Author Topic: [Resolved] Fraud.Sysguard and WinSpywareProtect (Read 2602 times)

MillieNeon · « **on:** August 23, 2010, 08:35:09 PM »

Hi.

First of all, thanks for you very informative website.

My debit card was recently hijacked, and my bank is working with me on that. I caught it immediately, so not a lot of damage there.

In trying to figure out how that happened, I ran Spybot and found Fraud.Sysguard and WinSpywareProtect malware. Spybot removed them. However, in researching Fraud.Sysguard, there was indications that it could leave a hook somewhere that would re-install it when I boot up my computer again.

What I'd like to know is:

1. Does the current version of Spybot remove the malware completely?
2. If not, what do I need to do?

I run AVG free antivirus. It doesn't seem to catch some stuff. Is there an antivirus you'd recommend? I will pay for one to protect my computer.

Thank you.

PCBruiser · « **Reply #1 on:** August 23, 2010, 08:38:07 PM »

In order to receive help, you must post a HJT log. We cannot provide any help until that is done. Please carefully read and follow all the pinned topics at the top of our http://spywarehammer.com/simplemachinesforum/index.php?board=10.0 forum and post a HJT log to this topic. Remember to turn OFF WordWrap in the Format menu of Notepad before posting your log. Once you do that, one of our experts will help you diagnose and remove any malware that may be on your system.

MillieNeon · « **Reply #2 on:** August 23, 2010, 09:12:51 PM »

Thank you for your reply and your time. Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:21 PM, on 8/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.pogo.com/game/deluxe/zuma/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrivePlugin - Pro-Softnet - C:\Program Files\IDrive\IDriveWebM.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 15503 bytes

1972vet · « **Reply #3 on:** August 24, 2010, 02:00:11 AM »

Please do the following:

Step 1
Please download the free utility DDS.

Disable any script blocker you may have running, then double click dds.scr to run the tool.

When it completes, DDS will open two (2) logs:

DDS.txt
Attach.txt

Save both reports to your desktop.

Step 2
Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to your desktop
Double click GMER.exe. If asked to allow gmer.sys driver to load, please agree to do so
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that, by default, have already been checked. Please uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All <--don't miss this one
Then click the Scan button & wait for it to finish
Once the scan completes, click on the [Save..] button, and in the File name area, type in "ark.txt"
Save it where you can easily find it, such as your desktop
If you have trouble scanning with gmer then try the scan again but this time with everything unchecked except for "sections"

**Caution**

Rootkit scans often produce false positives.

Do NOT take any action on any of these "<--- ROOKIT" entries without proper guidance from an expert user.

Please include the following logs in your next reply, Thanks!:

DDS.txt
Attach.txt
ark.txt

***Note***
Although the document itself may instruct you to zip and attach when posting, please ignore that and copy/paste instead...unless of course, your log is so large that the forum software tells you that it is too large for posting. Only in that case would you need to zip it and attach it. Thanks!

MillieNeon · « **Reply #4 on:** August 24, 2010, 02:26:30 PM »

Sorry to take so long. Was running the scan for ark.txt file last night and the computer crashed. Then it hung when trying to reboot. Ran the scan today, saved it, and when I went to the internet, the computer crashed again. Thunderbird Email program was working fine though. Now I'm able to get on, but only because when I clicked MicrosSoft Error reporting, Chrome opened okay, but without the tabs I had open. So, at any rate. Here's the files requested. Thank you again for your time and effort. When I get paid again in mid-September, I will definitely donate.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dantian at 3:45:12.54 on Tue 08/24/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.217 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Dantian\Desktop\MALWARE HELP\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.netflix.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Shell=explorer.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [IDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\dantian\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CreateCD_Reminder] c:\windows\sonysys\vaio recovery\reminder.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\dantian\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\dantian\startm~1\programs\startup\idrive~1.lnk - c:\program files\idrive\IDriveEReg2ini.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~2.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\devicedetector\DirectrecConfig.exe
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.pogo.com/game/deluxe/zuma/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - hxxp://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
Hosts: 127.0.0.1   www.spywareinfo.com
Hosts: 17.250.248.77   idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
Hosts: 10.120.122.8 HP000D9D1A7D97

