Hello.

My computer has been having problems for several weeks. I keep getting these messages constantly;

"GoogleUpdate.exe - Application Error
The exception breakpoint
A breakpoint has been reached"


"Google Installer has encountered a problem and needs to close. We are sorry for this inconvenience.
Please tell Microsoft about this problem."


"Error Report"


When I click on links from searches, I am always taken to unknown sites and never the site I clicked on. Sometimes, my browsers (both IE and Firefox will not open at all). When I click on different software programs or files, they will not open at all. Yesterday, I had no windows open , and suddenly, strange music started blasting out........it played the same song over and over until I shut down my computer. I have had multiple crashes or times with my computer just freezing up on me. My virus and spyware protection do not seem to be detecting any of this. I use AVG anti-virus and Stopzilla Spyware. I think this "bug" might be in my hidden files....but I don't know for sure. The Google Installer warnings come up every 20 minutes or so.

Any help would be appreciated.

THanks, K. Bragg

This post has been edited by jpshortstuff: Jun 23 2009, 01:01 PM

Hi and

NOTE:

• Malware removal is NOT instantaneous.
• Most infections require more than one round to properly eradicate.
• Absence of symptoms does not always mean the job is complete.
• You can be certain that I will advise you when the computer is clean.
• Kindly follow my instructions in the order posted.
• Please do not run further scans or fix items on your own without my direction.

NEXT

Please download DDS from one of the following links and save it to your desktop.

• DDS.scr
• DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

NEXT

Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Hello.

The DDS.txt report is attached. As per your instructions, I disabled my Firewall, AVG and Stopzilla before I downloaded and ran GMER Rootkit Scanner. Nothing else on my computer was running. I unzipped GMER to my desktop. I double-clicked gmer.exe and nothing happened. (the hourglass would appear for a couple of seconds and then disappear) I would wait 5 or 10 minutes before trying it again. I did this a dozen times or so with no response. (This is a problem I have been having with many of my software programs and files. They do not run or respond when I click on them or run them. It seems to be rather arbitrary. Some do and some don't. In trying to get on the internet, my Firefox would not open at all, and it took me a long time before IE finally opened.

After trying to run the gmer.exe with no success, a notice started popping up that said; "gmer.exe has encountered a problem and needs to close. We are sorry for the inconvenience."


Thanks for your kind help,
I await further instructions.

K. Bragg


That DDS.txt attachment is sloppy and difficult to read. I copied and pasted it below;


DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 16:58:47.60 on Tue 06/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.467 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ScanSoft\PaperPort\Pplinks.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ps2.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\elnIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink totalaccess\toolbar\Toolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [DISCover] "c:\program files\disc\DISCover.exe"
mRun: [DiscUpdateManager] "c:\program files\disc\DiscUpdateMgr.exe"
mRun: [DMAScheduler] "c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [regcmdcons] "c:\hp\bin\cloaker.exe" c:\hp\bin\cmdcons.cmd
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\brothe~1.lnk - c:\program files\scansoft\paperport\popup\SmartUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink totalaccess\toolbar\SearchUI.dll/search.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
LSP: c:\program files\earthlink totalaccess\accelerator\prplsf.dll
Trusted Zone: bankofamerica.com\www
Trusted Zone: trymedia.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {395E58B9-090C-461A-8F27-087D1C727945} - hxxp://prowebinars.epopcentral.com/joinie.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160590898250
DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\wvkuxnyw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\NPAbacheck.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInstall.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-4 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-11 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-4 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-22 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-22 298776]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-12 1119888]
R2 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate1c9d4066c214302;Google Update Service (gupdate1c9d4066c214302);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]
S2 SDService;SDService;c:\program files\spywaredetector\sdservice.exe --> c:\program files\spywaredetector\SDService.exe [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-9-27 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-9-27 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2000-2-24 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2000-2-24 10368]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]

=============== Created Last 30 ================

2009-06-23 11:39 <DIR> --dsh--- c:\documents and settings\hp_administrator\IECompatCache
2009-06-23 11:33 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 11:33 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-23 11:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 11:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-22 23:00 1,753,088 a------- c:\windows\system32\ExGrid.dll
2009-06-22 23:00 614,400 a------- c:\windows\system32\ExButton.dll
2009-06-22 23:00 602,112 a------- c:\windows\system32\ExMenu.dll
2009-06-22 23:00 307,200 a------- c:\windows\system32\ExPMenu.dll
2009-06-22 23:00 516,096 a------- c:\windows\system32\ExTab.dll
2009-06-22 23:00 356,352 a------- c:\windows\system32\eSellerateEngine.dll
2009-06-22 23:00 118,784 a------- c:\windows\system32\eWebControl.dll
2009-06-22 23:00 <DIR> --d----- c:\program files\AnswersThatWork
2009-06-22 09:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-20 20:36 1,056 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-06-20 06:02 22,096 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-06-10 22:11 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 22:11 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 06:00 <DIR> --dsh--- c:\documents and settings\hp_administrator\PrivacIE
2009-06-06 09:07 <DIR> --dsh--- c:\documents and settings\hp_administrator\IETldCache
2009-06-06 07:16 <DIR> --d----- c:\windows\ie8updates
2009-06-06 07:15 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-06 07:12 <DIR> -cd-h--- c:\windows\ie8
2009-05-29 06:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-05-29 06:40 <DIR> --d----- c:\program files\PCPitstop
2009-05-28 18:29 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-28 18:16 <DIR> --d----- c:\program files\PCenter
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll

==================== Find3M ====================

2009-06-22 09:19 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-22 09:19 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 22:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 14:13 61,328 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-05-09 08:12 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 08:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 14:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 14:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 04:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-16 06:11 60,744 a------- c:\documents and settings\hp_administrator\g2mdlhlpx.exe
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-27 10:56 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-03-27 10:55 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-03-27 10:55 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-03-27 10:55 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-03-27 10:54 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-03-27 10:54 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-03-27 10:54 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-03-27 10:53 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-03-27 10:50 716,800 a----r-- c:\windows\system32\IS3Base5.dll
2008-04-11 06:27 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-05-14 11:57 652 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-09-02 09:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 17:03:22.34 ===============

That attachment is rather sloppy looking. Here is the file from just copy and pasting it;



DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 16:58:47.60 on Tue 06/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.467 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ScanSoft\PaperPort\Pplinks.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ps2.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\elnIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink totalaccess\toolbar\Toolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [DISCover] "c:\program files\disc\DISCover.exe"
mRun: [DiscUpdateManager] "c:\program files\disc\DiscUpdateMgr.exe"
mRun: [DMAScheduler] "c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [regcmdcons] "c:\hp\bin\cloaker.exe" c:\hp\bin\cmdcons.cmd
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\brothe~1.lnk - c:\program files\scansoft\paperport\popup\SmartUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink totalaccess\toolbar\SearchUI.dll/search.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
LSP: c:\program files\earthlink totalaccess\accelerator\prplsf.dll
Trusted Zone: bankofamerica.com\www
Trusted Zone: trymedia.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {395E58B9-090C-461A-8F27-087D1C727945} - hxxp://prowebinars.epopcentral.com/joinie.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160590898250
DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\wvkuxnyw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\NPAbacheck.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInstall.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-4 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-11 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-4 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-22 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-22 298776]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-12 1119888]
R2 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate1c9d4066c214302;Google Update Service (gupdate1c9d4066c214302);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]
S2 SDService;SDService;c:\program files\spywaredetector\sdservice.exe --> c:\program files\spywaredetector\SDService.exe [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-9-27 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-9-27 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2000-2-24 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2000-2-24 10368]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536]

=============== Created Last 30 ================

2009-06-23 11:39 <DIR> --dsh--- c:\documents and settings\hp_administrator\IECompatCache
2009-06-23 11:33 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 11:33 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-23 11:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 11:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-22 23:00 1,753,088 a------- c:\windows\system32\ExGrid.dll
2009-06-22 23:00 614,400 a------- c:\windows\system32\ExButton.dll
2009-06-22 23:00 602,112 a------- c:\windows\system32\ExMenu.dll
2009-06-22 23:00 307,200 a------- c:\windows\system32\ExPMenu.dll
2009-06-22 23:00 516,096 a------- c:\windows\system32\ExTab.dll
2009-06-22 23:00 356,352 a------- c:\windows\system32\eSellerateEngine.dll
2009-06-22 23:00 118,784 a------- c:\windows\system32\eWebControl.dll
2009-06-22 23:00 <DIR> --d----- c:\program files\AnswersThatWork
2009-06-22 09:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-20 20:36 1,056 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-06-20 06:02 22,096 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-06-10 22:11 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 22:11 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 06:00 <DIR> --dsh--- c:\documents and settings\hp_administrator\PrivacIE
2009-06-06 09:07 <DIR> --dsh--- c:\documents and settings\hp_administrator\IETldCache
2009-06-06 07:16 <DIR> --d----- c:\windows\ie8updates
2009-06-06 07:15 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-06 07:12 <DIR> -cd-h--- c:\windows\ie8
2009-05-29 06:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-05-29 06:40 <DIR> --d----- c:\program files\PCPitstop
2009-05-28 18:29 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-28 18:16 <DIR> --d----- c:\program files\PCenter
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll

==================== Find3M ====================

2009-06-22 09:19 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-22 09:19 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 22:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 14:13 61,328 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-05-09 08:12 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 08:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 14:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 14:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 04:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-16 06:11 60,744 a------- c:\documents and settings\hp_administrator\g2mdlhlpx.exe
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-27 10:56 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-03-27 10:55 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-03-27 10:55 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-03-27 10:55 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-03-27 10:54 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-03-27 10:54 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-03-27 10:54 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-03-27 10:53 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-03-27 10:50 716,800 a----r-- c:\windows\system32\IS3Base5.dll
2008-04-11 06:27 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-05-14 11:57 652 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-09-02 09:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 17:03:22.34 ===============

This post has been edited by baldingeagle: Jun 23 2009, 07:13 PM

Hi,

I suspect a rootkit is preventing GMER from running:

Please do the following:

Please make sure your AntiVirus and teatimer is disabled before running ComboFix.


Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking

• Run Spybot-S&D in Advanced Mode.
• If it is not already set to do this Go to the Mode menu select "Advanced Mode"
• On the left hand side, Click on Tools
• Then click on the Resident Icon in the List
• Uncheck "Resident TeaTimer" and OK any prompts.
• Restart your computer.<--You need to do this for it to take effect

Please do not proceed until the TeaTimer is disabled


NEXT

Please download ComboFix from Here or Here to your Desktop.
**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
   
   
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.  
9. Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**



If Combo-Fix will not run in normal mode - please try it in safe mode.

Hello.

Spybot S&D will not open at all. I've tried and tried.....no luck. Should I skip that and go on to ComboFix? Should I just delete Spybot S&D completely?

Thanks,

K. Bragg

Best if you can uninstall Spybot completely...if not try and disable through task manager > end process - if not just move on to Combo-fix - allowing any changes in teatimer

Hello.

I completely deleted the Spybot S&D.

The Combo-Fix report is below. After it started running, I got this message; "Combofix has detected the presence of rootkit activity and needs to reboot". There were 13 files that it showed. It then rebooted and finished scanning. The report below then followed. I am sending this message to you immediately after the report was given so I have not had a chance to see how the computer is working, but a couple of things are obvious. So far, I have not gotten those messages that kept popping up all of the time. Also, I was able to open Firefox. The background on my desktop changes, but I don't care about that.

Thanks......so far, so good.

K. Bragg


ComboFix 09-06-22.0E - HP_Administrator 06/23/2009 19:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1501 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\PCenter
c:\documents and settings\hp_administrator\favorites\translator.url
C:\install.exe
c:\program files\PCenter\faq\guide.html
c:\program files\PCenter\faq\images\gimg1.jpg
c:\program files\PCenter\faq\images\gimg10.jpg
c:\program files\PCenter\faq\images\gimg2.jpg
c:\program files\PCenter\faq\images\gimg3.jpg
c:\program files\PCenter\faq\images\gimg4.jpg
c:\program files\PCenter\faq\images\gimg5.jpg
c:\program files\PCenter\faq\images\gimg6.jpg
c:\program files\PCenter\faq\images\gimg7.jpg
c:\program files\PCenter\faq\images\gimg8.jpg
c:\program files\PCenter\faq\images\gimg9.jpg
c:\program files\PCenter\sounds\1.mp3
c:\program files\PCenter\sounds\3.mp3
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\hosts
c:\windows\kb913800.exe
c:\windows\system32\drivers\UACakawynkxecuwseein.sys
c:\windows\system32\drivers\UACpwppkjkltumcaxxfk.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\UACenacfmjlvnsepspxq.log
c:\windows\system32\UACidwbodvafwulaunjt.dll
c:\windows\system32\UACinckjvkrewqjtddgg.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkfiuwrmmxmnsexxrs.dll
c:\windows\system32\UAClqbmaqwxyuurnsfeu.db
c:\windows\system32\UACmepicmtfbhulowpno.dll
c:\windows\system32\UACoinrnocnwasdsveoa.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACuamjiilxgoqjbetmt.dll
c:\windows\system32\UACupujoxghoimysjysw.log
c:\windows\system32\UACvyemyedvjwpqpdkhr.dat
c:\windows\system32\UACyikkhoqonblosghtj.dll
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-23 18:18 . 2009-06-23 18:19 -------- d-----w- c:\program files\ERUNT
2009-06-23 06:00 . 2007-06-08 20:53 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2009-06-23 06:00 . 2007-06-05 17:20 602112 ----a-w- c:\windows\system32\ExMenu.dll
2009-06-23 06:00 . 2007-04-03 23:51 614400 ----a-w- c:\windows\system32\ExButton.dll
2009-06-23 06:00 . 2007-04-03 23:51 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2009-06-23 06:00 . 2007-06-05 17:19 516096 ----a-w- c:\windows\system32\ExTab.dll
2009-06-23 06:00 . 2005-10-11 21:40 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2009-06-23 06:00 . 2005-10-04 15:11 118784 ----a-w- c:\windows\system32\eWebControl.dll
2009-06-23 06:00 . 2009-06-23 06:00 -------- d-----w- c:\program files\AnswersThatWork
2009-06-23 02:54 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-23 02:51 . 2009-06-23 13:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-22 20:00 . 2009-06-22 20:00 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-06-22 16:19 . 2009-06-23 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-22 16:19 . 2009-06-22 16:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-21 03:36 . 2009-06-21 03:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-13 13:23 . 2008-12-04 08:25 120832 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\wvkuxnyw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-11 20:21 . 2009-06-11 20:46 81920 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connecthook.dll
2009-06-11 20:21 . 2009-06-11 20:46 190976 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectsprd.dll
2009-06-11 18:05 . 2009-06-11 18:05 3672032 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
2009-06-11 05:11 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 05:11 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 12:56 . 2009-06-10 12:56 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 13:00 . 2009-06-09 13:00 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
2009-06-08 18:36 . 2009-06-08 18:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-08 13:13 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-08 13:13 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-07 19:08 . 2009-06-07 19:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-06 16:07 . 2009-06-06 16:07 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache
2009-06-06 14:16 . 2009-06-06 14:16 -------- d-----w- c:\windows\ie8updates
2009-06-06 14:15 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-06 14:12 . 2009-06-06 14:14 -------- dc-h--w- c:\windows\ie8
2009-05-29 13:40 . 2009-06-23 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-05-29 13:40 . 2009-06-23 13:48 -------- d-----w- c:\program files\PCPitstop
2009-05-29 01:29 . 2009-05-29 01:29 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-28 21:16 . 2009-05-28 21:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 21:15 . 2009-05-28 21:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 21:14 . 2009-05-28 21:14 540672 ----a-r- c:\windows\system32\SZComp5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 02:26 . 2006-10-06 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-24 02:05 . 2008-05-13 04:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-06-24 02:04 . 2008-01-31 02:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2009-06-24 02:03 . 2006-11-19 15:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-24 02:01 . 2008-08-15 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-23 21:28 . 2008-01-31 03:07 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-23 18:33 . 2009-06-23 18:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 18:33 . 2009-06-23 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 13:50 . 2006-11-22 04:11 -------- d-----w- c:\program files\FileZilla
2009-06-23 13:49 . 2008-12-23 15:17 -------- d-----w- c:\program files\MAXpc
2009-06-22 16:19 . 2008-07-04 19:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-22 16:19 . 2008-07-04 19:14 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-22 16:19 . 2006-11-11 18:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 03:14 . 2006-03-12 14:15 -------- d-----w- c:\program files\Google
2009-06-20 06:24 . 2007-10-22 19:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-06-19 23:04 . 2008-04-11 13:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-06-17 18:27 . 2009-06-23 18:33 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 18:27 . 2009-06-23 18:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 23:18 . 2008-11-06 14:28 -------- d-----w- c:\program files\iLinc
2009-06-10 13:01 . 2006-03-12 13:23 -------- d-----w- c:\program files\Java
2009-06-09 21:55 . 2007-09-21 18:18 -------- d-----w- c:\program files\QuickTime
2009-06-09 19:50 . 2006-10-04 00:22 -------- d-----w- c:\program files\1stWORKS
2009-06-09 12:57 . 2006-10-06 23:19 -------- d-----w- c:\program files\STOPzilla!
2009-05-29 19:59 . 2009-04-10 18:39 -------- d-----w- c:\program files\FxPro MetaTrader
2009-05-29 19:54 . 2008-05-30 14:38 -------- d-----w- c:\program files\ATC FX Pro
2009-05-29 19:52 . 2009-05-08 19:43 -------- d-----w- c:\program files\FXCM MT4 powered by BT
2009-05-29 19:52 . 2008-05-31 13:42 -------- d-----w- c:\program files\MetaTrader - Alpari UK
2009-05-29 19:51 . 2009-04-06 18:53 -------- d-----w- c:\program files\MetaTrader 4 Fx-Pro
2009-05-22 13:58 . 2009-05-22 13:57 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{90139095-B344-4E89-B186-B1E7F126107C}\_E45CA691B8C6DA2D8732EE.exe
2009-05-22 13:58 . 2009-05-22 13:57 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{90139095-B344-4E89-B186-B1E7F126107C}\_96C2803667788D989258A6.exe
2009-05-22 13:57 . 2009-05-22 13:57 -------- d-----w- c:\program files\Mark_Deaton
2009-05-21 18:33 . 2008-11-24 20:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 15:09 . 2009-02-11 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\1stWorks
2009-05-19 00:43 . 2008-02-24 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-05-13 20:06 . 2007-10-22 19:10 -------- d-----r- c:\program files\Skype
2009-05-13 20:06 . 2009-05-13 20:06 -------- d-----w- c:\program files\Common Files\Skype
2009-05-13 20:06 . 2007-10-22 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-13 05:15 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:13 . 2009-05-12 21:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-12 18:21 . 2008-07-04 19:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2009-05-09 15:12 . 2008-07-04 19:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-09 01:48 . 2009-04-13 01:06 135456 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-08 19:39 . 2009-05-08 19:39 -------- d-----w- c:\program files\Candleworks
2009-05-07 15:32 . 2004-08-10 04:00 345600 ------w- c:\windows\system32\localspl.dll
2009-05-02 14:21 . 2006-09-20 00:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-04-28 18:49 . 2009-04-28 18:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Micro-Sys
2009-04-28 18:49 . 2009-04-28 18:49 -------- d-----w- c:\program files\Micro-Sys Software
2009-04-17 12:26 . 2004-08-10 04:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 13:11 . 2009-04-16 13:11 60744 ----a-w- c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
2009-04-15 14:51 . 2004-08-10 04:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 14:41 . 2009-04-13 14:41 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-13 01:17 . 2006-07-14 23:34 61944 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-06-24 02:04 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-06-24 02:04 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe
2009-03-27 17:56 . 2009-03-27 17:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-03-27 17:55 . 2009-03-27 17:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-03-27 17:55 . 2009-03-27 17:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll
2009-03-27 17:55 . 2009-03-27 17:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-03-27 17:54 . 2009-03-27 17:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-03-27 17:54 . 2009-03-27 17:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll
2009-03-27 17:54 . 2009-03-27 17:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-03-27 17:53 . 2009-03-27 17:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-03-27 17:50 . 2009-03-27 17:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll
2007-10-19 20:12 . 2007-10-19 20:12 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-10-19 20:12 . 2007-10-19 20:12 125840 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-10-19 20:12 . 2007-10-19 20:12 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2007-10-19 20:12 . 2007-10-19 20:12 98704 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-05-08 160592]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PaperPort PTD"="c:\progra~1\scansoft\paperp~1\pptd40nt.exe" [2001-04-02 26624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-13 185784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-22 1948440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-10-25 16855552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Brother SmartUI PopUp.lnk - c:\program files\ScanSoft\PaperPort\PopUp\SmartUI.exe [2006-9-27 360448]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-22 16:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete \??\c:\program files\SpywareDetector\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\hotComm.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Abacast\\Abaclient2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/4/2008 12:14 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/4/2008 12:14 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/22/2009 9:19 AM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/22/2009 9:19 AM 298776]
R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 11:47 AM 65604]
R2 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [9/27/2006 8:05 AM 2944]
R3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [9/27/2006 8:05 AM 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/24/2000 7:33 AM 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/24/2000 7:18 AM 10368]
S2 gupdate1c9d4066c214302;Google Update Service (gupdate1c9d4066c214302);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2009 1:07 PM 133104]
S2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe --> c:\program files\SpywareDetector\SDService.exe [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-06-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 20:07]

2009-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
LSP: c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
Trusted Zone: bankofamerica.com\www
Trusted Zone: trymedia.com
DPF: {395E58B9-090C-461A-8F27-087D1C727945} - hxxp://prowebinars.epopcentral.com/joinie.cab
DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 19:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1700741048-3226561873-2115950210-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(868)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll
.
Completion time: 2009-06-24 19:37
ComboFix-quarantined-files.txt 2009-06-24 02:37

Pre-Run: 254,845,673,472 bytes free
Post-Run: 255,111,159,808 bytes free

339 --- E O F --- 2009-06-23 06:47

Hi,

Please do the following:


Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

NEXT

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

In your next reply please include

• MBAM Log
• Kaspersky report

Hello.

Sorry to take so long to respond. The Kaspersky update and scan took a very long time. So far, the computer really is operating well.......no more problems that I can detect. Below are the reports you requested.


Malwarebytes' Anti-Malware 1.38
Database version: 2330
Windows 5.1.2600 Service Pack 3

6/24/2009 12:43:26 PM
mbam-log-2009-06-24 (12-43-26).txt

Scan type: Quick Scan
Objects scanned: 101954
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{abcdecef-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{abcdece2-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PC Health Plan (Rogue.PCHealthPlan) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 24, 2009 23:08:15
Records in database: 2387606
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 127534
Threat name: 6
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 03:02:12


File name / Threat name / Threats count
C:\Program Files\Mozilla Firefox\chartviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACidwbodvafwulaunjt.dll.vir Infected: Packed.Win32.Tdss.m 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkfiuwrmmxmnsexxrs.dll.vir Infected: Packed.Win32.Tdss.m 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmepicmtfbhulowpno.dll.vir Infected: Trojan.Win32.TDSS.aekg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACoinrnocnwasdsveoa.dll.vir Infected: Trojan.Win32.TDSS.adzx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACuamjiilxgoqjbetmt.dll.vir Infected: Trojan.Win32.TDSS.adzz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACyikkhoqonblosghtj.dll.vir Infected: Trojan.Win32.TDSS.aegg 1

The selected area was scanned.

Hi,

You're clean, the items found by Kaspersky are in quarantine.

time to do some housekeeping now:

Please do the following:

Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

NEXT

Now to remove the rest of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
• For Firefox, I highly recommend this add-on to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Thank you so much for your excellent help and knowledge. You people are the best.
K. Bragg

you are more than welcome

stay safe

CB

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.