Inactive [A] AVG reporting Generic14.BZSZ and Crypt.AQLW on XP SP3

[Daeliph]

Greetings folks, I'm working on a friend's computer trying to remove what I've been able to deduce are two main viruses/trojans and some supplementary minor malware entries as a result of the backdoor trojans and the consequent redirection to malicious websites and browser hijacks.
They are running XP Service pack 3 on a P4 3.0ghz (it's a dinosaur, I know) and I have run the AVG scanner in attempts to remove all traces but as soon as they were re-created after reboot I knew I had a rootkit --or something equally nasty--. I am in the process of running the MBAM/GMER/DDS tools to post the logfiles.

One thing that really confused me was that in the virus faq it says to allow mbam to restart the system if it asks to. Usually with AdAware or Spybot, when it reboots the system the scanner will run first and launch its own app. MBAM didn't do this, I clicked yes to restart the computer and it loaded the desktop with MBAM open but on the default page and it gave me no further instructions, so I performed a quick scan to post the appropriate logfile (I originally ran as Full Scan, but saw the faq file)

I will promptly post the logfiles as soon as the system is finished running diagnostics. I hope the people here can help me eradicate this quickly.

Regards,
-Zane

 

[Daeliph]

mbam and gmer logfile

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.23.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gary :: GARYPC [administrator]

Protection: Enabled

2/23/2012 12:19:07 PM
mbam-log-2012-02-23 (12-19-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 309339
Time elapsed: 1 hour(s), 7 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SYSTEM\CurrentControlSet\Services\AFD (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:50370 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\AV7.0 (Rogue.Antivirus7) -> Quarantined and deleted successfully.

Files Detected: 58
C:\WINDOWS\system32\drivers\afd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\slp7296148907120939539.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\thpm4762958484701727967.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Travis\Local Settings\Temp\jar_cache5033329252468895518.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Travis\Local Settings\Temp\jar_cache6617253457894173280.tmp (Malware.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{378C9204-298C-4CE3-BCA1-7BD8A5C411DF}\RP882\A0097602.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.3042218115277152.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl2467868539131190826.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl2717520874915847892.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl2776869903376571398.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl3053999797587620231.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl3230103982565020251.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl3473244328357027276.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl367894935707309357.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl4572160869246922028.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.07411137565549719.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.38644272094953624.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.4546612960562175.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.46290346457207376.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.6410875452629101.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.9319433103885935.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.12694391077751355.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.19334186240524542.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slp2484014457677465145.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slp2790375947025074691.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slp3787718538485147933.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slp3904185661554483072.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slp537113348159386514.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slp5599679171835253076.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slp8756694722552590810.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opre0.7205130102911526.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\f831341233221589042791323.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\slp1856006245784223360.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.5773920660198472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8221749381761514.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kolf0.32404864395097666.exe (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kolf0.9185119622408099.exe (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opre0.19865355517778638.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opre0.37781660428866637.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.8704866269099972.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opre0.40660108107763393.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opre0.8918786564595184.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl4636168638231913055.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl8954716933852909430.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl4760195616262907676.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl5320533713490413364.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl5471581380339904046.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl5886707554905581717.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl6036382084791057691.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl6342575373302573490.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl7237688619026230214.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3d9a1171353233241165418.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3d9a4069496212445125697.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3d9a4837145715438167896.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3d9a5966175007668825157.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3d9a8557647670497132718.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gary\Application Data\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gary\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

(end)

=====================BEGIN GMER LOGFILE====================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-23 16:35:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Maxtor_7 rev.YAR5
Running: gmer.exe; Driver: C:\DOCUME~1\Gary\LOCALS~1\Temp\uwtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF765787E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAD241738]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7657BFE]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAD2417DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAD241878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAD241914]

---- Kernel code sections - GMER 1.0.15 ----

? wvrsjbyp.sys The system cannot find the file specified. !
.text iaStor.sys F7438316 1 Byte [CC] {INT 3 }
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8927000, 0x1C5D38, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77E2720]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:148] 8A19F16D
Thread System [4:440] 8A11BB90

---- Files - GMER 1.0.15 ----


File C:\WINDOWS\$NtUninstallKB49151$\3556757891 0 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294 0 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\bckfg.tmp 854 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\cfg.ini 375 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\keywords 117 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\L 0 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\L\cinuwnha 138496 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\oemid 115 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U 0 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB49151$\4222174294\version 847 bytes

---- EOF - GMER 1.0.15 ----
(((((there were multiple thousands of cookie entries, since I never had trouble removing them I figured I'd spare us all the spam. Please let me know if I need to include the cookie log cuz it turns a 2 page document into 50pages.. I guess they hadn't cleaned their net history/cookies recently)))))

 

[Daeliph]

DSS log and Attach.txt

=======BEGIN DDS LOGFILE=======
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by Gary at 16:32:42 on 2012-02-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.896 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\{F7A5004A-FB98-4012-82A2-EB5C32EC6369}\Server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
H:\VIRUS-TOOLS\gmer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3B0F3A75-0DAA-4C7C-8D09-B584983B3399} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [UIUCU] c:\docume~1\gary\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\docume~1\gary\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5110E4D7-75EB-4D0C-9692-E9D532B0ABF2} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gary\application data\mozilla\firefox\profiles\4jixlct8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&apn_uid=D7101DE7-3B5D-4F88-A04D-BDD9BD08907F&apn_ptnrs=OE&apn_sauid=C1529814-C4AA-4B39-B0B3-193C35FCF87D&apn_dtid=VIN005YYUS&&q=
FF - component: c:\documents and settings\gary\application data\mozilla\firefox\profiles\4jixlct8.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-9 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 GJService;Game Jackal Server;c:\documents and settings\all users\application data\{f7a5004a-fb98-4012-82a2-eb5c32ec6369}\Server.exe [2010-5-12 2040768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-23 652360]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-23 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-23 40776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
S2 mcafeeframework;Ktp;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 MaplomL;MaplomL; [x]
.
=============== Created Last 30 ================
.
2012-02-23 22:08:19 54016 ----a-w- c:\windows\system32\drivers\fgbaebuv.sys
2012-02-23 21:47:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-23 20:16:59 -------- d-----w- c:\documents and settings\gary\application data\Malwarebytes
2012-02-23 20:16:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-23 20:16:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 20:16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-16 04:08:25 -------- d-----w- c:\program files\uTorrent
2012-02-16 04:07:25 -------- d-----w- c:\documents and settings\gary\application data\uTorrent
2012-02-16 02:06:29 -------- d-----w- C:\Logs
2012-02-15 03:30:26 -------- d-----w- c:\documents and settings\gary\local settings\application data\adaware
2012-02-15 03:30:22 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-02-15 03:30:15 -------- d-----w- c:\program files\Toolbar Cleaner
2012-02-15 03:29:56 -------- d-----w- c:\documents and settings\gary\application data\adawaretb
2012-02-15 03:29:55 -------- d-----w- c:\program files\adawaretb
2012-02-15 03:29:38 -------- d-----w- c:\program files\Lavasoft
2012-02-05 14:20:55 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-02-16 02:59:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 15:12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
.
============= FINISH: 16:33:30.23 ===============

======BEGIN Attach.txt LOGFILE=========
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/9/2009 4:36:24 PM
System Uptime: 2/23/2012 1:41:18 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 228 GiB total, 164.111 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM (CDFS)
H: is FIXED (NTFS) - 466 GiB total, 5.533 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
Service: b57w2k
.
Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Service:
.
==== System Restore Points ===================
.
RP818: 11/25/2011 10:46:23 PM - System Checkpoint
RP819: 11/26/2011 11:58:22 PM - System Checkpoint
RP820: 11/28/2011 12:46:21 AM - System Checkpoint
RP821: 11/29/2011 12:58:21 AM - System Checkpoint
RP822: 11/30/2011 2:01:13 AM - System Checkpoint
RP823: 12/1/2011 2:06:25 AM - System Checkpoint
RP824: 12/2/2011 2:18:27 AM - System Checkpoint
RP825: 12/3/2011 3:06:22 AM - System Checkpoint
RP826: 12/4/2011 3:30:21 AM - System Checkpoint
RP827: 12/5/2011 12:36:03 PM - System Checkpoint
RP828: 12/6/2011 1:08:59 PM - System Checkpoint
RP829: 12/8/2011 9:23:12 AM - System Checkpoint
RP830: 12/8/2011 5:53:08 PM - Removed SLOW-PCfighter.
RP831: 12/8/2011 5:54:36 PM - Removed Playalot Games
RP832: 12/9/2011 6:06:08 PM - System Checkpoint
RP833: 12/10/2011 6:55:12 PM - System Checkpoint
RP834: 12/12/2011 12:35:55 AM - System Checkpoint
RP835: 12/13/2011 8:03:47 AM - System Checkpoint
RP836: 12/14/2011 9:08:21 AM - System Checkpoint
RP837: 12/15/2011 9:57:30 AM - System Checkpoint
RP838: 12/16/2011 5:14:54 PM - System Checkpoint
RP839: 12/17/2011 5:36:15 PM - System Checkpoint
RP840: 12/18/2011 5:52:23 PM - System Checkpoint
RP841: 12/19/2011 6:38:30 PM - System Checkpoint
RP842: 12/20/2011 7:03:54 PM - System Checkpoint
RP843: 12/21/2011 9:27:54 PM - System Checkpoint
RP844: 12/23/2011 1:40:38 AM - System Checkpoint
RP845: 12/26/2011 9:00:52 AM - System Checkpoint
RP846: 12/28/2011 5:04:57 PM - System Checkpoint
RP847: 1/5/2012 4:55:46 PM - System Checkpoint
RP848: 1/6/2012 5:49:18 PM - System Checkpoint
RP849: 1/8/2012 8:00:54 PM - System Checkpoint
RP850: 1/9/2012 8:34:57 PM - System Checkpoint
RP851: 1/10/2012 9:31:42 PM - System Checkpoint
RP852: 1/11/2012 10:30:00 PM - System Checkpoint
RP853: 1/12/2012 10:31:03 PM - System Checkpoint
RP854: 1/13/2012 11:29:56 PM - System Checkpoint
RP855: 1/15/2012 2:15:33 PM - System Checkpoint
RP856: 1/16/2012 3:11:56 PM - System Checkpoint
RP857: 1/17/2012 3:31:43 PM - System Checkpoint
RP858: 1/19/2012 11:46:54 PM - System Checkpoint
RP859: 1/21/2012 1:01:33 AM - System Checkpoint
RP860: 1/29/2012 11:48:54 AM - System Checkpoint
RP861: 2/2/2012 1:02:39 PM - System Checkpoint
RP862: 2/3/2012 1:25:03 PM - System Checkpoint
RP863: 2/4/2012 6:00:20 PM - System Checkpoint
RP864: 2/5/2012 6:20:57 PM - System Checkpoint
RP865: 2/6/2012 7:34:19 PM - System Checkpoint
RP866: 2/8/2012 12:11:48 PM - System Checkpoint
RP867: 2/9/2012 1:05:37 PM - System Checkpoint
RP868: 2/10/2012 1:18:34 PM - System Checkpoint
RP869: 2/11/2012 2:18:31 PM - System Checkpoint
RP870: 2/12/2012 3:16:48 PM - System Checkpoint
RP871: 2/13/2012 3:20:51 PM - System Checkpoint
RP872: 2/14/2012 3:36:39 PM - System Checkpoint
RP873: 2/14/2012 7:27:38 PM - Installed Ad-Aware
RP874: 2/14/2012 7:29:37 PM - Installed Ad-Aware
RP875: 2/14/2012 7:44:10 PM - Removed NetAssistant
RP876: 2/14/2012 7:45:10 PM - Removed Safari
RP877: 2/17/2012 12:15:36 PM - System Checkpoint
RP878: 2/18/2012 12:30:12 PM - System Checkpoint
RP879: 2/19/2012 12:48:02 PM - System Checkpoint
RP880: 2/20/2012 1:48:01 PM - System Checkpoint
RP881: 2/21/2012 2:47:59 PM - System Checkpoint
RP882: 2/22/2012 2:54:54 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Advertising Center
AiO_Scan
AiOSoftware
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 2011
Bonjour
Broadcom Gigabit Integrated Controller
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
CloneDVD2
CloneDVDmobile
Content Transfer
Coupon Printer for Windows
ESPNMotion
Fax
File Type Assistant
FoxTab Music Converter
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 2.01
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
ImagXpress
Intel(R) 537EP V9x DF PCI Modem
Itibiti RTC
iTunes
Java(TM) 6 Update 18
LimeWire Toolbar Updater
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicnotes Software Suite 1.5.3
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NWZ-E350 WALKMAN Guide
PowerArchiver 2010
QFolder
QuickTime
Readme
RegCure
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sibelius Scorch (ActiveX Only)
Skins
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/19/2012 8:07:17 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
2/19/2012 11:00:27 AM, error: System Error [1003] - Error code 000000d0, parameter1 736bf9f3, parameter2 00000002, parameter3 00000001, parameter4 8054e579.
.
==== End Of File ===========================

 

[Daeliph]

as far as the computers status. after running mbam the network driver would no longer resolve an ip (set up to DHCP-assigned on the family LAN)

I suppose this isn't entirely detrimental since disabling the driver I know it wont be making successful communication attempts with any malicious sites/servers/files via internet.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

Are you saying that you don't have internet connection as of now?

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.