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dantian\applic~1\mozilla\firefox\profiles\uejmhuiw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha&utm_term=online+calendar&gsessionid=hEEX1tvQISJXqmY86-CIJw
FF - prefs.js: keyword.URL - chrome://google-partner/locale/partner.properties
FF - component: c:\documents and settings\dantian\application data\mozilla\firefox\profiles\uejmhuiw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\dantian\application data\mozilla\firefox\profiles\uejmhuiw.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\dantian\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-24 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-13 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-24 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2008-12-27 131072]
R2 IDrivePlugin;IDrivePlugin;c:\program files\idrive\IDriveWebM.exe [2008-12-27 58832]
S3 Npfspdi;Npfspdi;c:\windows\system32\netsh.exe [2004-11-20 86016]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2005-9-24 91392]
S3 VVRUSB;VVRUSB Device;c:\windows\system32\drivers\VVRUSB.sys [2005-3-11 38479]

=============== Created Last 30 ================

==================== Find3M ====================

2010-07-23 15:38:37   610   ----a-w-   c:\docume~1\dantian\applic~1\wklnhst.dat
2010-07-16 23:22:43   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-07-16 23:22:42   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-07-16 23:22:37   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-15 15:04:53   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:04:50   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-15 15:03:26   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:15:28   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-06-24 12:15:26   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-06-24 12:15:26   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-06-23 13:44:04   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-17 14:03:00   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 07:41:45   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2008-10-05 09:19:53   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100520081006\index.dat
2009-12-20 22:54:59   16384   --sha-w-   c:\windows\temp\cookies\index.dat
2009-12-20 22:54:59   16384   --sha-w-   c:\windows\temp\history\history.ie5\index.dat
2009-12-20 22:54:59   32768   --sha-w-   c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 3:46:52.48 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/5/2005 4:06:47 PM
System Uptime: 8/23/2010 10:40:56 AM (17 hours ago)
Processor: Intel(R) Pentium(R) M processor 1.73GHz | N/A | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 35.488 GiB free.
D: is CDROM (UDF)
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1758: 5/26/2010 10:00:22 AM - Software Distribution Service 3.0
RP1759: 5/27/2010 12:19:00 PM - System Checkpoint
RP1760: 5/28/2010 12:26:50 PM - System Checkpoint
RP1761: 5/29/2010 12:32:23 PM - System Checkpoint
RP1762: 6/4/2010 12:01:27 AM - Avg Update
RP1763: 6/4/2010 12:40:17 AM - Software Distribution Service 3.0
RP1764: 6/5/2010 3:26:58 AM - System Checkpoint
RP1765: 6/6/2010 1:31:01 PM - System Checkpoint
RP1766: 6/7/2010 7:27:32 PM - System Checkpoint
RP1767: 6/8/2010 7:43:50 PM - System Checkpoint
RP1768: 6/10/2010 3:42:26 AM - System Checkpoint
RP1769: 6/11/2010 4:25:22 AM - System Checkpoint
