Web browser redirects after clicking a link in a Google or Yahoo search

Inactive
By WebPhoenix
Oct 30, 2011
Topic Status:
Not open for further replies.
  1. Hi,

    I was hoping someone could help me with this?

    My web browsers are redirecting me when I click on a the resulting link of a google or yahoo search.

    I have seen some other posts, however I wasn't sure how to fix this particular problem.

    I have run Malwarebytes and removed any malware
    I also ran spydoctor a while back and did some removing using this, and also HiJack this. I did a hd clean and removed and unneccessary programs, especially from my Temp folder.

    Everything else seems to be working fine, it does however take a while to load up firefox and explorer.

    MalwareBytes does keep popping up telling me that it has successfully blocked access to a potentially malicious website:

    188.95.54.92
    194.54.80.150
    109.235.55.11
    62.45.7.222
    212.117.162.15

    See attached logs
    Malwarebytes, DDS & Attach & GMER Scan log

    Any help much appreciated

    WPhoenix

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    All logs have to be pasted not attached.
  3. WebPhoenix

    WebPhoenix Newcomer, in training Topic Starter

    Logs Pasted

    see logs pasted below

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    30/10/2011 20:20:08
    mbam-log-2011-10-30 (20-20-08).txt

    Scan type: Quick scan
    Objects scanned: 164898
    Time elapsed: 10 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    09:26:23 (null) MESSAGE Protection started successfully
    09:26:48 Timur MESSAGE IP Protection started successfully
    09:26:52 Timur IP-BLOCK 109.235.55.11 (Type: outgoing)
    09:26:52 Timur IP-BLOCK 122.224.5.45 (Type: outgoing)
    09:26:55 Timur IP-BLOCK 109.235.55.11 (Type: outgoing)
    09:26:56 Timur IP-BLOCK 93.190.140.79 (Type: outgoing)
    09:26:59 Timur IP-BLOCK 93.190.140.79 (Type: outgoing)
    09:27:01 Timur IP-BLOCK 109.235.55.11 (Type: outgoing)
    09:27:01 Timur IP-BLOCK 122.224.5.45 (Type: outgoing)
    09:27:05 Timur IP-BLOCK 93.190.140.79 (Type: outgoing)
    09:27:13 Timur IP-BLOCK 212.117.162.15 (Type: outgoing)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-30 19:28:28
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500AAKS-00WWPA0 rev.01.03B01
    Running: gmer.exe; Driver: C:\DOCUME~1\Timur\LOCALS~1\Temp\kxtdipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
    SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\aufukdbh \Device\Scsi\aufukdbh1 8A060790
    Device \Driver\aufukdbh \Device\Scsi\aufukdbh1Port3Path0Target0Lun0 8A060790
    Device \FileSystem\Ntfs \Ntfs 8A6481E8

    AttachedDevice \FileSystem\Ntfs \Ntfs zmxpzip.sys (ZipFolders File System Filter Driver/Allume Systems)
    AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)

    Device \FileSystem\Fastfat \Fat 89891790

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat zmxpzip.sys (ZipFolders File System Filter Driver/Allume Systems)
    AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

