[SOLVED] unknown virus

[donk]

Ried, Have been running GMER scan for last hour. I work second shift so when the scan complets I will save to desk to using the instructions given name/ark.txt. I have completed the DDS scan and saved it also to desktop. Sorry about this taking so long, but during the last scan, it crashed. Anyway, hope to get this deal fixed and again, thanks for your patients. I will post in the am, thanks again.

[Ried]

Sounds good to me.

[donk]

I am going to send one more file being I limited out.

irst o
DDS (Ver_09-05-14.01) - NTFSx86
Run by MIKE at 9:25:51.17 on Mon 06/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.426 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\MIKE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page = hxxp://www.google.com
mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www1.snapfish.com/SnapfishOutlookImport.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-16 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-16 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-16 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-16 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-17 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-16 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-4-21 70912]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S2 AFinding;AFinding Service; [x]
S2 afisicx;afisicx Manages messages; [x]
S2 mabidwe;mabidwe Service; [x]
S2 macidwe;macidwe Service; [x]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 MyWebSearchService;My Web Search Service; [x]
S2 NOBICYT;NOBICYT Service; [x]
S2 noxtcyr;noxtcyr Corporation inc.; [x]
S2 noytcyr;noytcyr Service; [x]
S2 perfmons;perfmons; [x]
S2 perfs;perfs Service; [x]
S2 Routing;Routing Service; [x]
S2 roxtctm;roxtctm Co. Ltd.; [x]
S2 roytctm;roytctm Service; [x]
S2 sobicyt;sobicyt; [x]
S2 solewxte;solewxte Service; [x]
S2 sopidkc;sopidkc Service; [x]
S2 sotpeca;sotpeca Corporation; [x]
S2 soxpeca;soxpeca Service; [x]
S2 tdctxte;tdctxte Service; [x]
S2 tdxdowkc;tdxdowkc Service; [x]
S2 tdydowkc;tdydowkc Service; [x]
S2 WServing;WServing Service; [x]
S2 wsldoekd;wsldoekd Manages messages; [x]

=============== Created Last 30 ================

2009-06-19 14:20 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-06-19 14:20 <DIR> --d----- c:\program files\Belarc
2009-06-19 13:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-06-19 12:13 42,792 a------- c:\windows\system32\gotomon.dll
2009-06-19 00:01 21,631 a------- c:\windows\system32\t1p0_80608312786.b1k
2009-06-18 12:51 3,252 a------- c:\windows\system32\wbem\Outlook_01c9f04e1d5a5286.mof
2009-06-18 09:34 <DIR> --d----- c:\program files\Citrix
2009-06-17 18:03 <DIR> --d----- c:\docume~1\mike\applic~1\FTWeak
2009-06-17 18:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FTWeak
2009-06-17 18:02 <DIR> --d----- c:\program files\FCleaner
2009-06-17 15:20 <DIR> --d--r-- c:\documents and settings\mike\My Private Folder
2009-06-17 14:49 <DIR> --d----- c:\program files\Microsoft Private Folder 1.0
2009-06-17 12:42 262,144 a------- C:\ntuser.dat
2009-06-17 12:02 <DIR> --d----- c:\program files\XPRepairPro2006
2009-06-17 11:52 <DIR> --d----- c:\windows\pss
2009-06-17 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RFA_Backups
2009-06-17 11:44 <DIR> --d----- c:\program files\RFA
2009-06-17 11:04 3,902,784 a------- c:\documents and settings\mike\gosetup.exe
2009-06-16 13:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-06-16 12:08 <DIR> --d----- c:\program files\iPod
2009-06-16 12:08 <DIR> --d----- c:\program files\iTunes
2009-06-16 11:49 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-16 11:46 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 11:46 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-16 11:46 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-06-16 11:46 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-16 11:46 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-16 08:47 <DIR> --d----- c:\program files\VS Revo Group
2009-06-16 04:22 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-16 04:22 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-16 04:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-16 04:22 <DIR> --d----- c:\program files\Bonjour
2009-06-16 04:18 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-15 09:19 <DIR> --d----- c:\program files\Trend Micro
2009-06-11 13:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-06-11 12:29 115,016 a------- c:\windows\system32\MSINET.OCX
2009-06-11 12:29 54,123,520 a------- c:\windows\avg_iswt_stf_en_8_93a1300.exe
2009-06-11 12:23 <DIR> --d----- c:\docume~1\mike\applic~1\Uniblue
2009-06-10 12:55 <DIR> --dsh--- c:\documents and settings\mike\IECompatCache
2009-06-10 12:09 <DIR> --d----- c:\program files\Yahoo!
2009-06-10 12:08 <DIR> --d----- c:\program files\CCleaner
2009-06-10 11:01 0 a------- c:\windows\system32\w32apiw.dll
2009-06-10 11:01 <DIR> --d----- c:\docume~1\mike\applic~1\nCleaner
2009-06-10 11:01 <DIR> --d----- c:\program files\NKProds
2009-06-09 20:08 17,275 a------- c:\windows\system32\t1p0_876245657505.b1k
2009-06-09 13:57 <DIR> --d----- c:\windows\RegCure
2009-06-09 13:46 <DIR> --dsh--- c:\documents and settings\mike\PrivacIE
2009-06-09 13:34 <DIR> --dsh--- c:\documents and settings\mike\IETldCache
2009-06-09 13:12 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 13:12 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 13:12 <DIR> --d----- c:\windows\ie8updates
2009-06-09 13:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-25 05:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll

==================== Find3M ====================

2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 21:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 21:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-28 21:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 02:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 22:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 22:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-23 20:08 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-01 11:13 87,608 a------- c:\docume~1\mike\applic~1\inst.exe
2009-03-01 11:13 47,360 a------- c:\docume~1\mike\applic~1\pcouffin.sys
2006-12-07 20:18 284 a------- c:\docume~1\mike\applic~1\ViewerApp.dat
2006-01-11 16:31 537 a---h--- c:\docume~1\mike\applic~1\hpothb07.dat
2005-12-21 03:13 251 ac------ c:\program files\wt3d.ini
2008-08-22 13:25 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat

============= FINISH: 9:27:30.65 ===============

[donk]

Good luck, and let me know if you recieved everything you asked for.

[Ried]

Thanks, donk. There are quite a few malware leftovers/orphans in some pretty strange areas. What tools have you used that hacked at these like this?


It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.


Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT- Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on combofix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

**Kindly do not attach it. Please copy/paste the contents directly into the reply box unless otherwise requested. Thanks. :)

[donk]

Thanks Ried, We will get on that in the AM, say about 09:30. 06/24/09

[donk]

Here you go, hope this helps

ComboFix 09-06-23.01 - MIKE 06/24/2009 10:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.480 [GMT -7:00]
Running from: c:\documents and settings\MIKE\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\docume~1\MIKE\APPLIC~1\inst.exe
c:\program files\Internet Explorer\msimg32.dll
c:\windows\Install.txt
c:\windows\kb913800.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\tmp0_105891370785.bk
c:\windows\system32\tmp0_106221600358.bk
c:\windows\system32\tmp0_106381533852.bk
c:\windows\system32\tmp0_10899328560.bk
c:\windows\system32\tmp0_11126180046.bk
c:\windows\system32\tmp0_111400343397.bk
c:\windows\system32\tmp0_112012541127.bk
c:\windows\system32\tmp0_112371561526.bk
c:\windows\system32\tmp0_116006174095.bk
c:\windows\system32\tmp0_11881364489.bk
c:\windows\system32\tmp0_11915589194.bk
c:\windows\system32\tmp0_119811779745.bk
c:\windows\system32\tmp0_120164359508.bk
c:\windows\system32\tmp0_120430838248.bk
c:\windows\system32\tmp0_124233653044.bk
c:\windows\system32\tmp0_125192382486.bk
c:\windows\system32\tmp0_126540816723.bk
c:\windows\system32\tmp0_128301785366.bk
c:\windows\system32\tmp0_133344643505.bk
c:\windows\system32\tmp0_133549137834.bk
c:\windows\system32\tmp0_133712878901.bk
c:\windows\system32\tmp0_134922257260.bk
c:\windows\system32\tmp0_135138128171.bk
c:\windows\system32\tmp0_136369108417.bk
c:\windows\system32\tmp0_138501163489.bk
c:\windows\system32\tmp0_142443206797.bk
c:\windows\system32\tmp0_14373280682.bk
c:\windows\system32\tmp0_14607233474.bk
c:\windows\system32\tmp0_147937208423.bk
c:\windows\system32\tmp0_154478702833.bk
c:\windows\system32\tmp0_156127151034.bk
c:\windows\system32\tmp0_1639755836.bk