RP1770: 6/11/2010 4:58:52 AM - Software Distribution Service 3.0
RP1771: 6/12/2010 12:34:06 AM - Software Distribution Service 3.0
RP1772: 6/13/2010 12:48:21 AM - System Checkpoint
RP1773: 6/14/2010 12:57:20 AM - System Checkpoint
RP1774: 6/15/2010 1:53:11 PM - System Checkpoint
RP1775: 6/18/2010 7:24:41 PM - System Checkpoint
RP1776: 6/19/2010 9:02:36 PM - System Checkpoint
RP1777: 6/20/2010 9:58:11 PM - System Checkpoint
RP1778: 6/21/2010 10:30:50 PM - System Checkpoint
RP1779: 6/23/2010 10:03:14 AM - System Checkpoint
RP1780: 6/23/2010 5:37:03 PM - Software Distribution Service 3.0
RP1781: 6/24/2010 5:59:56 PM - System Checkpoint
RP1782: 6/25/2010 9:55:51 AM - Avg Update
RP1783: 6/26/2010 1:50:00 PM - System Checkpoint
RP1784: 6/27/2010 2:20:53 PM - System Checkpoint
RP1785: 6/28/2010 8:21:12 PM - System Checkpoint
RP1786: 6/29/2010 8:26:43 PM - System Checkpoint
RP1787: 6/30/2010 9:46:30 PM - System Checkpoint
RP1788: 7/1/2010 10:07:00 PM - System Checkpoint
RP1789: 7/2/2010 11:14:55 PM - System Checkpoint
RP1790: 7/4/2010 10:46:38 AM - System Checkpoint
RP1791: 7/5/2010 5:24:57 PM - System Checkpoint
RP1792: 7/6/2010 6:10:17 PM - System Checkpoint
RP1793: 7/7/2010 6:20:37 PM - System Checkpoint
RP1794: 7/8/2010 7:42:00 PM - System Checkpoint
RP1795: 7/9/2010 8:26:14 PM - System Checkpoint
RP1796: 7/10/2010 8:38:11 PM - System Checkpoint
RP1797: 7/12/2010 9:16:32 AM - System Checkpoint
RP1798: 7/13/2010 1:16:54 PM - System Checkpoint
RP1799: 7/14/2010 10:00:50 AM - Software Distribution Service 3.0
RP1800: 7/15/2010 10:01:01 AM - Avg Update
RP1801: 7/15/2010 10:05:10 AM - Avg Update
RP1802: 7/16/2010 12:09:43 PM - System Checkpoint
RP1803: 7/16/2010 6:18:09 PM - SetPoint 4.80
RP1804: 7/17/2010 6:19:09 PM - System Checkpoint
RP1805: 7/18/2010 6:56:36 PM - System Checkpoint
RP1806: 7/19/2010 7:38:54 PM - System Checkpoint
RP1807: 7/21/2010 10:00:16 AM - Avg Update
RP1808: 7/22/2010 5:13:02 PM - System Checkpoint
RP1809: 7/23/2010 6:07:00 PM - System Checkpoint
RP1810: 7/24/2010 9:01:28 PM - System Checkpoint
RP1811: 7/26/2010 1:41:58 PM - System Checkpoint
RP1812: 7/27/2010 2:23:22 PM - System Checkpoint
RP1813: 7/28/2010 3:01:12 PM - System Checkpoint
RP1814: 7/29/2010 4:17:04 PM - System Checkpoint
RP1815: 7/30/2010 4:31:14 PM - System Checkpoint
RP1816: 7/31/2010 4:58:51 PM - System Checkpoint
RP1817: 8/1/2010 5:28:32 PM - System Checkpoint
RP1818: 8/2/2010 5:46:43 PM - System Checkpoint
RP1819: 8/3/2010 10:00:31 AM - Software Distribution Service 3.0
RP1820: 8/4/2010 10:30:57 AM - System Checkpoint
RP1821: 8/5/2010 11:12:53 AM - System Checkpoint
RP1822: 8/6/2010 11:46:37 AM - System Checkpoint
RP1823: 8/7/2010 1:48:22 PM - System Checkpoint
RP1824: 8/8/2010 3:06:43 PM - System Checkpoint
RP1825: 8/9/2010 5:43:27 PM - System Checkpoint
RP1826: 8/10/2010 8:47:00 PM - System Checkpoint
RP1827: 8/13/2010 5:33:19 AM - Software Distribution Service 3.0
RP1828: 8/14/2010 10:18:44 AM - System Checkpoint
RP1829: 8/15/2010 10:41:35 AM - System Checkpoint
RP1830: 8/16/2010 12:14:38 PM - Avg Update
RP1831: 8/17/2010 2:00:07 PM - System Checkpoint
RP1832: 8/18/2010 2:57:43 PM - System Checkpoint
RP1833: 8/19/2010 6:13:48 PM - System Checkpoint
RP1834: 8/20/2010 6:45:12 PM - System Checkpoint
RP1835: 8/22/2010 11:05:08 AM - System Checkpoint
RP1836: 8/23/2010 11:06:06 AM - System Checkpoint
RP1837: 8/23/2010 9:54:46 PM - Removed Xara Webstyle 4
RP1838: 8/23/2010 10:03:59 PM - Installed HiJackThis

