Inactive Had Trojan in cdrom.sys, think I fixed, hoping for confirmation

[oBx7935qq]

My computer would not recognize either of my cd/dvd drives. AVG detected trojan horse.anvh in cdrom.sys but said it was whitelisted and would not remove. I ran mbam and restarted as directed. Then I reinstalled drivers for the drivers and they seem to work. Was not sure if I was totally clean, so I found this website and ran the five step instructions on this website. i am posting logs below - hoping to know if I am clean now, or if there are still problems. Thanks very very much!

----------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 912041309

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/13/2012 9:14:55 PM
mbam-log-2012-04-13 (21-14-55).txt

Scan type: Quick scan
Objects scanned: 228453
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-13 21:32:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3808110AS rev.3.ADH
Running: o3kq705z.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\pxtdapow.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Run by Eric at 21:36:26 on 2012-04-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1146 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\ADVANC~1\wh_exec.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [ImpulseFastStart] "c:\program files\stardock\impulse\Impulse.exe" /fastload
uRun: [Google Update] "c:\documents and settings\eric\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [WheelMouse] c:\advanc~1\wh_exec.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [Intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [avbhhfRgwD.exe] c:\documents and settings\all users\application data\avbhhfRgwD.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BA86A414-C8E6-4471-86EF-F75F9D24A6A6} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\y0rsaved.new\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e5a8ec6&i=23&tp=ab&nt=1&q=
FF - plugin: c:\documents and settings\eric\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\eric\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\eric\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-27 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-8 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-2-8 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-1-2 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-1-2 574424]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-7-27 253096]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-10-4 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-10-4 177776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-9 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-1-27 17149]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-31 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110917.007\naveng.sys [2011-9-18 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110917.007\navex15.sys [2011-9-18 1576312]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-25 6784]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-5 136176]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-10-4 83568]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-5 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-16 22216]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-7-27 70536]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-11-15 169200]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-2-16 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-2-16 1117624]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-11-15 1756912]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-1-2 35264]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-6-9 280344]
.
=============== Created Last 30 ================
.
2012-04-14 01:18:52 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-14 01:18:52 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2012-03-25 15:46:35 -------- d-----w- c:\documents and settings\all users\application data\Battle.net
2012-03-25 13:53:29 -------- d-----w- c:\program files\Diablo-III-8370-enUS-Installer
2012-03-24 13:56:28 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-24 13:56:27 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-19 00:57:26 -------- d--h--w- C:\$AVG
2012-03-18 23:45:48 -------- d-----w- c:\documents and settings\eric\application data\AVG
2012-03-18 23:22:32 -------- d-----w- c:\documents and settings\eric\application data\AVG2012
2012-03-18 23:17:29 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
.
==================== Find3M ====================
.
2012-03-22 12:07:41 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-03-22 12:07:38 88 --sh--r- c:\windows\system32\433FEA9A36.sys