c:\windows\system32\tmp0_16775086016.bk
c:\windows\system32\tmp0_170901341256.bk
c:\windows\system32\tmp0_174109313843.bk
c:\windows\system32\tmp0_174630400061.bk
c:\windows\system32\tmp0_177302789179.bk
c:\windows\system32\tmp0_178193531466.bk
c:\windows\system32\tmp0_179846173182.bk
c:\windows\system32\tmp0_18155635038.bk
c:\windows\system32\tmp0_181888317720.bk
c:\windows\system32\tmp0_18225252542.bk
c:\windows\system32\tmp0_18225754060.bk
c:\windows\system32\tmp0_18402828223.bk
c:\windows\system32\tmp0_18944681300.bk
c:\windows\system32\tmp0_193053664533.bk
c:\windows\system32\tmp0_198636558036.bk
c:\windows\system32\tmp0_200250816763.bk
c:\windows\system32\tmp0_202829124829.bk
c:\windows\system32\tmp0_208415338548.bk
c:\windows\system32\tmp0_20915671845.bk
c:\windows\system32\tmp0_210043869501.bk
c:\windows\system32\tmp0_211321306173.bk
c:\windows\system32\tmp0_214263757.bk
c:\windows\system32\tmp0_215069139935.bk
c:\windows\system32\tmp0_219366337913.bk
c:\windows\system32\tmp0_222663681496.bk
c:\windows\system32\tmp0_225057548758.bk
c:\windows\system32\tmp0_228616756090.bk
c:\windows\system32\tmp0_231282609504.bk
c:\windows\system32\tmp0_234892646702.bk
c:\windows\system32\tmp0_234913796717.bk
c:\windows\system32\tmp0_238090647571.bk
c:\windows\system32\tmp0_238257624967.bk
c:\windows\system32\tmp0_242029777978.bk
c:\windows\system32\tmp0_242343374481.bk
c:\windows\system32\tmp0_242710755879.bk
c:\windows\system32\tmp0_244913555233.bk
c:\windows\system32\tmp0_247698164851.bk
c:\windows\system32\tmp0_249340276895.bk
c:\windows\system32\tmp0_249863511590.bk
c:\windows\system32\tmp0_251218353546.bk
c:\windows\system32\tmp0_253353834908.bk
c:\windows\system32\tmp0_25875108097.bk
c:\windows\system32\tmp0_259460427154.bk
c:\windows\system32\tmp0_260170165702.bk
c:\windows\system32\tmp0_260513780820.bk
c:\windows\system32\tmp0_260986527735.bk
c:\windows\system32\tmp0_261606530399.bk
c:\windows\system32\tmp0_264148673358.bk
c:\windows\system32\tmp0_264876879104.bk
c:\windows\system32\tmp0_266085112324.bk
c:\windows\system32\tmp0_27097520734.bk
c:\windows\system32\tmp0_271910195365.bk
c:\windows\system32\tmp0_27247995111.bk
c:\windows\system32\tmp0_272881771810.bk
c:\windows\system32\tmp0_27768677549.bk
c:\windows\system32\tmp0_279327179947.bk
c:\windows\system32\tmp0_280123790340.bk
c:\windows\system32\tmp0_280394477222.bk
c:\windows\system32\tmp0_28647591978.bk
c:\windows\system32\tmp0_288120884950.bk
c:\windows\system32\tmp0_291628253725.bk
c:\windows\system32\tmp0_292092149561.bk
c:\windows\system32\tmp0_293563189634.bk
c:\windows\system32\tmp0_29724179965.bk
c:\windows\system32\tmp0_300041730078.bk
c:\windows\system32\tmp0_300546525631.bk
c:\windows\system32\tmp0_303739580029.bk
c:\windows\system32\tmp0_304951108264.bk
c:\windows\system32\tmp0_306176242652.bk
c:\windows\system32\tmp0_309338832904.bk
c:\windows\system32\tmp0_313769772099.bk
c:\windows\system32\tmp0_323587609962.bk
c:\windows\system32\tmp0_32419363472.bk
c:\windows\system32\tmp0_326100241666.bk
c:\windows\system32\tmp0_327173731942.bk
c:\windows\system32\tmp0_327923181804.bk
c:\windows\system32\tmp0_329957694197.bk
c:\windows\system32\tmp0_332829703325.bk
c:\windows\system32\tmp0_333049167886.bk
c:\windows\system32\tmp0_33489283148.bk
c:\windows\system32\tmp0_337786583832.bk
