - System Checkpoint
RP999: 4/15/2010 8:26:33 PM - System Checkpoint
RP1000: 4/16/2010 9:26:31 PM - System Checkpoint
RP1001: 4/17/2010 10:26:31 PM - System Checkpoint
RP1002: 4/18/2010 3:00:17 AM - Software Distribution Service 3.0
RP1003: 4/19/2010 3:29:26 AM - System Checkpoint
RP1004: 4/20/2010 6:00:21 AM - System Checkpoint
RP1005: 4/21/2010 6:29:29 AM - System Checkpoint
RP1006: 4/22/2010 7:29:28 AM - System Checkpoint
RP1007: 4/23/2010 8:30:34 AM - System Checkpoint
RP1008: 4/24/2010 9:29:29 AM - System Checkpoint
RP1009: 4/25/2010 10:29:30 AM - System Checkpoint
RP1010: 4/26/2010 11:29:32 AM - System Checkpoint
RP1011: 4/27/2010 12:29:30 PM - System Checkpoint
RP1012: 4/28/2010 1:29:31 PM - System Checkpoint
RP1013: 4/29/2010 2:30:37 PM - System Checkpoint
RP1014: 4/30/2010 2:53:01 PM - System Checkpoint
RP1015: 5/1/2010 3:29:34 PM - System Checkpoint
RP1016: 5/2/2010 3:47:15 PM - System Checkpoint
RP1017: 5/9/2010 12:41:03 AM - System Checkpoint
RP1018: 5/10/2010 12:58:08 AM - System Checkpoint
RP1019: 5/11/2010 1:01:07 AM - System Checkpoint
RP1020: 5/12/2010 1:01:50 AM - System Checkpoint
RP1021: 5/13/2010 2:02:13 AM - System Checkpoint
RP1022: 5/15/2010 9:40:02 PM - System Checkpoint
RP1023: 5/16/2010 3:00:16 AM - Software Distribution Service 3.0
RP1024: 5/17/2010 3:01:10 AM - System Checkpoint
RP1025: 5/18/2010 5:37:40 AM - System Checkpoint
RP1026: 5/19/2010 10:41:44 AM - System Checkpoint
RP1027: 5/20/2010 11:01:13 AM - System Checkpoint
RP1028: 5/21/2010 12:01:14 PM - System Checkpoint
RP1029: 5/22/2010 1:07:44 PM - System Checkpoint
RP1030: 5/23/2010 2:01:14 PM - System Checkpoint
RP1031: 5/24/2010 3:01:15 PM - System Checkpoint
RP1032: 5/25/2010 9:43:32 PM - System Checkpoint
RP1033: 5/26/2010 10:01:16 PM - System Checkpoint
RP1034: 5/27/2010 11:01:18 PM - System Checkpoint
RP1035: 5/30/2010 3:00:17 AM - Software Distribution Service 3.0
RP1036: 5/31/2010 3:01:19 AM - System Checkpoint
RP1037: 6/2/2010 3:11:45 PM - System Checkpoint
RP1038: 6/3/2010 4:01:23 PM - System Checkpoint
RP1039: 6/4/2010 5:14:52 PM - System Checkpoint
RP1040: 6/5/2010 6:01:23 PM - System Checkpoint
RP1041: 6/6/2010 7:01:24 PM - System Checkpoint
RP1042: 6/7/2010 8:01:24 PM - System Checkpoint
RP1043: 6/8/2010 9:02:30 PM - System Checkpoint
RP1044: 6/9/2010 10:01:25 PM - System Checkpoint
RP1045: 6/10/2010 11:03:42 PM - System Checkpoint
RP1046: 6/12/2010 1:17:53 AM - System Checkpoint
RP1047: 6/13/2010 2:01:30 AM - System Checkpoint
RP1048: 6/13/2010 3:00:16 AM - Software Distribution Service 3.0
RP1049: 6/14/2010 3:38:54 AM - System Checkpoint
RP1050: 6/15/2010 3:43:25 AM - System Checkpoint
RP1051: 6/16/2010 4:43:26 AM - System Checkpoint
RP1052: 6/17/2010 5:43:25 AM - System Checkpoint
RP1053: 6/18/2010 6:54:18 AM - System Checkpoint
RP1054: 6/19/2010 7:43:29 AM - System Checkpoint
RP1055: 6/20/2010 8:43:30 AM - System Checkpoint
RP1056: 6/27/2010 3:00:20 AM - Software Distribution Service 3.0
RP1057: 6/28/2010 3:55:31 AM - System Checkpoint
RP1058: 6/29/2010 7:21:30 AM - System Checkpoint
RP1059: 6/30/2010 7:44:11 AM - System Checkpoint
RP1060: 7/2/2010 5:32:10 AM - System Checkpoint
RP1061: 7/3/2010 6:28:54 AM - System Checkpoint
RP1062: 7/4/2010 7:28:53 AM - System Checkpoint
RP1063: 7/6/2010 2:42:11 AM - Remove AnyDVD
RP1064: 7/6/2010 2:49:52 AM - Avg Update
RP1065: 7/6/2010 2:52:05 AM - Avg Update