    ---- EOF - GMER 1.0.15 ----






    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
    Run by Timur at 19:35:54 on 2011-10-30
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.479 [GMT 0:00]
    .
    AV: Virgin Media Security Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: Virgin Media Security Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Virgin Media\Security\Fws.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\xampp\mysql\bin\mysqld.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Allume\StuffIt\MXTask.exe
    C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\Allume\StuffIt\mxtask.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Virgin Media\Security\RPS.exe
    C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
    mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
    mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
    mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{285FBB21-0FF7-4EEA-953A-87602F5DD034} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{7A6B020C-B72C-4EA0-A388-DE78A8B37FE2} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{8F036488-733F-4DB6-86B5-BDBD13A89730} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F5B1781E-D803-4E47-BD73-0E3544D5FD91} : DhcpNameServer = 194.168.4.100 194.168.8.100
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\timur\application data\mozilla\firefox\profiles\yjf07ix3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\timur\application data\mozilla\firefox\profiles\yjf07ix3.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\timur\application data\mozilla\firefox\profiles\yjf07ix3.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\timur\application data\mozilla\firefox\profiles\yjf07ix3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\timur\application data\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: YouTube Video Download Wizard: ytvdw@pgport.com - %profile%\extensions\ytvdw@pgport.com
    FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-6-27 25608]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-27 366640]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
    R2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]
    R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-6-27 689464]
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2005-6-2 10496]
    R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\netgear\wnda3200\WifiDevChkSvc.exe [2011-6-29 167936]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-6-29 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-27 22712]
    R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2011-8-6 23664]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-7-25 16896]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2005-5-14 3328]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176]
    S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-6-29 1759584]
    S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2010-12-27 302472]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2011-6-29 360529]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-27 39984]
    S3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [2011-8-6 26736]
    S3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [2011-8-6 70256]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 motufwa;motufwa;c:\windows\system32\drivers\motufwa.sys [2011-8-6 478832]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-6-27 122376]
    S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-6-27 30216]
    S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-6-27 25736]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S4 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\virgin media\security\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-6-27 5832712]
    .
    =============== Created Last 30 ================
    .
    2011-10-30 18:59:45 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-29 14:01:41 -------- d-----w- c:\documents and settings\timur\local settings\application data\Deployment
    2011-10-28 15:03:01 -------- d-----w- c:\program files\PC Tools Security
    2011-10-28 15:03:01 -------- d-----w- c:\program files\common files\PC Tools
    2011-10-28 13:58:06 -------- d-----w- c:\documents and settings\timur\local settings\application data\Threat Expert
    2011-10-28 12:55:59 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-10-28 11:04:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-28 11:04:07 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-10-28 09:42:19 -------- d-----w- c:\program files\Trend Micro
    2011-10-27 21:10:54 -------- d-----w- c:\documents and settings\timur\application data\Malwarebytes
    2011-10-27 21:10:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-27 21:10:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-10-27 21:10:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-27 21:10:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-27 17:45:51 71168 --sha-r- c:\windows\system32\msltus40J.dll
    2011-10-27 14:31:45 -------- d-----w- c:\documents and settings\timur\application data\FastStone
    2011-10-27 14:30:45 -------- d-----w- c:\program files\FastStone Photo Resizer
    .
    ==================== Find3M ====================
    .
    2011-09-28 12:52:30 1 ----a-w- c:\windows\system32\SI.bin
    2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2010-12-27 13:17:08 83456 ----a-w- c:\program files\olepro32.dll
    2010-12-27 13:17:08 65024 ----a-w- c:\program files\asycfilt.dll
    2010-12-27 13:17:08 553472 ----a-w- c:\program files\oleaut32.dll
    2010-12-27 13:17:08 3584 ----a-w- c:\program files\comcat.dll
    2010-12-27 13:17:08 17920 ----a-w- c:\program files\stdole2.tlb
    2010-12-27 13:17:08 1386496 ----a-w- c:\program files\msvbvm60.dll
    .
    ============= FINISH: 19:37:18.98 ===============

    .



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16/12/2010 14:56:24
    System Uptime: 30/10/2011 18:47:50 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0J3492
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 51.499 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is FIXED (NTFS) - 1863 GiB total, 1177.921 GiB free.
    G: is Removable
    H: is CDROM (UDF)
    I: is CDROM ()
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.0)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    Belkin Wireless G Plus MIMO USB Network Adapter
    BitTorrent
    Broadcom Gigabit Integrated Controller
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    D-Link PCI Fast Ethernet Adapter
    Dell Driver Download Manager
    Delta
    DivX Setup
    EPSON BX525WD Series Manual
    EPSON BX525WD Series Network Guide
    EPSON BX525WD Series Printer Uninstall
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Event Manager
    EPSON Scan
    EpsonNet Print
    EpsonNet Setup 3.3
    FastStone Photo Resizer 3.1
    Freecorder 5
    Freecorder Toolbar
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    M-Audio Delta Driver 6.0.2 (x86)
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware version 1.51.0.600
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft ActiveSync
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 14
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MOTU Hardware
    Mozilla Firefox (3.6.23)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    NETGEAR WNDA3200 wireless adapter Setup
    PDF Settings CS5
    PerfectDisk 10 Professional
    QuickTime
    RPS CRT
    RPS PerfectDiskStub
    RPS RpsCore
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shareaza
    Skins
    Skype Click to Call
    Skype™ 5.5
    SoundMAX
    Spotify
    StuffIt Deluxe
    StuffIt Expander 2011
    UltraMon
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Virgin Media Security
    Virgin Media Service Manager 3.7.47
    VLC media player 1.1.11
    Vuze
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player Firefox Plugin
    WinRAR archiver
    XAMPP 1.7.7
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/10/2011 19:02:16, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
    28/10/2011 16:36:25, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    28/10/2011 16:36:24, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    28/10/2011 16:36:23, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    28/10/2011 14:20:07, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    28/10/2011 14:19:34, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
    28/10/2011 14:19:07, error: Service Control Manager [7034] - The Apache2.2 service terminated unexpectedly. It has done this 1 time(s).
    28/10/2011 14:15:27, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    28/10/2011 14:01:27, error: PCTCore [280] -
    28/10/2011 09:51:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    27/10/2011 21:16:14, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
    24/10/2011 21:03:05, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    23/10/2011 20:25:07, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    You're running two AV programs, Virgin Media Security Anti-Virus and MSE.
    One of them has to go.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. WebPhoenix

    WebPhoenix Newcomer, in training Topic Starter

    MSE will not uninstall

    Uninstall Error

    An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again.

    I tried restarting my computer and trying again.

    However...

    The same error message occurred.

    I also tried reinstalling the software, however another message then says that I cannot install the software unless the software is first uninstalled.

    So what now?

    Tim
  6. Broni

    Broni Malware Annihilator Posts: 45,159   +242

  7. WebPhoenix

    WebPhoenix Newcomer, in training Topic Starter

    Seems fixed!

    I actually ended up doing the 2 scans, ie the ASWMBR and ComboFix first (obviously i stopped all my antivirus programmes from running first). And then I used Revo Uninstaller Pro to uninstall MSE.

    it doesn't seem to be redirecting me anymore !

    Whether this is because of the MSE uninstall or the combofix. I have no Idea.


    Though it does take a while for my firefox and explorer windows to open up initially.

    Either way, I have pasted the logs below as asked.

    Thanks so much for the support!

    Will check back for any other performance improvement suggestions

    WP


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-01 20:13:50
    -----------------------------
    20:13:50.265 OS Version: Windows 5.1.2600 Service Pack 3
    20:13:50.265 Number of processors: 1 586 0x304
    20:13:50.265 ComputerName: TIMUR UserName: Timur
    20:13:58.187 Initialize success
    20:16:00.859 AVAST engine defs: 11110102
    20:16:34.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    20:16:34.703 Disk 0 Vendor: WDC_WD2500AAKS-00WWPA0 01.03B01 Size: 238475MB BusType: 3
    20:16:34.703 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    20:16:34.703 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
    20:16:36.734 Disk 0 MBR read successfully
    20:16:36.734 Disk 0 MBR scan
    20:16:36.765 Disk 0 Windows XP default MBR code
    20:16:36.765 Disk 0 scanning sectors +488376000
    20:16:36.859 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:16:52.937 Service scanning
    20:16:53.718 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    20:16:54.390 Modules scanning
    20:17:07.078 Disk 0 trace - called modules:
    20:17:07.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys sptd.sys hal.dll >>UNKNOWN [0x8a5fd8ac]<<
    20:17:07.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a540ab8]
    20:17:07.437 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a5b9b00]
    20:17:07.875 AVAST engine scan C:\WINDOWS
    20:17:23.953 AVAST engine scan C:\WINDOWS\system32
    20:19:54.437 AVAST engine scan C:\WINDOWS\system32\drivers
    20:20:10.734 AVAST engine scan C:\Documents and Settings\Timur
    20:45:47.640 AVAST engine scan C:\Documents and Settings\All Users
    20:49:22.875 Scan finished successfully
    23:19:06.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Timur\Desktop\MBR.dat"
    23:19:06.109 The log file has been saved successfully to "C:\Documents and Settings\Timur\Desktop\aswMBR.txt"