c:\windows\system32\tmp0_33811139997.bk
c:\windows\system32\tmp0_338743440730.bk
c:\windows\system32\tmp0_343874474270.bk
c:\windows\system32\tmp0_344365830.bk
c:\windows\system32\tmp0_344776206232.bk
c:\windows\system32\tmp0_347673346982.bk
c:\windows\system32\tmp0_349818662354.bk
c:\windows\system32\tmp0_350859681412.bk
c:\windows\system32\tmp0_357363734387.bk
c:\windows\system32\tmp0_357616154862.bk
c:\windows\system32\tmp0_360510559890.bk
c:\windows\system32\tmp0_363404393643.bk
c:\windows\system32\tmp0_368331790648.bk
c:\windows\system32\tmp0_371212881879.bk
c:\windows\system32\tmp0_371853532636.bk
c:\windows\system32\tmp0_372535806526.bk
c:\windows\system32\tmp0_3762994827.bk
c:\windows\system32\tmp0_376578208006.bk
c:\windows\system32\tmp0_378233223598.bk
c:\windows\system32\tmp0_381459111061.bk
c:\windows\system32\tmp0_3819268320.bk
c:\windows\system32\tmp0_38349239414.bk
c:\windows\system32\tmp0_385349150717.bk
c:\windows\system32\tmp0_38752088086.bk
c:\windows\system32\tmp0_388894780242.bk
c:\windows\system32\tmp0_3890862531.bk
c:\windows\system32\tmp0_394737123153.bk
c:\windows\system32\tmp0_395724351683.bk
c:\windows\system32\tmp0_39760999542.bk
c:\windows\system32\tmp0_398475283528.bk
c:\windows\system32\tmp0_399616339025.bk
c:\windows\system32\tmp0_399802135990.bk
c:\windows\system32\tmp0_403977278252.bk
c:\windows\system32\tmp0_40791521510.bk
c:\windows\system32\tmp0_408231553227.bk
c:\windows\system32\tmp0_409740338107.bk
c:\windows\system32\tmp0_41323315697.bk
c:\windows\system32\tmp0_41398458726.bk
c:\windows\system32\tmp0_419223522713.bk
c:\windows\system32\tmp0_420656332022.bk
c:\windows\system32\tmp0_421626557504.bk
c:\windows\system32\tmp0_421999185004.bk
c:\windows\system32\tmp0_423380891956.bk
c:\windows\system32\tmp0_426422201800.bk
c:\windows\system32\tmp0_426457505285.bk
c:\windows\system32\tmp0_43022351381.bk
c:\windows\system32\tmp0_430448404981.bk
c:\windows\system32\tmp0_431239464297.bk
c:\windows\system32\tmp0_43484235712.bk
c:\windows\system32\tmp0_43524633389.bk
c:\windows\system32\tmp0_437068137945.bk
c:\windows\system32\tmp0_437577154501.bk
c:\windows\system32\tmp0_438590419641.bk
c:\windows\system32\tmp0_438978553971.bk
c:\windows\system32\tmp0_444940510281.bk
c:\windows\system32\tmp0_446444282674.bk
c:\windows\system32\tmp0_447061112417.bk
c:\windows\system32\tmp0_45174188614.bk
c:\windows\system32\tmp0_451982688249.bk
c:\windows\system32\tmp0_457897427701.bk
c:\windows\system32\tmp0_460077267949.bk
c:\windows\system32\tmp0_463934383972.bk
c:\windows\system32\tmp0_464774798502.bk
c:\windows\system32\tmp0_466223290885.bk
c:\windows\system32\tmp0_468546213829.bk
c:\windows\system32\tmp0_468822368298.bk
c:\windows\system32\tmp0_474349621235.bk
c:\windows\system32\tmp0_477331674302.bk
c:\windows\system32\tmp0_480378709708.bk
c:\windows\system32\tmp0_483325401459.bk
c:\windows\system32\tmp0_483701898992.bk
c:\windows\system32\tmp0_48413132411.bk
c:\windows\system32\tmp0_48457135534.bk
c:\windows\system32\tmp0_485236597928.bk
c:\windows\system32\tmp0_485840523421.bk
c:\windows\system32\tmp0_485979337757.bk
c:\windows\system32\tmp0_486283472835.bk
c:\windows\system32\tmp0_488752786305.bk
c:\windows\system32\tmp0_491240651541.bk
c:\windows\system32\tmp0_491779472952.bk
c:\windows\system32\tmp0_493421434901.bk
c:\windows\system32\tmp0_49444214723.bk
