Inactive Cannot get rid of malware

[VTDH]

Hi,

I'm hoping someone can help me with my issue.

I got malware on my computer almost a week ago and have been trying various methods for days to get it off. I use firefox and when I click on links I'm redirected to ad sights.

I turned off system restore, scanned with roger's virus protection and malwarebytes anti-malware which found some things and I removed them. Everything seemed to be ok but it popped up again. I removed firefox and I'm now only using Explorer scanned again and found nothing but I still get the redirects. I uninstalled rogers virus protection and installed Avira scanned but same issue. One last note - I can see the malware in my program files "antimalware doctor" when I click on the start button but any scan doesn't see it.

I followed the forums 8 steps to remove malware and the files are pasted.

Any help would be much appreciated.

***Malwarebytes Anti-Malware log***

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4486

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/08/2010 6:47:55 PM
mbam-log-2010-08-26 (18-47-55).txt

Scan type: Quick scan
Objects scanned: 143856
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

***GMER log***
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-27 00:11:10
Windows 5.1.2600 Service Pack 3
Running: 3g97iegn.exe; Driver: C:\DOCUME~1\Karina\LOCALS~1\Temp\uxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT F7C423C6 ZwCreateKey
SSDT F7C423BC ZwCreateThread
SSDT F7C423CB ZwDeleteKey
SSDT F7C423D5 ZwDeleteValueKey
SSDT F7C423DA ZwLoadKey
SSDT F7C423A8 ZwOpenProcess
SSDT F7C423AD ZwOpenThread
SSDT F7C423E4 ZwReplaceKey
SSDT F7C423DF ZwRestoreKey
SSDT F7C423D0 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\Drivers\OA012Afx.sys entry point in "init" section [0xA95D9D60]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[216] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\wuauclt.exe[1276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\wuauclt.exe[1276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\wuauclt.exe[1276] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1356] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1356] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\SearchIndexer.exe[1444] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[VTDH]

the logs part 2 of 3

***DDS***


DDS (Ver_10-03-17.01) - NTFSx86
Run by Karina at 1:25:17.06 on 27/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.443 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Karina\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.live.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [<NO NAME>]
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\karina\startm~1\programs\startup\accuwe~1.lnk - c:\program files\accuweather.com stratus\AccuWeather.com Stratus.exe
StartupFolder: c:\docume~1\karina\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-11-5 14248]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-25 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-25 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-25 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-25 60936]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-4-25 14336]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-5 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-11-5 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-11-5 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-11-5 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-5 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-5 1684736]

=============== Created Last 30 ================

2010-08-26 15:59:13 0 d-----w- c:\docume~1\karina\applic~1\Avira
2010-08-26 00:27:21 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-26 00:27:20 0 d-----w- c:\program files\Avira
2010-08-26 00:27:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-08-25 17:01:15 0 d-sh--w- c:\documents and settings\karina\IECompatCache
2010-08-25 00:35:41 0 d-sh--w- c:\documents and settings\karina\PrivacIE
2010-08-25 00:32:26 0 d-sh--w- c:\documents and settings\karina\IETldCache
2010-08-25 00:26:32 0 dc-h--w- c:\windows\ie8
2010-08-23 14:45:15 0 d-----w- c:\docume~1\karina\applic~1\Malwarebytes
2010-08-23 14:44:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 14:44:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-23 14:44:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 14:44:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 21:48:09 0 d-----w- c:\docume~1\karina\applic~1\2FC4B26902791AA7E44448C4E4CAFFD0
2010-08-11 17:59:57 0 d-----w- c:\program files\iPod
2010-08-11 17:59:21 0 d-----w- c:\program files\iTunes
2010-08-11 17:40:15 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-08-26 00:10:52 2585120 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-08-26 00:10:52 244472 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-08-26 00:10:50 3933248 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-08-26 00:10:50 293524256 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 1:27:15.12 ===============

 

[VTDH]

the logs part 3 of 3

***Attach***


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 20/01/2010 9:21:07 PM
System Uptime: 27/08/2010 1:20:07 AM (0 hours ago)

