Please help. I have tried Bullguard but am getting nowhere fast. My computer either does not boot up correctly (i.e. gets to the desktop and does not allow you to click on anything) or it does load but then freezes after about 5 minutes. I did a hijackthis log for bullguard which was acted on. Since then I have downloaded ComboFix, MalwareBytes and SuperAntispyware as per Bullguard's instructions but none of these programs are able to run even in safe mode. I have also deleted all temp files and cookies. Bullguard do not seem to know what else to do as they are not answering me anymore. I am hoping someone here can help.

Hi, welcome to the WTT Forums. My username is Raktor, and I would be glad to take a look at your log.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

I will be back to you shortly with instructions.

In the meantime, please post a new HijackThis log (or your most recent log from HJT), and also a link to see what Bullguard asked you to do (if it was forum based).

Delete your current version of ComboFix, then...

Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3





IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Go to Start, then Run
• Copy and paste the command (with quotation marks) "%userprofile%/Desktop/Combo-Fix.exe" /killall
• Press OK to start ComboFix

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

=======================================

If ComboFix still fails to run, please carry out these additional instructions. If ComboFix does run, then there's no need to keep following on, just post the ComboFix log.

=======================================

1) DDS

Please download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  
  • DDS.txt
  • Attach.txt
• Save both reports to your desktop.

2) GMER
Please download gmer.zip from Gmer and save it to your desktop.

• Right click on gmer.zip and select Extract All....
• Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
• Click on the Browse button. Click on Desktop. Then click OK.
• Click Next. It will start extracting.
• Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

• When done, you may receive another notice. Click OK.
• Click on Save ... to save a log.
• Copy and paste in Gmer.txt and click Save.
• Close Gmer.

If you receive no notice, click on the Scan button.

• It will start scanning again.
• When done, click on Save ... to save a log.
• Copy and paste in Gmer.txt and click Save.
• Close Gmer.

3) What You Will Need To Post:

• DDS logs
• GMER log

Thank you for your help. Below is the ComboFix log you requested. It looks like the machine is now ok. Please confirm and THANK YOU again.