c:\windows\system32\tmp0_497719463614.bk
c:\windows\system32\tmp0_497998180020.bk
c:\windows\system32\tmp0_505104255065.bk
c:\windows\system32\tmp0_505611786443.bk
c:\windows\system32\tmp0_506047469595.bk
c:\windows\system32\tmp0_50631264295.bk
c:\windows\system32\tmp0_508847133929.bk
c:\windows\system32\tmp0_510373572823.bk
c:\windows\system32\tmp0_511606714578.bk
c:\windows\system32\tmp0_511903646881.bk
c:\windows\system32\tmp0_51435878377.bk
c:\windows\system32\tmp0_518537836143.bk
c:\windows\system32\tmp0_519888757714.bk
c:\windows\system32\tmp0_521716172635.bk
c:\windows\system32\tmp0_5237813562.bk
c:\windows\system32\tmp0_52447225348.bk
c:\windows\system32\tmp0_528969463261.bk
c:\windows\system32\tmp0_529579131099.bk
c:\windows\system32\tmp0_534459352650.bk
c:\windows\system32\tmp0_53535124667.bk
c:\windows\system32\tmp0_53567352875.bk
c:\windows\system32\tmp0_536185764082.bk
c:\windows\system32\tmp0_538198560219.bk
c:\windows\system32\tmp0_538208410598.bk
c:\windows\system32\tmp0_539191209795.bk
c:\windows\system32\tmp0_539663220177.bk
c:\windows\system32\tmp0_54055488268.bk
c:\windows\system32\tmp0_542103767802.bk
c:\windows\system32\tmp0_548411279034.bk
c:\windows\system32\tmp0_55239750934.bk
c:\windows\system32\tmp0_55614783435.bk
c:\windows\system32\tmp0_560966418005.bk
c:\windows\system32\tmp0_56233845553.bk
c:\windows\system32\tmp0_565233149691.bk
c:\windows\system32\tmp0_566242347151.bk
c:\windows\system32\tmp0_566340276575.bk
c:\windows\system32\tmp0_56636520176.bk
c:\windows\system32\tmp0_566834361722.bk
c:\windows\system32\tmp0_566944828995.bk
c:\windows\system32\tmp0_56702314457.bk
c:\windows\system32\tmp0_572593488378.bk
c:\windows\system32\tmp0_574306567598.bk
c:\windows\system32\tmp0_580315318779.bk
c:\windows\system32\tmp0_581182579843.bk
c:\windows\system32\tmp0_581939649378.bk
c:\windows\system32\tmp0_588110620052.bk
c:\windows\system32\tmp0_590481433119.bk
c:\windows\system32\tmp0_59102581140.bk
c:\windows\system32\tmp0_591193182786.bk
c:\windows\system32\tmp0_593569560148.bk
c:\windows\system32\tmp0_597346791256.bk
c:\windows\system32\tmp0_599001388843.bk
c:\windows\system32\tmp0_606506269263.bk
c:\windows\system32\tmp0_619221250568.bk
c:\windows\system32\tmp0_620011118142.bk
c:\windows\system32\tmp0_620195600509.bk
c:\windows\system32\tmp0_620754685361.bk
c:\windows\system32\tmp0_62193166050.bk
c:\windows\system32\tmp0_623624445968.bk
c:\windows\system32\tmp0_624397292024.bk
c:\windows\system32\tmp0_625254477878.bk
c:\windows\system32\tmp0_62748751338.bk
c:\windows\system32\tmp0_629822530789.bk
c:\windows\system32\tmp0_630005683595.bk
c:\windows\system32\tmp0_63855436267.bk
c:\windows\system32\tmp0_640171623395.bk
c:\windows\system32\tmp0_648921823648.bk
c:\windows\system32\tmp0_651535695056.bk
c:\windows\system32\tmp0_653912221416.bk
c:\windows\system32\tmp0_654755725379.bk
c:\windows\system32\tmp0_656157364306.bk
c:\windows\system32\tmp0_656746230805.bk
c:\windows\system32\tmp0_65718655492.bk
c:\windows\system32\tmp0_657622197754.bk
c:\windows\system32\tmp0_657960128069.bk
c:\windows\system32\tmp0_664801449432.bk
c:\windows\system32\tmp0_66482976409.bk
c:\windows\system32\tmp0_666229863245.bk
c:\windows\system32\tmp0_669601458041.bk
c:\windows\system32\tmp0_6725316476.bk
c:\windows\system32\tmp0_674856703663.bk
c:\windows\system32\tmp0_676344441265.bk
c:\windows\system32\tmp0_678142798196.bk
c:\windows\system32\tmp0_686555216672.bk
c:\windows\system32\tmp0_68804752887.bk
c:\windows\system32\tmp0_690658157101.bk
c:\windows\system32\tmp0_697831587607.bk
c:\windows\system32\tmp0_6983020327.bk
c:\windows\system32\tmp0_698915344897.bk
c:\windows\system32\tmp0_698946605257.bk
c:\windows\system32\tmp0_699685136088.bk
c:\windows\system32\tmp0_701880687808.bk
c:\windows\system32\tmp0_703539250096.bk
c:\windows\system32\tmp0_704159515419.bk
c:\windows\system32\tmp0_705448497774.bk
c:\windows\system32\tmp0_706513690779.bk
c:\windows\system32\tmp0_706795342189.bk
c:\windows\system32\tmp0_708044660645.bk
c:\windows\system32\tmp0_708668525110.bk
c:\windows\system32\tmp0_70959712913.bk
c:\windows\system32\tmp0_714798118053.bk
c:\windows\system32\tmp0_71508658587.bk
c:\windows\system32\tmp0_715992597494.bk
c:\windows\system32\tmp0_716539121748.bk
c:\windows\system32\tmp0_718572485851.bk
c:\windows\system32\tmp0_71998809431.bk
c:\windows\system32\tmp0_721935632790.bk
c:\windows\system32\tmp0_72532348127.bk
c:\windows\system32\tmp0_725324494398.bk
c:\windows\system32\tmp0_731953505868.bk
c:\windows\system32\tmp0_734208126793.bk
c:\windows\system32\tmp0_73547355819.bk
c:\windows\system32\tmp0_735696351643.bk
c:\windows\system32\tmp0_736150177708.bk
c:\windows\system32\tmp0_737430848734.bk
c:\windows\system32\tmp0_745623471525.bk
c:\windows\system32\tmp0_746461413589.bk
c:\windows\system32\tmp0_751913827320.bk
c:\windows\system32\tmp0_752436384206.bk
c:\windows\system32\tmp0_756011603230.bk
c:\windows\system32\tmp0_759098159630.bk
c:\windows\system32\tmp0_763229866302.bk
c:\windows\system32\tmp0_763247363040.bk
c:\windows\system32\tmp0_766075107569.bk
c:\windows\system32\tmp0_768025253727.bk
c:\windows\system32\tmp0_77386571587.bk
c:\windows\system32\tmp0_774783627016.bk
c:\windows\system32\tmp0_778880792985.bk
c:\windows\system32\tmp0_779676271301.bk
c:\windows\system32\tmp0_780590453585.bk
c:\windows\system32\tmp0_783284642478.bk
c:\windows\system32\tmp0_783551861897.bk
c:\windows\system32\tmp0_784868225749.bk
c:\windows\system32\tmp0_785629219599.bk
c:\windows\system32\tmp0_793466856037.bk
c:\windows\system32\tmp0_79599446298.bk
c:\windows\system32\tmp0_79642592320.bk
c:\windows\system32\tmp0_800321876842.bk
c:\windows\system32\tmp0_801046337342.bk
c:\windows\system32\tmp0_801290373579.bk
c:\windows\system32\tmp0_804126654698.bk
c:\windows\system32\tmp0_804416134142.bk
c:\windows\system32\tmp0_805170800370.bk
c:\windows\system32\tmp0_805822848871.bk
c:\windows\system32\tmp0_813098314501.bk
c:\windows\system32\tmp0_814050745264.bk
c:\windows\system32\tmp0_814127114611.bk
c:\windows\system32\tmp0_817615737878.bk
c:\windows\system32\tmp0_820280746235.bk
c:\windows\system32\tmp0_821391590318.bk
c:\windows\system32\tmp0_821935884217.bk
c:\windows\system32\tmp0_82207293193.bk
c:\windows\system32\tmp0_82464119868.bk
c:\windows\system32\tmp0_825170822203.bk
c:\windows\system32\tmp0_82664880031.bk
c:\windows\system32\tmp0_826752753077.bk
c:\windows\system32\tmp0_82763714341.bk
c:\windows\system32\tmp0_827953370467.bk
c:\windows\system32\tmp0_828540738110.bk
c:\windows\system32\tmp0_829636287272.bk
c:\windows\system32\tmp0_829678191322.bk
c:\windows\system32\tmp0_830895668364.bk
c:\windows\system32\tmp0_831012555174.bk