==== Installed Programs ======================

3ivx D4 4.5.1 Decoder (remove only)
AceMoney
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 4.0, 5.0
Adobe Acrobat 6.0.1 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe InDesign CS2
Adobe Photoshop 6.0
Adobe Photoshop CS
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
Adobe SVG Viewer
Adobe® Photoshop® Album Starter Edition 3.0
Astral Interface 5 by Magnus
Audacity 1.2.6
Audio/Video Conference 4.1+
AutoLogon 1.0
AVG Free 9.0
Canon Camera Access Library
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Personal Printing Guide
Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CleanCenter v1.35.02
Click to DVD 2.0.02 Menu Data
Click to DVD 2.2.10
CONNECT
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam Notebook Driver (1.04.01.0322)
Creative WebCam Notebook User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
DVgate Plus
EarMaster Pro 4
Easy-WebPrint
erLT
Eudora
Genuine Fractals
Google Chrome
Google Earth
GoToMeeting 4.0.0.320
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iDisk Utility for Windows
IDrive version 3.2.2 December 26 2008
Indeo® software
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD 5 for VAIO
InterVideo WinDVDX
Ipswitch WS_FTP Pro
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 14
Java(TM) 6 Update 6
Java(TM) 6 Update 7
logiDecrypt
Macromedia Contribute
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand MX
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Microsoft Works
mMHouse
MoodLogic
Mozilla Firefox (3.0.15)
Mozilla Thunderbird (2.0.0.24)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
mWlsSafe
mXML
Netscape Internet Service Setup
Network ScanGear Ver.2.01
NVIDIA Drivers
Olympus DSS Player
Olympus Voice Album
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Secure Module 4.0.00
OpenOffice.org 3.1
PictureGear Studio 2.0
PIXMA Extended Survey Program
QuarkXPress 6.5
QuickBooks Pro 99
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RedShift 3
Samsung ML-1710 Seriess
ScanSoft OmniPage SE 4
ScanToWeb
Scratch
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Setting Utility Series
Skype™ 3.8
Sonic RecordNow!
SonicStage 2.1.02
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
TBS WMP Plug-in
The Human 3D
The Journey to Wild Divine
The Wild Divine Grapher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB MassStorage CardReader
VAIO Control Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Survey Standalone
VAIO Update 2
VAIO Wireless Utility
VAIO Zone
WebFldrs XP
Welcome to VAIO life
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinPatrol 2009
WinZip 14.0
Wireless Switch Setting Utility
Wisdom Quest
Xara Dreamweaver Extension 1.03
Xara ScreenMaker3D
Xara Xtreme
Xara Xtreme 4 e-version
XML Paper Specification Shared Components Pack 1.0
XPressMath XTensions

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-24 14:01:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Dantian\LOCALS~1\Temp\pxtdapow.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifmsony.sys entry point in "init" section [0xF75D6280]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\hjgruiwtpxjkji.sys (*** hidden *** ) [SYSTEM] hjgruiibcjxvni <-- ROOTKIT !!!
Service system32\drivers\SKYNETtidqomlw.sys (*** hidden *** ) [SYSTEM] SKYNETwnodrujf <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni@imagepath \systemroot\system32\drivers\hjgruiwtpxjkji.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruiwtpxjkji.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiibcjxvni\modules@hjgruicmd.dll \systemroot\system32\hjgruibapihxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf@imagepath \systemroot\system32\drivers\SKYNETtidqomlw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\modules@SKYNETrk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\modules@SKYNETcmd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\modules@SKYNETlog.dat \systemroot\system32\SKYNETaprqptkl.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\modules@SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETwnodrujf\modules@SKYNET.dat \systemroot\system32\SKYNETlvrbwtnk.dat
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni@imagepath \systemroot\system32\drivers\hjgruiwtpxjkji.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruiwtpxjkji.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiibcjxvni\modules@hjgruicmd.dll \systemroot\system32\hjgruibapihxwp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf@imagepath \systemroot\system32\drivers\SKYNETtidqomlw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\main@aid 10096
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\modules@SKYNETrk.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\modules@SKYNETcmd.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\modules@SKYNETlog.dat \systemroot\system32\SKYNETaprqptkl.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\modules@SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETwnodrujf\modules@SKYNET.dat \systemroot\system32\SKYNETlvrbwtnk.dat

---- EOF - GMER 1.0.15 ----

1972vet · « **Reply #5 on:** August 25, 2010, 07:38:53 AM »

Checking on the logs I am currently working, I see that you replied to my request for the scan logs and I found that yours shows a reply for which I did not receive an email notice. Sorry for that. Must have been a forum glitch.

I am currently looking over the logs and will have more for you in a short while. Thanks for your patience!