ComboFix 09-06-24.04 - Louise Helferty 25/06/2009 10:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.958.680 [GMT 1:00]
Running from: c:\documents and settings\Louise Helferty\Desktop\Combo-Fix.exe
Command switches used :: /killall
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\PAV
c:\documents and settings\All Users\Start Menu\PAV\Personal Antivirus.lnk
c:\documents and settings\All Users\Start Menu\PAV\Uninstall.lnk
c:\recycler\S-1-5-21-2571835414-1327643957-2888783496-1006
c:\recycler\S-1-5-21-328338777-1020440993-2536509200-500
c:\recycler\S-1-5-21-3494950131-3248383849-235593345-500
c:\windows\system32\drivers\UACswwqgvpyrobgdru.sys
c:\windows\system32\UACakdorroakfabiqr.dll
c:\windows\system32\UACdqdafjjypyeoglm.log
c:\windows\system32\UACgsipjogdoknftjw.dll
c:\windows\system32\UACnkcijxvkbmoltle.dll
c:\windows\system32\UACoryhpnfjsqurrxl.log
c:\windows\system32\UACovcktqfwbwulvbr.dat
c:\windows\system32\UACvevxilrimupqfwv.log
c:\windows\system32\UACwxlwbgsbxyqliqq.dll
c:\windows\system32\UACypftehymiexexwb.dll
c:\program files\Internet Explorer\msimg32.dll
c:\recycler\S-1-5-21-2571835414-1327643957-2888783496-1006\desktop.ini
c:\recycler\S-1-5-21-2571835414-1327643957-2888783496-1006\INFO2
c:\recycler\S-1-5-21-328338777-1020440993-2536509200-500\desktop.ini
c:\recycler\S-1-5-21-328338777-1020440993-2536509200-500\INFO2
c:\recycler\S-1-5-21-3494950131-3248383849-235593345-500\desktop.ini
c:\recycler\S-1-5-21-3494950131-3248383849-235593345-500\INFO2
c:\windows\kb913800.exe
c:\windows\system32\drivers\UACswwqgvpyrobgdru.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\UACakdorroakfabiqr.dll
c:\windows\system32\UACdqdafjjypyeoglm.log
c:\windows\system32\UACgsipjogdoknftjw.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnkcijxvkbmoltle.dll
c:\windows\system32\UACoryhpnfjsqurrxl.log
c:\windows\system32\UACovcktqfwbwulvbr.dat
c:\windows\system32\UACvevxilrimupqfwv.log
c:\windows\system32\UACwxlwbgsbxyqliqq.dll
c:\windows\system32\UACypftehymiexexwb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-24 11:05 . 2009-06-24 11:05 -------- d-----w- c:\documents and settings\Louise Helferty\Application Data\BullGuard
2009-06-24 11:02 . 2009-06-24 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-06-24 11:00 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-06-24 11:00 . 2009-06-24 11:00 -------- d-----w- c:\program files\BullGuard Ltd
2009-06-18 13:30 . 2009-06-18 13:30 -------- d-----w- c:\documents and settings\Louise Helferty\Application Data\MalwareRemovalBot
2009-06-11 10:11 . 2009-06-11 10:11 -------- d-----w- c:\program files\Common Files\Uninstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 09:43 . 2007-12-03 18:13 256 ----a-w- c:\windows\system32\pool.bin
2009-06-10 23:22 . 2006-08-23 11:45 -------- d-----w- c:\program files\Microsoft Works
2009-05-07 15:44 . 2005-01-02 05:15 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2005-01-02 05:21 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2005-01-02 05:13 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 10:51 . 2009-04-28 10:51 87376 ----a-w- c:\windows\system32\BGLsp.dll
2009-04-17 09:58 . 2005-01-02 05:21 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-01-02 05:18 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 10:32 . 2009-04-06 10:32 19784 ----a-w- c:\windows\system32\BgOutlookHook.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-15 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-05-12 304464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-04-08 26112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-27 169984]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-05-12 304464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-15 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-03-15 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-3-28 1283608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [24/06/2009 12:00 55504]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [23/03/2009 13:07 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [23/03/2009 13:07 257304]
S2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [02/01/2005 06:19 14336]
S2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [02/01/2005 06:19 14336]
S2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [02/01/2005 06:19 14336]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [16/04/2009 13:24 73728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\BGLsp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 10:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\BGLsp.dll

- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
c:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-25 10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 09:49

Pre-Run: 53,718,138,880 bytes free
Post-Run: 53,815,803,904 bytes free

213 --- E O F --- 2009-06-19 12:01

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  CODE
  Folder::
  c:\documents and settings\Louise Helferty\Application Data\MalwareRemovalBot
  
  Driver::
  FXDRV
  
  
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• If you need help to disable your protection programs see here.
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please also post the contents of C:\QooBox\Add-Remove Programs.txt

Hello again

I had already ran a scan via bullguard and fixed the reported issues before getting your reply. I hope this was okay. Bullguard's log is shown below as is ComboFix and lastly the contents of QooBox\add-remove programs.txt as requested. Let me know please if I need to do anything else. I will not run any other programs until I get the go ahead from yourself. THANK YOU.

BULLGUARD LOG
___________________________________________________________

BullGuard Scan Report
Scan Profile: "My Computer"
___________________________________________________________


----[ System Info ]------------

OS Version: Windows XP Media Center Edition - Service Pack 2 (Build 2600) [2 * x86 CPUs]
Physical memory: 960 MB
System up-time: 0 days, 01 hours, 01 minutes, 48 seconds
BullGuard up-time: 0 days, 01 hours, 00 minutes, 33 seconds
TopLayer Version: 8, 7, 1, 17
FileSpy5 Version: N/A
BdFileSpy Version: 3.14.0.64 built by: WinDDK
BsFileScan Version: 8, 5, 0, 71
Reconn Version: N/A
MailProxy Version: 8, 5, 0, 21
AntiVirus Version: 8, 7, 0, 50

----[ Scan Parameters ]------------

Folders to scan:
C:\
F:\
G:\
H:\
I:\

Excluded folders:
None

Files to scan:
None

Scan type:
[o] Scan all files
[ ] Scan program files only
[ ] Scan custom extensions:

[X] Exclude user extensions: lnk

[X] Scan boot sectors
[X] Scan packed files
[X] Scan archives
[X] Scan emails
[X] Scan running processes
[X] Scan registry
[X] Scan IE cookies
[X] Enable heuristic detection

[ ] Scan default action
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started: Thursday, June 25, 2009 12:38:36
Scan duration: 0 days, 00 hours, 53 minutes, 14 seconds
Completion status: Successful

Total files scanned: 406080
Total files skipped: 33
Identified viruses: 5
Scan speed: 127.14 files/sec

Files skipped:
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\LocalService\NTUSER.DAT [Open Failed]
C:\Documents and Settings\LocalService\ntuser.dat.LOG [Open Failed]
C:\Documents and Settings\Louise Helferty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\Louise Helferty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>06 -Taylor Swift- White Horse.mp3.mp3 [Could not unpack]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>untitled folder/Teen_Amateur_Pics_3485.jpg [Could not unpack]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>untitled folder/Teen_Amateur_Pics_3489.jpg [Could not unpack]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>untitled folder/Teen_Amateur_Pics_3493.jpg [Could not unpack]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>untitled folder/Teen_Amateur_Pics_3497.jpg [Could not unpack]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>untitled folder/Teen_Amateur_Pics_3505.jpg [Could not unpack]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>untitled folder/Teen_Amateur_Pics_3509.jpg [Could not unpack]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>untitled folder/Teen_Amateur_Pics_3521.jpg [Could not unpack]
C:\Documents and Settings\Louise Helferty\My Documents\My Music\LimeWire\New Folder\06 -Taylor Swift- White Horse.mp3=>untitled folder/Teen_Amateur_Pics_3525.jpg [Could not unpack]
C:\Documents and Settings\Louise Helferty\ntuser.dat [Open Failed]
C:\Documents and Settings\Louise Helferty\ntuser.dat.LOG [Open Failed]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
C:\Documents and Settings\NetworkService\NTUSER.DAT [Open Failed]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG [Open Failed]
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll [Open Failed]
C:\System Volume Information\MountPointManagerRemoteDatabase [Open Failed]
C:\WINDOWS\system32\config\default [Open Failed]
C:\WINDOWS\system32\config\default.LOG [Open Failed]
C:\WINDOWS\system32\config\SAM [Open Failed]
C:\WINDOWS\system32\config\SAM.LOG [Open Failed]
C:\WINDOWS\system32\config\SECURITY [Open Failed]
C:\WINDOWS\system32\config\SECURITY.LOG [Open Failed]
C:\WINDOWS\system32\config\software [Open Failed]
C:\WINDOWS\system32\config\software.LOG [Open Failed]
C:\WINDOWS\system32\config\system [Open Failed]
C:\WINDOWS\system32\config\system.LOG [Open Failed]
F:\ [Open Failed]
G:\ [Open Failed]
H:\ [Open Failed]
I:\ [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[ Infected Files ]------------

Malware: Gen:Trojan.Heur.TDSS.1048B7F7F7
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACakdorroakfabiqr.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwxlwbgsbxyqliqq.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291017.dll
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291018.dll

Malware: Rootkit.TDSs.W
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACswwqgvpyrobgdru.sys.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291014.sys

Malware: Trojan.Generic.1861750
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACgsipjogdoknftjw.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291019.dll

Malware: Trojan.Generic.1953403
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnkcijxvkbmoltle.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291016.dll

Malware: Trojan.TDss.VI
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACypftehymiexexwb.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291015.dll

___________________________________________________________

Results after ROUND 0
___________________________________________________________

Scan started: Thursday, June 25, 2009 11:45:22
Scan duration: 0 days, 00 hours, 53 minutes, 14 seconds
Infections solved: 0
Infections left: 12
Viruses left: 5

----[ Files Still Infected ]------------

Malware: Gen:Trojan.Heur.TDSS.1048B7F7F7
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACakdorroakfabiqr.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwxlwbgsbxyqliqq.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291017.dll
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291018.dll

Malware: Rootkit.TDSs.W
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACswwqgvpyrobgdru.sys.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291014.sys

Malware: Trojan.Generic.1861750
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACgsipjogdoknftjw.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291019.dll