c:\windows\system32\tmp0_831141160005.bk
c:\windows\system32\tmp0_83390789678.bk
c:\windows\system32\tmp0_835556113650.bk
c:\windows\system32\tmp0_836757607242.bk
c:\windows\system32\tmp0_837248243668.bk
c:\windows\system32\tmp0_843026427865.bk
c:\windows\system32\tmp0_844636289539.bk
c:\windows\system32\tmp0_845684534175.bk
c:\windows\system32\tmp0_847429206419.bk
c:\windows\system32\tmp0_855531258389.bk
c:\windows\system32\tmp0_855618877238.bk
c:\windows\system32\tmp0_858446111769.bk
c:\windows\system32\tmp0_861859694152.bk
c:\windows\system32\tmp0_864351803250.bk
c:\windows\system32\tmp0_86487677202.bk
c:\windows\system32\tmp0_866012168567.bk
c:\windows\system32\tmp0_867708428756.bk
c:\windows\system32\tmp0_868876723187.bk
c:\windows\system32\tmp0_870100156721.bk
c:\windows\system32\tmp0_873470581280.bk
c:\windows\system32\tmp0_8737433952.bk
c:\windows\system32\tmp0_874075400645.bk
c:\windows\system32\tmp0_874788604767.bk
c:\windows\system32\tmp0_877470883677.bk
c:\windows\system32\tmp0_877923459360.bk
c:\windows\system32\tmp0_88116129351.bk
c:\windows\system32\tmp0_885678122476.bk
c:\windows\system32\tmp0_885896299148.bk
c:\windows\system32\tmp0_886226143105.bk
c:\windows\system32\tmp0_888248368193.bk
c:\windows\system32\tmp0_888960464248.bk
c:\windows\system32\tmp0_889080350676.bk
c:\windows\system32\tmp0_889819823778.bk
c:\windows\system32\tmp0_896188751539.bk
c:\windows\system32\tmp0_896923134165.bk
c:\windows\system32\tmp0_89702664849.bk
c:\windows\system32\tmp0_93971245524.bk
c:\windows\system32\tmp0_95346303268.bk
c:\windows\system32\tmp0_95514811070.bk
c:\windows\system32\tmp1_25728416891.bk
c:\windows\system32\tmp1_378416243860.bk
c:\windows\system32\tmp1_451731294646.bk
c:\windows\system32\tmp1_6507732454.bk
c:\windows\system32\tmp1_739149169394.bk
c:\windows\system32\tmp1_91741847675.bk
c:\windows\system32\tmp2_201216454522.bk
c:\windows\system32\tmp2_301690468719.bk
c:\windows\system32\tmp2_527532535007.bk
c:\windows\system32\tmp2_647288703268.bk
c:\windows\system32\tmp3_3871774520.bk
c:\windows\system32\tmp3_52808410472.bk
c:\windows\system32\tmp3_586029247551.bk
c:\windows\system32\tmp3_733443368923.bk
c:\windows\system32\tmp4_188886457133.bk
c:\windows\system32\tmp4_214206112151.bk
c:\windows\system32\tmp4_692643289617.bk
c:\windows\system32\tmp4_760496169904.bk
c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_MACIDWE
-------\Legacy_MSNCACHE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NOBICYT
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PERFMONS
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SOBICYT
-------\Legacy_SOPIDKC
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDCTXTE
-------\Legacy_TDXDOWKC
-------\Legacy_TDYDOWKC
-------\Legacy_WSERVING
-------\Legacy_WSLDOEKD
-------\Service_AFinding
-------\Service_afisicx
-------\Service_mabidwe
-------\Service_macidwe
-------\Service_msncache
-------\Service_MyWebSearchService
-------\Service_NOBICYT
-------\Service_noxtcyr
-------\Service_noytcyr
-------\Service_perfmons
-------\Service_perfs
-------\Service_Routing
-------\Service_roxtctm
-------\Service_roytctm
-------\Service_sobicyt
-------\Service_sopidkc
-------\Service_sotpeca
-------\Service_soxpeca
-------\Service_tdctxte
-------\Service_tdxdowkc
-------\Service_tdydowkc
-------\Service_WServing
-------\Service_wsldoekd