1972vet · « **Reply #6 on:** August 25, 2010, 11:13:30 AM »

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

MillieNeon · « **Reply #7 on:** August 25, 2010, 08:50:19 PM »

No need to apologize for not seeing my response. I appreciate the time you people have spent helping me and others. I had a problem disabling my free AVG 9. So I went to uninstall it, and it wouldn't uninstall properly, so I had to go on their forum. Finally got it uninstalled so I cd run Combofix.

Below is the log. A HOSTS file also came up. I've saved it in case you need to see that as well. And again Thank you for your time and effort.

ComboFix 10-08-24.0C - Dantian 08/25/2010 20:45:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.609 [GMT -5:00]
Running from: c:\documents and settings\Dantian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dantian\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\hjgruiwtpxjkji.sys
c:\windows\system32\SKYNETaprqptkl.dat
c:\windows\system32\SKYNETlvrbwtnk.dat
c:\windows\Vic
c:\windows\Vic\_drphil_logo.jpg
c:\windows\Vic\Brain Matters Logo 300 dpi.jpg
c:\windows\Vic\spotlight.png
c:\windows\Vic\spotlight_blue swirl.psd

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hjgruiibcjxvni
-------\Service_hjgruiibcjxvni

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 01:18 . 2010-08-26 01:18   --------   d-----w-   C:\AVGTemp
2010-08-24 08:50 . 2010-08-24 08:50   --------   d-----w-   c:\documents and settings\Dantian\Local Settings\Application Data\WinZip
2010-08-24 03:04 . 2010-08-24 03:04   --------   d-----w-   c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 02:31 . 2008-12-27 07:11   --------   d-----w-   c:\program files\IDrive
2010-08-26 01:30 . 2009-11-10 17:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-08-26 01:27 . 2009-06-26 15:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-26 01:06 . 2009-03-12 13:01   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-08-24 03:04 . 2010-08-24 03:04   388096   ----a-r-   c:\documents and settings\Dantian\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-24 02:57 . 2008-06-24 02:19   --------   d-----w-   c:\program files\NCH Swift Sound
2010-08-24 02:57 . 2008-06-24 02:19   --------   d-----w-   c:\documents and settings\Dantian\Application Data\NCH Swift Sound
2010-08-03 16:26 . 2010-07-16 23:18   --------   d-----w-   c:\program files\Common Files\Logishrd
2010-08-03 15:14 . 2010-07-16 23:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\LogiShrd
2010-07-23 15:38 . 2005-04-13 17:39   610   ----a-w-   c:\documents and settings\Dantian\Application Data\wklnhst.dat
2010-07-16 23:22 . 2010-07-16 23:22   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-07-16 23:22 . 2010-07-16 23:22   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-07-16 23:22 . 2010-07-16 23:22   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-16 23:19 . 2004-11-21 01:49   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-06-30 12:31 . 2004-11-21 00:04   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 16:46 . 2009-06-24 07:07   1   ----a-w-   c:\documents and settings\Dantian\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-24 12:15 . 2004-11-21 00:04   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-11-21 00:04   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-11-21 00:04   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-11-21 00:04   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-21 00:04   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-11-21 01:19   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-21 00:04   1172480   ----a-w-   c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2008-11-06 87504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Dantian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-20 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-22 184320]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-10-26 167936]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-18 417792]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2004-11-29 778240]

c:\documents and settings\Dantian\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-20 110592]
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2008-12-27 208896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-20 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2005-10-6 118784]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2008-1-26 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dantian^Start Menu^Programs^Startup^AnyTime.lnk]
path=c:\documents and settings\Dantian\Start Menu\Programs\Startup\AnyTime.lnk
backup=c:\windows\pss\AnyTime.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dantian^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Dantian\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyTime Organizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46   57344   ----a-w-   c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21   114688   ----a-w-   c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12   32768   ----a-w-   c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 16:36   256576   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 20:31   21633320   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [12/27/2008 2:11 AM 131072]
R2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDriveWebM.exe [12/27/2008 2:11 AM 58832]
S3 Npfspdi;Npfspdi;c:\windows\system32\netsh.exe [11/20/2004 7:04 PM 86016]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [9/24/2005 10:26 PM 91392]
S3 VVRUSB;VVRUSB Device;c:\windows\system32\drivers\VVRUSB.sys [3/11/2005 4:08 PM 38479]
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385749475-3314045100-178860482-1006Core.job
- c:\documents and settings\Dantian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 16:22]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385749475-3314045100-178860482-1006UA.job
- c:\documents and settings\Dantian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Dantian\Application Data\Mozilla\Firefox\Profiles\uejmhuiw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha&utm_term=online+calendar&gsessionid=hEEX1tvQISJXqmY86-CIJw
FF - prefs.js: keyword.URL - chrome://google-partner/locale/partner.properties
FF - component: c:\documents and settings\Dantian\Application Data\Mozilla\Firefox\Profiles\uejmhuiw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Dantian\Application Data\Mozilla\Firefox\Profiles\uejmhuiw.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-ddoctorv2 - c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 21:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Dantian\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\IDrive\IDriveETray.exe
c:\program files\IDrive\IDriveEBackground.exe
.
**************************************************************************
.
Completion time: 2010-08-25 21:43:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 02:43

Pre-Run: 39,498,321,920 bytes free
Post-Run: 39,833,092,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE

- - End Of File - - CD6DF581AD44CB07A2BD06A0AE7EA311

1972vet · « **Reply #8 on:** August 25, 2010, 09:05:33 PM »

Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

KILLALL::

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}

MillieNeon · « **Reply #9 on:** August 25, 2010, 10:23:48 PM »

Here tis:

ComboFix 10-08-24.0C - Dantian 08/25/2010 22:55:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.532 [GMT -5:00]
Running from: c:\documents and settings\Dantian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dantian\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 03:29 . 2010-08-26 03:29   --------   d-----w-   c:\documents and settings\Dantian\Application Data\Avira
2010-08-26 03:04 . 2010-03-01 15:05   124784   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-08-26 03:04 . 2010-02-16 19:24   60936   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-08-26 03:04 . 2009-05-11 17:49   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-08-26 03:04 . 2009-05-11 17:49   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-08-26 03:04 . 2010-08-26 03:04   --------   d-----w-   c:\program files\Avira
2010-08-26 03:04 . 2010-08-26 03:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2010-08-26 01:18 . 2010-08-26 01:18   --------   d-----w-   C:\AVGTemp
2010-08-24 08:50 . 2010-08-24 08:50   --------   d-----w-   c:\documents and settings\Dantian\Local Settings\Application Data\WinZip
2010-08-24 03:04 . 2010-08-24 03:04   --------   d-----w-   c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 04:10 . 2008-12-27 07:11   --------   d-----w-   c:\program files\IDrive
2010-08-26 03:35 . 2009-03-12 13:01   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-08-26 01:30 . 2009-11-10 17:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-08-26 01:27 . 2009-06-26 15:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-24 03:04 . 2010-08-24 03:04   388096   ----a-r-   c:\documents and settings\Dantian\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-24 02:57 . 2008-06-24 02:19   --------   d-----w-   c:\program files\NCH Swift Sound
2010-08-24 02:57 . 2008-06-24 02:19   --------   d-----w-   c:\documents and settings\Dantian\Application Data\NCH Swift Sound
2010-08-03 16:26 . 2010-07-16 23:18   --------   d-----w-   c:\program files\Common Files\Logishrd
2010-08-03 15:14 . 2010-07-16 23:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\LogiShrd
2010-07-23 15:38 . 2005-04-13 17:39   610   ----a-w-   c:\documents and settings\Dantian\Application Data\wklnhst.dat
2010-07-16 23:22 . 2010-07-16 23:22   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-07-16 23:22 . 2010-07-16 23:22   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-07-16 23:22 . 2010-07-16 23:22   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-16 23:19 . 2004-11-21 01:49   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-06-30 12:31 . 2004-11-21 00:04   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 16:46 . 2009-06-24 07:07   1   ----a-w-   c:\documents and settings\Dantian\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-24 12:15 . 2004-11-21 00:04   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-11-21 00:04   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-11-21 00:04   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-11-21 00:04   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-21 00:04   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-11-21 01:19   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-21 00:04   1172480   ----a-w-   c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2008-11-06 87504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Dantian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-20 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-22 184320]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-10-26 167936]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-18 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2004-11-29 778240]

c:\documents and settings\Dantian\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-20 110592]
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2008-12-27 208896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-20 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2005-10-6 118784]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2008-1-26 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dantian^Start Menu^Programs^Startup^AnyTime.lnk]
path=c:\documents and settings\Dantian\Start Menu\Programs\Startup\AnyTime.lnk
backup=c:\windows\pss\AnyTime.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dantian^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Dantian\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46   57344   ----a-w-   c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21   114688   ----a-w-   c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12   32768   ----a-w-   c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 16:36   256576   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 20:31   21633320   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/25/2010 10:04 PM 135336]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [12/27/2008 2:11 AM 131072]
R2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDriveWebM.exe [12/27/2008 2:11 AM 58832]
S3 Npfspdi;Npfspdi;c:\windows\system32\netsh.exe [11/20/2004 7:04 PM 86016]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [9/24/2005 10:26 PM 91392]
S3 VVRUSB;VVRUSB Device;c:\windows\system32\drivers\VVRUSB.sys [3/11/2005 4:08 PM 38479]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385749475-3314045100-178860482-1006Core.job
- c:\documents and settings\Dantian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 16:22]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3385749475-3314045100-178860482-1006UA.job
- c:\documents and settings\Dantian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Dantian\Application Data\Mozilla\Firefox\Profiles\uejmhuiw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha&utm_term=online+calendar&gsessionid=hEEX1tvQISJXqmY86-CIJw
FF - prefs.js: keyword.URL - chrome://google-partner/locale/partner.properties
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 23:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(1632)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\documents and settings\Dantian\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\IDrive\IDriveETray.exe
c:\program files\IDrive\IDriveEBackground.exe
.
**************************************************************************
.
Completion time: 2010-08-25 23:22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 04:22
ComboFix2.txt 2010-08-26 02:43

Pre-Run: 39,575,097,344 bytes free
Post-Run: 39,537,012,736 bytes free

- - End Of File - - 94E6EE956402A7A76963E7376EC97F6D

MillieNeon · « **Reply #10 on:** August 25, 2010, 10:52:20 PM »

Forgot to say that after running Combofix, I installed Avira Antivir (the free version). I saw you recommended it. It was a pleasure to simply be able to "disable" it so I cd re-run Combofix. Can you recommend a good firewall? Free version, if possible. Thanks. I also have WinPatrol on my computer. And Spybot Search & Destroy. Please let me know if you think I have too many of these programs. Thank you.

1972vet · « **Reply #11 on:** August 26, 2010, 03:07:03 AM »

Your log looks fine now...with one exception. This entry:
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
...indicates to me that your AVG software met with some resistance upon activation of the uninstall string. Looking at the log, it is evident that the Spybot TeaTimer registry protection feature is the culprit here. You can use the AVG Remover utility to completely remove a failed/corrupted uninstall. By the way, the Spybot TeaTimer is a bit much now that you have WinPatrol. WinPatrol offers much more control...an excellent piece of freeware btw.

As to your firewall concern, you can select from any of These third party programs. Read each of them to determine for yourself which would be best for your situation.

Run that removal utility and post back with a fresh HijackThis log and let us know how the system behaves for you now.

MillieNeon · « **Reply #12 on:** August 26, 2010, 11:17:41 AM »

Thank you. I ran the avgremover for 32 bit, tho I'm not sure if I have 32 bit or 64 bit (I have a Sony Vaio laptop from 2005). I got a flash of a dos screen that ran and disappeared, but there was no restart of the computer or request to restart, which the instructions said would happen. So I tried the remover for 64 bit, and nothing happened.

I'm also not adept at setting up WinPatrol. Does it scan for malware? I will look for a tutorial when we finish here. So you're saying I can get rid of Spybot, or just Teatimer?

MillieNeon · « **Reply #13 on:** August 26, 2010, 11:39:54 AM »

Here the new hijackthis log, even tho I'm unsure the AVG file was removed.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:42 PM, on 8/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dantian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.pogo.com/game/deluxe/zuma/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrivePlugin - Pro-Softnet - C:\Program Files\IDrive\IDriveWebM.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14123 bytes

1972vet · « **Reply #14 on:** August 26, 2010, 05:07:21 PM »

Quote

I ran the avgremover for 32 bit, tho I'm not sure if I have 32 bit or 64 bit...
You have a 32 bit version of Microsoft Windows XP Home Edition.