Malware: Trojan.Generic.1953403
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnkcijxvkbmoltle.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291016.dll

Malware: Trojan.TDss.VI
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACypftehymiexexwb.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291015.dll

___________________________________________________________

Results after ROUND 1
___________________________________________________________

Scan started: Thursday, June 25, 2009 13:45:18
Scan duration: 0 days, 00 hours, 00 minutes, 07 seconds
Infections solved: 0
Infections left: 12
Viruses left: 5

----[ Files Still Infected ]------------

Malware: Gen:Trojan.Heur.TDSS.1048B7F7F7
Status: Disinfect Failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACakdorroakfabiqr.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwxlwbgsbxyqliqq.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291017.dll
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291018.dll

Malware: Rootkit.TDSs.W
Status: Disinfect Failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACswwqgvpyrobgdru.sys.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291014.sys

Malware: Trojan.Generic.1861750
Status: Disinfect Failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACgsipjogdoknftjw.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291019.dll

Malware: Trojan.Generic.1953403
Status: Disinfect Failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnkcijxvkbmoltle.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291016.dll

Malware: Trojan.TDss.VI
Status: Disinfect Failed
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACypftehymiexexwb.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291015.dll

___________________________________________________________

Results after ROUND 2
___________________________________________________________

Scan started: Thursday, June 25, 2009 13:45:38
Scan duration: 0 days, 00 hours, 00 minutes, 01 seconds
Infections solved: 12
Infections left: 0
Viruses left: 0

----[ Files Solved ]------------

Malware: Gen:Trojan.Heur.TDSS.1048B7F7F7
Status: Moved To Quarantine
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACakdorroakfabiqr.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwxlwbgsbxyqliqq.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291017.dll
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291018.dll

Malware: Rootkit.TDSs.W
Status: Moved To Quarantine
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACswwqgvpyrobgdru.sys.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291014.sys

Malware: Trojan.Generic.1861750
Status: Moved To Quarantine
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACgsipjogdoknftjw.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291019.dll

Malware: Trojan.Generic.1953403
Status: Moved To Quarantine
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnkcijxvkbmoltle.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291016.dll

Malware: Trojan.TDss.VI
Status: Moved To Quarantine
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACypftehymiexexwb.dll.vir
C:\System Volume Information\_restore{373EA6CA-4D44-4180-91C2-128535FE90E5}\RP668\A0291015.dll


COMBOFIX LOG

ComboFix 09-06-24.05 - Louise Helferty 25/06/2009 13:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.958.562 [GMT 1:00]
Running from: c:\documents and settings\Louise Helferty\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Louise Helferty\Desktop\CFScript.txt
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Louise Helferty\Application Data\MalwareRemovalBot
c:\documents and settings\Louise Helferty\Application Data\MalwareRemovalBot\Log\2009 Jun 18 - 02_30_52 PM_437.log
c:\documents and settings\Louise Helferty\Application Data\MalwareRemovalBot\Log\2009 Jun 18 - 02_35_53 PM_437.log
c:\documents and settings\Louise Helferty\Application Data\MalwareRemovalBot\Log\2009 Jun 18 - 02_37_49 PM_328.log
c:\documents and settings\Louise Helferty\Application Data\MalwareRemovalBot\rs.dat
c:\documents and settings\Louise Helferty\Application Data\MalwareRemovalBot\Settings\ScanResults.pie