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 18:50:30 667136 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 18:50:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-02-28 18:50:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-02-28 13:50:54 369664 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2000-10-27 16:54:00 266330 ----a-r- c:\program files\ESCARPMENT.dll
.
============= FINISH: 21:38:57.06 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/6/2006 5:35:04 PM
System Uptime: 4/13/2012 8:58:51 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 6.32 GiB free.
D: is CDROM (UDF)
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
RP30: 1/15/2012 1:30:46 PM - System Checkpoint
RP31: 1/15/2012 2:57:30 PM - Restore Operation
RP32: 1/15/2012 3:11:13 PM - Software Distribution Service 3.0
RP33: 1/15/2012 9:04:27 PM - Software Distribution Service 3.0
RP34: 1/17/2012 6:13:33 PM - Software Distribution Service 3.0
RP35: 1/17/2012 9:20:01 PM - Software Distribution Service 3.0
RP36: 1/18/2012 7:39:47 PM - Software Distribution Service 3.0
RP37: 1/22/2012 9:23:16 AM - System Checkpoint
RP38: 2/19/2012 10:22:22 AM - System Checkpoint
RP39: 2/19/2012 11:37:05 AM - Software Distribution Service 3.0
RP40: 2/24/2012 6:25:27 PM - System Checkpoint
RP41: 3/6/2012 8:53:24 PM - System Checkpoint
RP42: 3/9/2012 7:19:27 AM - System Checkpoint
RP43: 3/12/2012 9:22:47 PM - System Checkpoint
RP44: 3/14/2012 6:53:02 PM - System Checkpoint
RP45: 3/14/2012 9:10:06 PM - Software Distribution Service 3.0
RP46: 3/18/2012 10:03:15 AM - System Checkpoint
RP47: 3/18/2012 7:16:38 PM - Installed AVG 2012
RP48: 3/18/2012 7:17:09 PM - Installed AVG 2012
RP49: 3/19/2012 9:26:35 PM - System Checkpoint
RP50: 3/20/2012 10:06:58 PM - System Checkpoint
RP51: 3/22/2012 6:41:43 AM - Removed TurboTax 2008 wpaiper
RP52: 3/22/2012 6:41:54 AM - Removed AnswerWorks 5.0 English Runtime
RP53: 3/22/2012 6:42:03 AM - Removed TurboTax 2008 WinPerUserEducation
RP54: 3/22/2012 6:42:37 AM - Removed TurboTax 2008 WinPerProgramHelp
RP55: 3/22/2012 6:43:25 AM - Removed TurboTax 2008 WinPerTaxSupport
RP56: 3/22/2012 6:44:05 AM - Removed TurboTax 2008 WinPerFedFormset
RP57: 3/22/2012 6:45:26 AM - Removed TurboTax 2008 WinPerReleaseEngine
RP58: 3/22/2012 6:47:01 AM - Removed TurboTax 2008 wrapper
RP59: 3/22/2012 8:04:23 AM - Removed SSH Secure Shell
RP60: 3/23/2012 9:35:19 PM - System Checkpoint
RP61: 3/25/2012 10:36:01 AM - System Checkpoint
RP62: 3/27/2012 6:41:05 PM - System Checkpoint
RP63: 3/29/2012 9:27:55 AM - System Checkpoint
RP64: 4/12/2012 11:54:55 PM - System Checkpoint
RP65: 4/13/2012 3:00:43 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Advanced Wheel Mouse 6.0.0.000
AiO_Scan_CDA
AnswerWorks 4.0 Runtime - English
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Control Panel
ATI Parental Control & Encoder
AVG 2012
AVG PC Tuneup
Belkin 54g USB Network Adapter
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Citrix Presentation Server Client - Web Only
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
DeepBurner Pro v1.8.0.225
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DVDFab 8.0.7.3 (29/01/2011)
EducateU
ELIcon
FileZilla Client 3.2.2.1
Free MP3 Recorder 1.0
Games, Music, & Photos Launcher
GameSpy Arcade
GameSpy Comrade
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GTK+ 2.10.13 runtime environment
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2100 series
HP Photosmart, Officejet and Deskjet 7.0.A
hp psc 2100 series
Impulse
InfraRecorder
InstallIQ Updater
Intel AppUp(SM) center
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
ISO Recorder
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Magic ISO Maker v5.3 (build 0216)
MathType 6
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 5.3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Xbox 360 Accessories 1.1
mIRC
Modem Helper
Move Media Player
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Musicmatch® Jukebox
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
NetWaiting
Panasonic DVC USB Driver
PFConfig 1.0.127
PFPortChecker 1.0.32
Portal 2
PunkBuster Services
Python 2.7.1
QFolder
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2675157)
Skype™ 3.2
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spyware Doctor with AntiVirus 8.0
Steam
Suite Specific
SUPERAntiSpyware
Symantec AntiVirus
TeamSpeak 2 RC2
The GIMP 2.2.17
The Lord of the Rings FREE Trial
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URGE
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPN Client
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
X-Win32 7.1
X-Win32 8.0
.
==== Event Viewer Messages From Past Week ========
.
4/12/2012 9:54:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
4/12/2012 9:54:35 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

[Bobbye]

You're not going to stay clean with 3 antivirus programs running. You have:
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
Please remove 2 of these, then reboot the system.
Note: If I have you run Combofix you will have to temporarily uninstall AVG
=======================================
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:<<< Do not add one of these if you have one of the other 3 on the system when you remove AVG
Microsoft Security Essentials
Comodo AV
Avast! Free Antivirus
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==========================================
Please handle the AV problem. first, then run the scans above. Leave to logs in your next reply.
============================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

 

[oBx7935qq]

Thanks a ton for your reply!! I uninstalled Symantec and AVG so I only have one AV, then I ran combofixnd eset as you requested. The two logs are below. Thanks again!

COMBOFIX LOG:

ComboFix 12-04-15.02 - Eric 04/15/2012 17:04:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1628 [GMT -4:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
C:\Install.exe
C:\Thumbs.db
c:\windows\$NtUninstallKB31151$
c:\windows\$NtUninstallKB31151$\1203846766\@
c:\windows\$NtUninstallKB31151$\1203846766\bckfg.tmp
c:\windows\$NtUninstallKB31151$\1203846766\keywords
c:\windows\$NtUninstallKB31151$\1203846766\L(2)\pdmzmplg
c:\windows\$NtUninstallKB31151$\1203846766\U(2)\00000001.@
c:\windows\$NtUninstallKB31151$\1203846766\U(2)\00000002.@
c:\windows\$NtUninstallKB31151$\1203846766\U(2)\00000004.@
c:\windows\$NtUninstallKB31151$\1203846766\U(2)\80000000.@
c:\windows\$NtUninstallKB31151$\1203846766\U(2)\80000004.@
c:\windows\$NtUninstallKB31151$\1203846766\U(2)\80000032.@
c:\windows\$NtUninstallKB31151$\3670671461
c:\windows\dasetup.log
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETD5.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-14 01:18 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-14 01:18 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2012-03-25 15:46 . 2012-03-25 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Battle.net
2012-03-25 13:53 . 2012-03-25 15:46 -------- d-----w- c:\program files\Diablo-III-8370-enUS-Installer
2012-03-24 13:56 . 2012-03-24 13:56 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-24 13:56 . 2012-03-24 13:56 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-18 23:45 . 2012-03-18 23:47 -------- d-----w- c:\documents and settings\Eric\Application Data\AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 14:10 . 2005-08-16 09:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2005-08-16 09:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 18:50 . 2005-08-16 09:18 667136 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 18:50 . 2005-08-16 09:18 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-02-28 18:50 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-02-28 13:50 . 2005-08-16 09:18 369664 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2005-08-16 09:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2000-10-27 16:54 . 2007-09-13 21:44 266330 ----a-r- c:\program files\ESCARPMENT.dll
2007-11-09 20:10 . 2007-11-09 20:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 20:10 . 2007-11-09 20:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 20:10 . 2007-11-09 20:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 20:10 . 2007-11-09 20:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 20:10 . 2007-11-09 20:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 20:10 . 2007-11-09 20:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 20:10 . 2007-11-09 20:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 20:11 . 2007-11-09 20:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 20:11 . 2007-11-09 20:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-03-24 13:56 . 2011-11-05 02:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-03-30 01:31 . 2009-03-30 01:31 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
"ImpulseFastStart"="c:\program files\Stardock\Impulse\Impulse.exe" [2011-02-14 2348400]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-03-11 86016]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-07 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-23 149280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-08 933]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-30 1838592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-6-9 1524776]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-3 24576]
hp psc 2000 Series.lnk - c:\program files\HP\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2008-1-27 884840]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\StarNet\\X-Win32 8.0\\xwin32.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\StarNet\\X-Win32 7.1\\xwin32.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.524\\Agent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26000:UDP"= 26000:UDP:Nexuiz
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.

 

[oBx7935qq]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/27/2009 10:28 PM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2/8/2011 7:43 PM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2/8/2011 7:43 PM 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/2/2012 12:45 PM 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/2/2012 12:45 PM 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [7/27/2009 10:28 PM 253096]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/9/2007 1:49 AM 24652]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/27/2008 11:29 PM 17149]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 11:45 AM 6784]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2010 5:47 PM 136176]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2010 5:47 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/16/2011 10:09 AM 22216]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [7/27/2009 10:28 PM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/16/2008 6:55 PM 402336]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/2/2012 12:45 PM 35264]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2008-02-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8196811904.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 21:47]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 21:47]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1185286593-278694328-3660924420-1005Core.job
- c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 04:02]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1185286593-278694328-3660924420-1005UA.job
- c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 04:02]
.
2012-04-15 c:\windows\Tasks\WebReg 20120111220929.job
- c:\program files\HP\Digital Imaging\Bin\hpqwrg.exe [2003-04-06 07:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BA86A414-C8E6-4471-86EF-F75F9D24A6A6}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\y0rsaved.new\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e5a8ec6&i=23&tp=ab&nt=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-avbhhfRgwD.exe - c:\documents and settings\All Users\Application Data\avbhhfRgwD.exe
Notify-NavLogon - (no file)
AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Google Chrome - c:\documents and settings\Eric\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 17:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\Eric\LOCALS~1\Temp\tzk3.tmp
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1185286593-278694328-3660924420-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AB29D248-25E9-B6A9-8582-03C027A2974A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abmkogckamlmomnibficaaganclcnlfhig"=hex:61,61,00,00
"bbmkogckamlmomnibfhcjphfeifbkeahkdal"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1360)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2656)
c:\advanc~1\wh_hook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\Intel\IntelAppStore\bin\serviceManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-04-15 17:43:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 21:43
.
Pre-Run: 8,383,770,624 bytes free
Post-Run: 8,684,814,336 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 530CD23734B7BE64F846568B5A4AE745
ESET LOG:

C:\Documents and Settings\Eric\Application Data\AVG\Rescue\PC Tuneup 2011\120318195131780.rsc multiple threats

 

[oBx7935qq]

That is it for now. Thanks for your help already and I will wait until you tell me what to do next

 

[oBx7935qq]

Sorry to be a bother, but I will be out of town over the weekend and want to make sure this thread doesnt go inactive. If anyone is willing to help me out based on the last logs (combofix and eset) from actions recommended by bobbye that would be awsome.

thanks in advance!

 

[Bobbye]

I didnt realize you were back. I was going through my old threads and found this. There is a bit to do:

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::
c:\program files\Viewpoint\Common\ViewpointService.exe
Folder::
c:\documents and settings\Eric\Application Data\AVG
Rootkit::
c:\docume~1\Eric\LOCALS~1\Temp\tzk3.tmp
RegNull::
[HKEY_USERS\S-1-5-21-1185286593-278694328-3660924420-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AB29D248-25E9-B6A9-8582-03C027A2974A}*]
RegLock::
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
Clearjavacache::
 
Driver::
Viewpoint Manager Service

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
As far as I can tell, DeterministicNetworks is related to Cisco. But the key is locked, so I need to take a look. There is a registry setting for this- are you using it?

Also, you have an entry below:
- - - - - - - > 'explorer.exe'(2656)
c:\advanc~1\wh_hook.dll

This is the Outpost hooking module, related to Outpost Firewall. Is that correct> Does it have a program it's running through? What is advanc(ed)?

 

[Bobbye]

Time to close the thread. Do you plan to finish?