...I got a flash of a dos screen that ran and disappeared, but there was no restart of the computer or request to restart, which the instructions said would happen. So I tried the remover for 64 bit, and nothing happened.
This is due to the Spybot Search and Destroy's TeaTimer registry protection feature. It will prevent ANYTHING from making any registry changes while it is active. There is very little interactive options with this feature which is why I always recommend removing it.

WinPatrol offers much better control and will pop up a window to announce what is attempting to make changes to the system and will ask YOUR permission to allow or deny them.

This type behavior is nearly identical to what Microsoft has now incorporated into both Windows Vista and Windows 7...that feature is named "User Account Control" and as I see it, is patterned closely to the same protection offered by WinPatrol.

So...as a Windows XP user, just having WinPatrol installed, you are getting nearly the same protective feature(s) available to a Windows Vista or Windows 7 customer having the user account control feature available by default. Just thought you might like to know.

I'm also not adept at setting up WinPatrol. Does it scan for malware? I will look for a tutorial when we finish here. So you're saying I can get rid of Spybot, or just Teatimer?
You can just leave WinPatrol to it's default settings. If you have the free version, then the default settings should be fine.

There would be no tutorial as there's really no need. I will also provide a link or two about this program, it's forum(s) and faq's. By the way, WinPatrol can run at startup and provide continuous protection as it just runs in the background. You have no need to scan anything...it's purpose isn't so much to remove malware, but to prevent it from installing in the first place.

You should keep SpybotSearch and Destroy but should disable "TeaTimer". I will provide instructions below.

Sorry that I get so long winded at times but details are important. If at any time I get too involved and lose you in all the print, all you need to do is ask and I'll go back over something until you feel comfortable with it.

As for TeaTimer, please disable it by following these instructions:

Open Spybot-Search and Destroy
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts
Restart your computer so Windows will save these settings.

Now...on to business. You have some software that needs to be updated and some needs to go. These programs are all out of date:
Mozilla Firefox (3.0.15)
Mozilla Thunderbird (2.0.0.24)
OpenOffice.org 3.1
Adobe Acrobat 6.0<--You don't need both of these anyway. I'd uninstall version 6.0 and use Adobe's update feature to install the latest version.
Adobe Acrobat 7.0
To update them, open the program(s) and navigate the user interface to find the update feature. This is usually found in the program's menu items across the top. Look in "tools" or "preferences" for an update option.

Java(TM) 6 Update 13 <--These next three entries are not only out dated, but unnecessary. You only need one Java version. Uninstall these three, keep the "Java(TM) 6 Update 14", and you can use that one to update. I'll tell you how below.
Java(TM) 6 Update 6
Java(TM) 6 Update 7

CleanCenter v1.35.02 <--This one just needs to be uninstalled.

Finally, the program GoToMeeting 4.0.0.320 is fine to use but if you DON'T use it, please uninstall it. Many folks I find, have this installed and have no real idea what it's for. Seems at some point, it was installed by some "fixit" shop to gain access remotely in order to fix the computer. If you DO use this program, just be absolutely certain that you have created Strong Passwords to use with it otherwise, kids with nothing else to do might hack into your system and take control of it.

Now, to update Java, open the control panel and double click on the Java icon (looks like a coffee cup). When the Java Control Panel opens, click on the Update tab then click the "Update Now" button at the bottom. Your update should start. When it completes, please reboot the computer.

Next, please run HijackThis again and check the box next to the following entries:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.pogo.com/game/deluxe/zuma/popcaploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - Invalid registry found

Now, close all open windows including this browser window, then click the Fix Checked button. Reboot the computer and post back a fresh HijackThis log. Advise now if you have any other concerns/questions or issues and tell us how the system is behaving for you. Thanks!

News:

Author Topic: [Resolved] Fraud.Sysguard and WinSpywareProtect (Read 2602 times)

MillieNeon

[Resolved] Fraud.Sysguard and WinSpywareProtect

PCBruiser

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

MillieNeon

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

1972vet

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

MillieNeon

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

1972vet

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

1972vet

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

MillieNeon

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

1972vet

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

MillieNeon

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

MillieNeon

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

1972vet

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

MillieNeon

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

MillieNeon

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect

1972vet

Re: [Resolved] Fraud.Sysguard and WinSpywareProtect