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FXDRV
-------\Service_FXDRV


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 10:26 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-06-25 10:25 . 2009-06-25 10:25 -------- d-----w- c:\program files\BullGuard Ltd
2009-06-25 09:48 . 2009-06-25 09:48 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-24 11:05 . 2009-06-25 11:38 -------- d-----w- c:\documents and settings\Louise Helferty\Application Data\BullGuard
2009-06-24 11:02 . 2009-06-25 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2009-06-11 10:11 . 2009-06-11 10:11 -------- d-----w- c:\program files\Common Files\Uninstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 13:02 . 2007-12-03 18:13 256 ----a-w- c:\windows\system32\pool.bin
2009-06-10 23:22 . 2006-08-23 11:45 -------- d-----w- c:\program files\Microsoft Works
2009-05-07 15:44 . 2005-01-02 05:15 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2005-01-02 05:21 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2005-01-02 05:13 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 10:51 . 2009-04-28 10:51 87376 ----a-w- c:\windows\system32\BGLsp.dll
2009-04-17 09:58 . 2005-01-02 05:21 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-01-02 05:18 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 10:32 . 2009-04-06 10:32 19784 ----a-w- c:\windows\system32\BgOutlookHook.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_09.43.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 13:00 . 2009-06-25 13:00 16384 c:\windows\Temp\Perflib_Perfdata_d4.dat
+ 2009-06-25 09:48 . 2008-10-16 14:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 09:48 . 2006-03-15 12:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 09:48 . 2006-03-15 12:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 09:48 . 2006-03-15 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 09:48 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 09:48 . 2006-03-15 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 09:48 . 2006-03-15 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 09:48 . 2006-03-15 12:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 09:48 . 2006-03-15 12:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 09:48 . 2006-03-15 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-25 09:48 . 2006-03-15 12:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 09:48 . 2009-04-29 04:31 668160 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 09:48 . 2007-03-08 15:36 577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 09:48 . 2005-03-10 07:49 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 09:48 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 09:48 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 09:48 . 2006-03-15 12:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 09:48 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 09:48 . 2006-03-15 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 09:48 . 2006-03-15 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 09:48 . 2006-03-15 12:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 09:48 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 09:48 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 09:48 . 2007-06-13 10:23 1033216 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-15 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
"MalwareRemovalBot"="c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe" [N/A]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-06-25 304464]
"STManager"="C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe" - c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe [2003-10-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-04-08 26112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"AOL_Demo"="c:\applications\Tool\AOL Demo\DSGDemo.exe" [2006-03-01 177178]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-06-25 304464]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-10-24 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-15 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-03-15 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2007-4-8 156784]
Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-3-28 1283608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [25/06/2009 11:26 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [02/01/2005 06:19 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [02/01/2005 06:19 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [02/01/2005 06:19 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [23/03/2009 13:07 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [23/03/2009 13:07 257304]
S3 BGRaSvc;BGRaSvc;c:\program files\BullGuard Ltd\BullGuard\support\bgrasvc.exe [16/04/2009 13:24 79184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
.
Contents of the 'Scheduled Tasks' folder

2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\BGLsp.dll
TCP: {B1DB883D-5B4A-466F-9B6A-70964E97BE2D} = 195.26.36.3 195.26.37.3
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 14:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\BGLsp.dll

- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-25 14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 13:07
ComboFix2.txt 2009-06-25 09:49

Pre-Run: 53,627,691,008 bytes free
Post-Run: 53,533,978,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

219 --- E O F --- 2009-06-25 10:25

QooBox\Add-Remove Programs

ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 7.0
AOL UK (Choose which version to remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
BlackBerry Desktop Software 4.2.2
Bonjour
BullGuard 8.7
Critical Update for Windows Media Player 11 (KB959772)
DivX
DivX Converter
DivX Player
Dr SpeedTouch
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX4000_4050_CX3900
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.0
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
iTunes
Java™ 6 Update 11
Java™ SE Runtime Environment 6 Update 1
LimeWire 4.16.6
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.6)
MP3 music player
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Napster
Napster Burn Engine
OCA Client history tool install
PIF DESIGNER
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Media Manager
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Smart Menus (Windows Live Toolbar)
SpeedTouch USB Software
Symantec KB-DocID:2003093015493306
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB914548
Windows XP Media Center Edition 2005 KB919803
Windows XP SP2 LIP update

THANK YOU!!

Time for some housekeeping

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• 

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

---------------------------------

Download and save Norton Removal Tool to your desktop.

Run it to remove remnants of Norton. After this, please restart your computer.

---------------------------------

Your version of Java is outdated.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

---------------------------------

Here are some general tips to help keep you clean in the future.

1. Make your Internet Explorer More Secure

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab.
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
  
  
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
  
• Next press the Apply button and then the OK to exit the Internet Properties page.

2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website.

7. Finally, I strongly recommend that you read Miekiemoses' good advice - How to prevent Malware

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Thank you. All seems now well with my computer. Your help was brillant. THANK YOU again.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.