    ComboFix 11-11-01.04 - Timur 02/11/2011 0:26.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.601 [GMT 0:00]
    Running from: c:\documents and settings\Timur\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Virgin Media Security Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
    FW: Virgin Media Security Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Timur\Application Data\Local
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\(2).ddr
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\.ddr
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\0.ddi
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\1.ddi
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\2.ddi
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\settings.ddi
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
    c:\documents and settings\Timur\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
    c:\documents and settings\Timur\Application Data\PriceGong
    c:\documents and settings\Timur\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\2229.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\2255.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\371.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\7031.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\83.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\946.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Timur\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\Timur\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Timur\Local Settings\Application Data\cscript.exe
    c:\documents and settings\Timur\Local Settings\Application Data\DisableService.reg
    c:\documents and settings\Timur\Local Settings\Application Data\hs_message.vbs
    c:\documents and settings\Timur\Local Settings\Application Data\instsrv.exe
    c:\documents and settings\Timur\Local Settings\Application Data\ospp.vbs
    c:\documents and settings\Timur\Local Settings\Application Data\osppc.dll
    c:\documents and settings\Timur\Local Settings\Application Data\ospprearm.exe
    c:\documents and settings\Timur\Local Settings\Application Data\PortQry.exe
    c:\documents and settings\Timur\Local Settings\Application Data\regall.reg
    c:\documents and settings\Timur\Local Settings\Application Data\service.inf
    c:\documents and settings\Timur\Local Settings\Application Data\slerror.xml
    c:\documents and settings\Timur\Local Settings\Application Data\srvany.exe
    c:\documents and settings\Timur\Local Settings\Application Data\tokensall.dat
    c:\documents and settings\Timur\System
    c:\documents and settings\Timur\System\win_qs8.jqx
    c:\windows\system32\d3d9caps.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-01 12:12 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
    2011-11-01 12:12 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
    2011-11-01 12:12 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
    2011-11-01 12:12 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
    2011-11-01 11:25 . 2011-11-01 11:28 -------- d-----w- c:\documents and settings\Timur\Local Settings\Application Data\Conduit
    2011-10-31 13:58 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-10-31 13:58 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-10-30 18:59 . 2011-10-30 19:00 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-29 14:01 . 2011-10-29 14:08 -------- d-----w- c:\documents and settings\Timur\Local Settings\Application Data\Deployment
    2011-10-28 17:24 . 2011-10-28 17:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2011-10-28 15:03 . 2011-10-28 21:28 -------- d-----w- c:\program files\PC Tools Security
    2011-10-28 15:03 . 2011-10-28 21:28 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-10-28 13:58 . 2011-10-28 13:58 -------- d-----w- c:\documents and settings\Timur\Local Settings\Application Data\Threat Expert
    2011-10-28 12:57 . 2011-10-28 21:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-10-28 12:55 . 2011-10-28 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-10-28 11:04 . 2011-10-28 21:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-28 11:04 . 2011-10-28 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-10-28 09:42 . 2011-10-28 09:42 -------- d-----w- c:\program files\Trend Micro
    2011-10-27 21:10 . 2011-10-27 21:10 -------- d-----w- c:\documents and settings\Timur\Application Data\Malwarebytes
    2011-10-27 21:10 . 2011-10-27 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-10-27 21:10 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-27 21:10 . 2011-10-30 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-27 17:45 . 2011-10-27 17:45 71168 --sha-r- c:\windows\system32\msltus40J.dll
    2011-10-27 14:31 . 2011-10-27 14:31 -------- d-----w- c:\documents and settings\Timur\Application Data\FastStone
    2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\program files\FastStone Photo Resizer
    2011-10-10 11:09 . 2011-10-10 11:09 4550304 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 10:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 10:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-17 21:32 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-08-17 21:32 . 2010-11-05 05:05 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-08-17 21:32 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-17 21:32 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-08-17 12:22 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