==== Installed Programs ======================


??????? 2.3
Absolute Poker
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Reader 7.1.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AIM 6
America Online (Choose which version to remove)
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
ATI Multimedia Center 7.9.0.0
AutoUpdate
AVG 9.0
BitTorrent 6.0
Camtasia Studio 4
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Craving Explorer Version 0.20.0
Critical Update for Windows Media Player 11 (KB959772)
CursorFX
DarkCrusade
Dell CinePlayer
Dell Driver Reset Tool
Dell Photo AIO Printer 924
Dell Support Center (Support Software)
DellSupport
DH Driver Cleaner Professional Edition
Digital Content Portal
Digital Line Detect
DivX Converter
DivX Player
DivX Web Player
DNA
Documentation & Support Launcher
Drive Manager
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EditPlus 3
EducateU
ESET Online Scanner v3
ESPNMotion
Fraps
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
Google Chrome
Google Earth
Google Toolbar for Firefox
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
LimeWire 4.12.14
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
mIRC
Modem Helper
Mozilla Firefox (3.0.19)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 8 Demo
neroxml
NetWaiting
NetZeroInstallers
Notepad++
OpenOffice.org 3.0
Otto
PDF Settings
Pinnacle device drivers
Pinnacle Hollywood FX 4.6
PokerStars
QuickTime
Razer
RealPlayer Basic
ScenalyzerLive (remove)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sothink SWF Quicker
SoulSeek Client 156c
Spybot - Search & Destroy
SpywareBlaster 4.0
Starcraft
Studio 8
UltimateBet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Uplink Demo (remove only)
VCRedistSetup
VideoLAN VLC media player 0.8.6b
Videora iPod Converter 2.25
VP6 Decoder
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
XAMPP 1.7.1

==== Event Viewer Messages From Past Week ========

7/5/2010 6:54:25 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.101 for the Network Card with network address 001372E7F8BC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/5/2010 2:48:05 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AvgLdx86 AvgMfx86 ElbyCDIO Fips intelppm PCLEPCI ssmdrv
7/5/2010 2:37:56 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx86 AvgMfx86 AvgTdiX ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss ssmdrv Tcpip
7/5/2010 2:37:56 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
7/5/2010 2:37:56 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/5/2010 2:37:56 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/5/2010 2:37:56 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
7/5/2010 2:37:56 AM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/5/2010 2:37:56 AM, error: Service Control Manager [7001]  - The Apache2.2 service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
7/5/2010 2:37:56 AM, error: Service Control Manager [7001]  - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/5/2010 2:37:52 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/5/2010 2:30:49 AM, error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
7/5/2010 2:28:28 AM, error: ati2mtag [45062]  - CRT invalid display type
7/5/2010 2:25:23 AM, error: Service Control Manager [7034]  - The Nero BackItUp Scheduler 3 service terminated unexpectedly.  It has done this 1 time(s).
7/5/2010 2:25:19 AM, error: Service Control Manager [7031]  - The Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/5/2010 2:25:15 AM, error: Service Control Manager [7034]  - The mysql service terminated unexpectedly.  It has done this 1 time(s).
7/5/2010 2:20:02 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2010 2:18:52 AM, error: Service Control Manager [7034]  - The Basics Service service terminated unexpectedly.  It has done this 1 time(s).
7/5/2010 2:18:46 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
7/5/2010 2:18:02 AM, error: Service Control Manager [7034]  - The AVG Firewall service terminated unexpectedly.  It has done this 1 time(s).
7/5/2010 2:17:53 AM, error: Service Control Manager [7034]  - The Apache2.2 service terminated unexpectedly.  It has done this 1 time(s).

==== End Of File ===========================
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer malware/spyware
« Reply #7 on: July 16, 2010, 10:06:41 PM »
Sorry for the delay, how are things running on your end now?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mengskx

  • Full Member
  • ***
  • Posts: 174
  • Karma: +0/-0
    • View Profile
Computer malware/spyware
« Reply #8 on: July 20, 2010, 12:02:14 AM »
Everything is running fine on the computer. Thanks for the help
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer malware/spyware
« Reply #9 on: July 20, 2010, 11:10:10 PM »
Can we run one last tool and make sure some of your programs are up to date
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »