TechSpot

[A] AVG reporting Generic14.BZSZ and Crypt.AQLW on XP SP3

By Daeliph
Feb 23, 2012
  1. Greetings folks, I'm working on a friend's computer trying to remove what I've been able to deduce are two main viruses/trojans and some supplementary minor malware entries as a result of the backdoor trojans and the consequent redirection to malicious websites and browser hijacks.
    They are running XP Service pack 3 on a P4 3.0ghz (it's a dinosaur, I know) and I have run the AVG scanner in attempts to remove all traces but as soon as they were re-created after reboot I knew I had a rootkit --or something equally nasty--. I am in the process of running the MBAM/GMER/DDS tools to post the logfiles.

    One thing that really confused me was that in the virus faq it says to allow mbam to restart the system if it asks to. Usually with AdAware or Spybot, when it reboots the system the scanner will run first and launch its own app. MBAM didn't do this, I clicked yes to restart the computer and it loaded the desktop with MBAM open but on the default page and it gave me no further instructions, so I performed a quick scan to post the appropriate logfile (I originally ran as Full Scan, but saw the faq file)

    I will promptly post the logfiles as soon as the system is finished running diagnostics. I hope the people here can help me eradicate this quickly.

    Regards,
    -Zane
     
  2. Daeliph

    Daeliph TS Rookie Topic Starter

    mbam and gmer logfile

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.23.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Gary :: GARYPC [administrator]

    Protection: Enabled

    2/23/2012 12:19:07 PM
    mbam-log-2012-02-23 (12-19-07).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 309339
    Time elapsed: 1 hour(s), 7 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKLM\SYSTEM\CurrentControlSet\Services\AFD (Trojan.Agent) -> Quarantined and deleted successfully.
    HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:50370 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Program Files\AV7.0 (Rogue.Antivirus7) -> Quarantined and deleted successfully.

    Files Detected: 58
    C:\WINDOWS\system32\drivers\afd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gary\Local Settings\Temp\slp7296148907120939539.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gary\Local Settings\Temp\thpm4762958484701727967.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Travis\Local Settings\Temp\jar_cache5033329252468895518.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Travis\Local Settings\Temp\jar_cache6617253457894173280.tmp (Malware.Gen) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{378C9204-298C-4CE3-BCA1-7BD8A5C411DF}\RP882\A0097602.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\kna0.3042218115277152.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl2467868539131190826.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl2717520874915847892.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl2776869903376571398.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl3053999797587620231.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl3230103982565020251.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl3473244328357027276.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl367894935707309357.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl4572160869246922028.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\0.07411137565549719.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\0.38644272094953624.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\0.4546612960562175.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\0.46290346457207376.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\0.6410875452629101.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\0.9319433103885935.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\kna0.12694391077751355.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\kna0.19334186240524542.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\slp2484014457677465145.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\slp2790375947025074691.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\slp3787718538485147933.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\slp3904185661554483072.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\slp537113348159386514.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\slp5599679171835253076.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\slp8756694722552590810.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\opre0.7205130102911526.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\f831341233221589042791323.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\slp1856006245784223360.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\kna0.5773920660198472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\kna0.8221749381761514.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\kolf0.32404864395097666.exe (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\kolf0.9185119622408099.exe (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\opre0.19865355517778638.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\opre0.37781660428866637.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\kna0.8704866269099972.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\opre0.40660108107763393.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\opre0.8918786564595184.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl4636168638231913055.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl8954716933852909430.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl4760195616262907676.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl5320533713490413364.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl5471581380339904046.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl5886707554905581717.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl6036382084791057691.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl6342575373302573490.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\p9pl7237688619026230214.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\3d9a1171353233241165418.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\3d9a4069496212445125697.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\3d9a4837145715438167896.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\3d9a5966175007668825157.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\3d9a8557647670497132718.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gary\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gary\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

    (end)

    =====================BEGIN GMER LOGFILE====================
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-23 16:35:30
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Maxtor_7 rev.YAR5
    Running: gmer.exe; Driver: C:\DOCUME~1\Gary\LOCALS~1\Temp\uwtdqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF765787E]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAD241738]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7657BFE]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAD2417DC]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAD241878]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAD241914]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? wvrsjbyp.sys The system cannot find the file specified. !
    .text iaStor.sys F7438316 1 Byte [CC] {INT 3 }
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8927000, 0x1C5D38, 0xE8000020]
    init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77E2720]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:148] 8A19F16D
    Thread System [4:440] 8A11BB90

    ---- Files - GMER 1.0.15 ----


    File C:\WINDOWS\$NtUninstallKB49151$\3556757891 0 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294 0 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\bckfg.tmp 854 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\cfg.ini 375 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\keywords 117 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\L\cinuwnha 138496 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\oemid 115 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\80000000.@ 66560 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\80000004.@ 12800 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\80000032.@ 73216 bytes
    File C:\WINDOWS\$NtUninstallKB49151$\4222174294\version 847 bytes