    2010-12-27 13:17 . 2010-12-27 13:17 83456 ----a-w- c:\program files\olepro32.dll
    2010-12-27 13:17 . 2010-12-27 13:17 65024 ----a-w- c:\program files\asycfilt.dll
    2010-12-27 13:17 . 2010-12-27 13:17 553472 ----a-w- c:\program files\oleaut32.dll
    2010-12-27 13:17 . 2010-12-27 13:17 3584 ----a-w- c:\program files\comcat.dll
    2010-12-27 13:17 . 2010-12-27 13:17 17920 ----a-w- c:\program files\stdole2.tlb
    2010-12-27 13:17 . 2010-12-27 13:17 1386496 ----a-w- c:\program files\msvbvm60.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-06-28 400760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2005-05-14 187904]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MOTU Pedal Service.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MOTU Pedal Service.lnk
    backup=c:\windows\pss\MOTU Pedal Service.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    2011-06-28 09:03 400760 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
    2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
    2009-12-03 10:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 12:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
    2011-04-26 16:22 593920 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 15:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
    2007-01-25 09:54 154112 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2011-06-15 15:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceManager.exe]
    2011-03-25 12:34 4371768 ----a-w- c:\program files\Virgin Media\Service Manager\ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-10-13 09:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-06-30 13:33 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-12-17 11:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [27/06/2011 21:34 25608]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/02/2011 17:55 685816]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [10/09/2011 09:43 18432]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [31/03/2011 15:08 80896]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [27/06/2011 21:21 689464]
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [02/06/2005 13:54 10496]
    R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [29/06/2011 14:09 167936]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [29/06/2011 14:09 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/10/2011 21:10 22216]
    R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [06/08/2011 14:35 23664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [25/07/2011 12:29 16896]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [14/05/2005 18:41 3328]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/12/2010 11:24 136176]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27/10/2011 21:10 366152]
    S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 11:17 165408]
    S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [29/06/2011 14:09 1759584]
    S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [27/12/2010 20:51 302472]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/12/2010 11:24 136176]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 17:01 21248]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [29/06/2011 14:09 360529]
    S3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [06/08/2011 14:36 26736]
    S3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [06/08/2011 14:37 70256]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]
    S3 motufwa;motufwa;c:\windows\system32\drivers\motufwa.sys [06/08/2011 14:36 478832]
    S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [27/06/2011 21:34 122376]
    S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [27/06/2011 21:34 30216]
    S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [27/06/2011 21:34 25736]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
    S4 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [27/06/2011 21:34 5832712]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 219D77CB
    *NewlyCreated* - 2F7B6D99
    *NewlyCreated* - 309024B1
    *NewlyCreated* - ASWMBR
    *Deregistered* - 219d77cb
    *Deregistered* - 2f7b6d99
    *Deregistered* - 309024b1
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-TIMUR-Timur.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-09 02:44]
    .
    2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-17 11:24]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-17 11:24]
    .
    2011-11-01 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-09-05 16:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    FF - ProfilePath - c:\documents and settings\Timur\Application Data\Mozilla\Firefox\Profiles\yjf07ix3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: YouTube Video Download Wizard: ytvdw@pgport.com - %profile%\extensions\ytvdw@pgport.com
    FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-02 00:34
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\07\04\15\15,\05ƒ"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1868)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-11-02 00:44:18
    ComboFix-quarantined-files.txt 2011-11-02 00:44
    .
    Pre-Run: 52,837,019,648 bytes free
    Post-Run: 53,202,055,168 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 362C2245B93754EFCBA2245933F24892
  8. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Good news :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\msltus40J.dll
    
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.