Motherboard: Dell Inc. | | CN0Y53
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U1 | 1595/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 26.964 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
AccuWeather.com Stratus
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3.2
Advanced Audio FX Engine
AiO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Battery Meter
Bonjour
CapsLKNotify
Compatibility Pack for the 2007 Office system
Dell Support Center (Support Software)
Dell System Restore
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
EMSC
Final Draft
Function Keys
GIMP 2.6.8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP PSC & OfficeJet 5.3.B
Integrated Webcam Driver (1.02.02.0403)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
QFolder
QuickTime
Realtek High Definition Audio Driver
Rogers Servicepoint Agent 2.0.21
RPS CRT
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 4.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VLC media player 1.0.5
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WSED
XChat 2 (remove only)
XDCAM EX Clip Browser
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

27/08/2010 1:03:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service.
26/08/2010 6:02:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
26/08/2010 6:01:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26/08/2010 6:01:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip Tcpip6
26/08/2010 6:01:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
26/08/2010 6:01:42 PM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
26/08/2010 6:01:42 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/08/2010 6:01:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/08/2010 6:01:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/08/2010 6:01:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
26/08/2010 6:01:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/08/2010 6:01:42 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/08/2010 8:51:36 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7034] - The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
25/08/2010 8:51:35 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/08/2010 8:25:30 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
25/08/2010 8:25:30 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Karina\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
25/08/2010 8:25:30 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
25/08/2010 8:11:51 PM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
25/08/2010 11:00:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
25/08/2010 11:00:43 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
25/08/2010 10:59:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
25/08/2010 10:58:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
25/08/2010 10:57:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
24/08/2010 8:32:30 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
24/08/2010 8:32:30 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
24/08/2010 10:38:03 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
21/08/2010 2:21:03 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 701A0468E195 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
21/08/2010 12:20:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PD91Engine service to connect.
21/08/2010 12:20:50 PM, error: Service Control Manager [7000] - The PD91Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/08/2010 12:20:49 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service PD91Engine with arguments "-Service" in order to run the server: {00772927-3E20-4854-9D99-77DEA78FE9E5}
21/08/2010 1:41:17 PM, error: PSched [14103] - QoS [Adapter {84E5D685-DF9B-4415-97B3-EA2C223A7E45}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================

 

[crunchie]

Hi and welcome to TechSpot forums .

====

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

[VTDH]

combo fix found malware

Thanks for the help.

It found some malware and deleated it. Here is the log.

ComboFix 10-08-26.04 - Karina 27/08/2010 12:23:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.637 [GMT -4:00]
Running from: c:\documents and settings\Karina\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karina\Application Data\2FC4B26902791AA7E44448C4E4CAFFD0
c:\documents and settings\Karina\Application Data\2FC4B26902791AA7E44448C4E4CAFFD0\enemies-names.txt
c:\documents and settings\Karina\Application Data\2FC4B26902791AA7E44448C4E4CAFFD0\local.ini
c:\documents and settings\Karina\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Karina\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Karina\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\system

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-26 15:59 . 2010-08-26 15:59 -------- d-----w- c:\documents and settings\Karina\Application Data\Avira
2010-08-26 00:27 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-26 00:27 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-26 00:27 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-26 00:27 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-26 00:27 . 2010-08-26 00:27 -------- d-----w- c:\program files\Avira
2010-08-26 00:27 . 2010-08-26 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-25 17:01 . 2010-08-25 17:01 -------- d-sh--w- c:\documents and settings\Karina\IECompatCache
2010-08-25 00:45 . 2010-08-25 00:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-25 00:35 . 2010-08-25 00:35 -------- d-sh--w- c:\documents and settings\Karina\PrivacIE
2010-08-25 00:33 . 2010-08-25 00:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-25 00:32 . 2010-08-25 00:32 -------- d-sh--w- c:\documents and settings\Karina\IETldCache
2010-08-25 00:26 . 2010-08-25 00:27 -------- dc-h--w- c:\windows\ie8
2010-08-24 02:37 . 2010-08-24 02:37 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-08-23 14:45 . 2010-08-23 14:45 -------- d-----w- c:\documents and settings\Karina\Application Data\Malwarebytes
2010-08-23 14:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 14:44 . 2010-08-23 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-23 14:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 14:44 . 2010-08-23 14:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 02:21 . 2001-08-17 17:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-08-14 02:21 . 2001-08-17 17:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-08-14 02:21 . 2001-08-18 02:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-08-14 02:21 . 2001-08-18 02:36 324608 ----a-w- c:\windows\system32\hpojwia.dll
2010-08-14 02:21 . 2001-08-17 17:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-08-14 02:21 . 2001-08-17 17:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2010-08-14 02:21 . 2001-08-17 17:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-08-14 02:21 . 2001-08-17 17:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-08-14 02:21 . 2008-04-14 04:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-08-14 02:21 . 2008-04-14 04:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-08-11 17:59 . 2010-08-11 17:59 -------- d-----w- c:\program files\iPod
2010-08-11 17:59 . 2010-08-11 18:01 -------- d-----w- c:\program files\iTunes
2010-08-11 17:40 . 2010-08-11 17:40 -------- d-----w- c:\program files\Bonjour
2010-08-11 17:33 . 2010-08-11 17:33 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-04 16:02 . 2010-08-04 16:02 61440 ----a-w- c:\documents and settings\Karina\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2b5c640e-n\decora-sse.dll
2010-08-04 16:02 . 2010-08-04 16:02 503808 ----a-w- c:\documents and settings\Karina\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-16ac0c86-n\msvcp71.dll
2010-08-04 16:02 . 2010-08-04 16:02 499712 ----a-w- c:\documents and settings\Karina\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-16ac0c86-n\jmc.dll
2010-08-04 16:02 . 2010-08-04 16:02 348160 ----a-w- c:\documents and settings\Karina\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-16ac0c86-n\msvcr71.dll
2010-08-04 16:02 . 2010-08-04 16:02 12800 ----a-w- c:\documents and settings\Karina\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2b5c640e-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 16:21 . 2010-02-10 00:09 -------- d-----w- c:\documents and settings\Karina\Application Data\Skype
2010-08-27 16:21 . 2010-01-26 03:54 -------- d-----w- c:\documents and settings\Karina\Application Data\uTorrent
2010-08-26 00:10 . 2010-02-22 00:06 2585120 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-08-26 00:10 . 2010-02-22 00:06 244472 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-08-26 00:10 . 2010-02-22 00:10 3933248 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-08-26 00:10 . 2010-02-22 00:10 293524256 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-08-26 00:10 . 2010-02-21 23:33 -------- d-----w- c:\documents and settings\Karina\Application Data\Rogers Online Protection
2010-08-26 00:10 . 2010-02-21 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Rogers Online Protection
2010-08-26 00:10 . 2010-02-21 23:33 -------- d-----w- c:\program files\Rogers Online Protection
2010-08-22 21:51 . 2010-02-15 18:10 -------- d-----w- c:\documents and settings\Karina\Application Data\vlc
2010-08-11 17:59 . 2010-02-01 16:58 -------- d-----w- c:\program files\Common Files\Apple
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-24 322352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Karina\Start Menu\Programs\Startup\
AccuWeather.lnk - c:\program files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2010-6-22 142336]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [05/11/2009 5:20 AM 14248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/08/2010 8:27 PM 135336]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [25/04/2008 4:33 PM 14336]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [05/11/2009 5:25 AM 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [05/11/2009 6:29 AM 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [05/11/2009 6:29 AM 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [05/11/2009 6:29 AM 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [05/11/2009 6:28 AM 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/11/2009 6:28 AM 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 12:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-08-27 12:35:29
ComboFix-quarantined-files.txt 2010-08-27 16:35

Pre-Run: 28,782,895,104 bytes free
Post-Run: 28,795,015,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BB3ECEE3B03EDE07F9F12D460EDC5A2C

 

[crunchie]

Are you still being re-directed?

 

[VTDH]

thanks so much!

It's been a few days and there are no more redirects (I wanted to leave it a couple of days because I thought I had gotten rid of it a few times to just have it pop up again a day later). This is a really informative and wonderful forum and I'm really grateful for all your guidance and help.

 

[crunchie]

You are welcome .

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.