    ---- EOF - GMER 1.0.15 ----
    (((((there were multiple thousands of cookie entries, since I never had trouble removing them I figured I'd spare us all the spam. Please let me know if I need to include the cookie log cuz it turns a 2 page document into 50pages.. I guess they hadn't cleaned their net history/cookies recently)))))
     
  3. Daeliph

    Daeliph TS Rookie Topic Starter

    DSS log and Attach.txt

    =======BEGIN DDS LOGFILE=======
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Run by Gary at 16:32:42 on 2012-02-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.896 [GMT -8:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Application Data\{F7A5004A-FB98-4012-82A2-EB5C32EC6369}\Server.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\notepad.exe
    H:\VIRUS-TOOLS\gmer.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
    uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3B0F3A75-0DAA-4C7C-8D09-B584983B3399} - No File
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [UIUCU] c:\docume~1\gary\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
    dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
    StartupFolder: c:\docume~1\gary\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5110E4D7-75EB-4D0C-9692-E9D532B0ABF2} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\gary\application data\mozilla\firefox\profiles\4jixlct8.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&apn_uid=D7101DE7-3B5D-4F88-A04D-BDD9BD08907F&apn_ptnrs=OE&apn_sauid=C1529814-C4AA-4B39-B0B3-193C35FCF87D&apn_dtid=VIN005YYUS&&q=
    FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\4jixlct8.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-9 64512]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 GJService;Game Jackal Server;c:\documents and settings\all users\application data\{f7a5004a-fb98-4012-82a2-eb5c32ec6369}\Server.exe [2010-5-12 2040768]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-23 652360]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-23 20464]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-23 40776]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
    S2 mcafeeframework;Ktp;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
    S3 MaplomL;MaplomL; [x]
    .
    =============== Created Last 30 ================
    .
    2012-02-23 22:08:19 54016 ----a-w- c:\windows\system32\drivers\fgbaebuv.sys
    2012-02-23 21:47:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-02-23 20:16:59 -------- d-----w- c:\documents and settings\gary\application data\Malwarebytes
    2012-02-23 20:16:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-02-23 20:16:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-23 20:16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-16 04:08:25 -------- d-----w- c:\program files\uTorrent
    2012-02-16 04:07:25 -------- d-----w- c:\documents and settings\gary\application data\uTorrent
    2012-02-16 02:06:29 -------- d-----w- C:\Logs
    2012-02-15 03:30:26 -------- d-----w- c:\documents and settings\gary\local settings\application data\adaware
    2012-02-15 03:30:22 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
    2012-02-15 03:30:15 -------- d-----w- c:\program files\Toolbar Cleaner
    2012-02-15 03:29:56 -------- d-----w- c:\documents and settings\gary\application data\adawaretb
    2012-02-15 03:29:55 -------- d-----w- c:\program files\adawaretb
    2012-02-15 03:29:38 -------- d-----w- c:\program files\Lavasoft
    2012-02-05 14:20:55 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    .
    ==================== Find3M ====================
    .
    2012-02-16 02:59:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-23 15:12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    .
    ============= FINISH: 16:33:30.23 ===============

    ======BEGIN Attach.txt LOGFILE=========
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/9/2009 4:36:24 PM
    System Uptime: 2/23/2012 1:41:18 PM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0U7077
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 228 GiB total, 164.111 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is CDROM (CDFS)
    H: is FIXED (NTFS) - 466 GiB total, 5.533 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme 57xx Gigabit Controller
    Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme 57xx Gigabit Controller
    PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
    Service: b57w2k
    .
    Class GUID:
    Description: Multimedia Audio Controller
    Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
    Manufacturer:
    Name: Multimedia Audio Controller
    PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
    Service:
    .
    ==== System Restore Points ===================
    .
    RP818: 11/25/2011 10:46:23 PM - System Checkpoint
    RP819: 11/26/2011 11:58:22 PM - System Checkpoint
    RP820: 11/28/2011 12:46:21 AM - System Checkpoint
    RP821: 11/29/2011 12:58:21 AM - System Checkpoint
    RP822: 11/30/2011 2:01:13 AM - System Checkpoint
    RP823: 12/1/2011 2:06:25 AM - System Checkpoint
    RP824: 12/2/2011 2:18:27 AM - System Checkpoint
    RP825: 12/3/2011 3:06:22 AM - System Checkpoint
    RP826: 12/4/2011 3:30:21 AM - System Checkpoint
    RP827: 12/5/2011 12:36:03 PM - System Checkpoint
    RP828: 12/6/2011 1:08:59 PM - System Checkpoint
    RP829: 12/8/2011 9:23:12 AM - System Checkpoint
    RP830: 12/8/2011 5:53:08 PM - Removed SLOW-PCfighter.
    RP831: 12/8/2011 5:54:36 PM - Removed Playalot Games
    RP832: 12/9/2011 6:06:08 PM - System Checkpoint
    RP833: 12/10/2011 6:55:12 PM - System Checkpoint
    RP834: 12/12/2011 12:35:55 AM - System Checkpoint
    RP835: 12/13/2011 8:03:47 AM - System Checkpoint
    RP836: 12/14/2011 9:08:21 AM - System Checkpoint
    RP837: 12/15/2011 9:57:30 AM - System Checkpoint
    RP838: 12/16/2011 5:14:54 PM - System Checkpoint
    RP839: 12/17/2011 5:36:15 PM - System Checkpoint
    RP840: 12/18/2011 5:52:23 PM - System Checkpoint
    RP841: 12/19/2011 6:38:30 PM - System Checkpoint
    RP842: 12/20/2011 7:03:54 PM - System Checkpoint
    RP843: 12/21/2011 9:27:54 PM - System Checkpoint
    RP844: 12/23/2011 1:40:38 AM - System Checkpoint
    RP845: 12/26/2011 9:00:52 AM - System Checkpoint
    RP846: 12/28/2011 5:04:57 PM - System Checkpoint
    RP847: 1/5/2012 4:55:46 PM - System Checkpoint
    RP848: 1/6/2012 5:49:18 PM - System Checkpoint
    RP849: 1/8/2012 8:00:54 PM - System Checkpoint
    RP850: 1/9/2012 8:34:57 PM - System Checkpoint
    RP851: 1/10/2012 9:31:42 PM - System Checkpoint
    RP852: 1/11/2012 10:30:00 PM - System Checkpoint
    RP853: 1/12/2012 10:31:03 PM - System Checkpoint
    RP854: 1/13/2012 11:29:56 PM - System Checkpoint
    RP855: 1/15/2012 2:15:33 PM - System Checkpoint
    RP856: 1/16/2012 3:11:56 PM - System Checkpoint
    RP857: 1/17/2012 3:31:43 PM - System Checkpoint
    RP858: 1/19/2012 11:46:54 PM - System Checkpoint
    RP859: 1/21/2012 1:01:33 AM - System Checkpoint
    RP860: 1/29/2012 11:48:54 AM - System Checkpoint
    RP861: 2/2/2012 1:02:39 PM - System Checkpoint
    RP862: 2/3/2012 1:25:03 PM - System Checkpoint
    RP863: 2/4/2012 6:00:20 PM - System Checkpoint
    RP864: 2/5/2012 6:20:57 PM - System Checkpoint
    RP865: 2/6/2012 7:34:19 PM - System Checkpoint
    RP866: 2/8/2012 12:11:48 PM - System Checkpoint
    RP867: 2/9/2012 1:05:37 PM - System Checkpoint
    RP868: 2/10/2012 1:18:34 PM - System Checkpoint
    RP869: 2/11/2012 2:18:31 PM - System Checkpoint
    RP870: 2/12/2012 3:16:48 PM - System Checkpoint
    RP871: 2/13/2012 3:20:51 PM - System Checkpoint
    RP872: 2/14/2012 3:36:39 PM - System Checkpoint
    RP873: 2/14/2012 7:27:38 PM - Installed Ad-Aware
    RP874: 2/14/2012 7:29:37 PM - Installed Ad-Aware
    RP875: 2/14/2012 7:44:10 PM - Removed NetAssistant
    RP876: 2/14/2012 7:45:10 PM - Removed Safari
    RP877: 2/17/2012 12:15:36 PM - System Checkpoint
    RP878: 2/18/2012 12:30:12 PM - System Checkpoint
    RP879: 2/19/2012 12:48:02 PM - System Checkpoint
    RP880: 2/20/2012 1:48:01 PM - System Checkpoint
    RP881: 2/21/2012 2:47:59 PM - System Checkpoint
    RP882: 2/22/2012 2:54:54 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    Ad-Aware
    Ad-Aware Security Toolbar
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    Advertising Center
    AiO_Scan
    AiOSoftware
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AVG 2011
    Bonjour
    Broadcom Gigabit Integrated Controller
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner (remove only)
    CloneDVD2
    CloneDVDmobile
    Content Transfer
    Coupon Printer for Windows
    ESPNMotion
    Fax
    File Type Assistant
    FoxTab Music Converter
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Graboid Video 2.01
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    ImagXpress
    Intel(R) 537EP V9x DF PCI Modem
    Itibiti RTC
    iTunes
    Java(TM) 6 Update 18
    LimeWire Toolbar Updater
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Musicnotes Software Suite 1.5.3
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    NWZ-E350 WALKMAN Guide
    PowerArchiver 2010
    QFolder
    QuickTime
    Readme
    RegCure
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sibelius Scorch (ActiveX Only)
    Skins
    Spybot - Search & Destroy
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.1
    WebFldrs XP
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/19/2012 8:07:17 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    2/19/2012 11:00:27 AM, error: System Error [1003] - Error code 000000d0, parameter1 736bf9f3, parameter2 00000002, parameter3 00000001, parameter4 8054e579.
    .
    ==== End Of File ===========================
     
  4. Daeliph

    Daeliph TS Rookie Topic Starter

    as far as the computers status. after running mbam the network driver would no longer resolve an ip (set up to DHCP-assigned on the family LAN)

    I suppose this isn't entirely detrimental since disabling the driver I know it wont be making successful communication attempts with any malicious sites/servers/files via internet.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Are you saying that you don't have internet connection as of now?

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...