((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-19 21:20 . 2009-06-19 21:20 -------- d-----w- c:\program files\Belarc
2009-06-19 21:20 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-06-19 20:54 . 2009-06-19 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-19 19:13 . 2008-09-30 23:04 42792 ----a-w- c:\windows\system32\gotomon.dll
2009-06-18 16:34 . 2009-06-18 16:34 -------- d-----w- c:\program files\Citrix
2009-06-18 01:03 . 2009-06-18 01:03 -------- d-----w- c:\docume~1\MIKE\APPLIC~1\FTWeak
2009-06-18 01:02 . 2009-06-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\FTWeak
2009-06-18 01:02 . 2009-06-18 01:02 -------- d-----w- c:\program files\FCleaner
2009-06-17 22:20 . 2009-06-23 17:39 -------- d-----r- c:\documents and settings\MIKE\My Private Folder
2009-06-17 21:49 . 2009-06-17 21:49 -------- d-----w- c:\program files\Microsoft Private Folder 1.0
2009-06-17 20:19 . 2009-06-17 20:19 -------- d-----w- c:\program files\Windows Defender
2009-06-17 19:43 . 2009-06-21 18:31 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-17 19:43 . 2009-06-17 19:43 -------- d-----w- c:\documents and settings\MIKE\Local Settings\Application Data\Yahoo
2009-06-17 19:42 . 2009-06-17 19:42 262144 ----a-w- C:\ntuser.dat
2009-06-17 19:42 . 2009-06-17 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-17 19:02 . 2009-06-17 19:03 -------- d-----w- c:\program files\XPRepairPro2006
2009-06-17 18:44 . 2009-06-17 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups
2009-06-17 18:44 . 2009-06-19 23:50 -------- d-----w- c:\program files\RFA
2009-06-17 18:04 . 2009-06-17 18:04 3902784 ----a-w- c:\documents and settings\MIKE\gosetup.exe
2009-06-16 20:04 . 2009-06-17 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-16 19:08 . 2009-06-16 19:08 -------- d-----w- c:\program files\iPod
2009-06-16 19:08 . 2009-06-16 19:14 -------- d-----w- c:\program files\iTunes
2009-06-16 19:07 . 2009-06-16 19:08 -------- d-----w- c:\program files\QuickTime
2009-06-16 19:07 . 2009-06-16 19:07 -------- d-----w- c:\program files\Apple Software Update
2009-06-16 18:49 . 2009-06-24 17:29 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-16 18:46 . 2009-06-17 16:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-16 18:46 . 2009-06-17 16:22 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-16 18:46 . 2009-06-17 16:22 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-16 18:46 . 2009-06-17 16:22 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-16 18:46 . 2009-06-17 16:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 18:46 . 2009-06-24 17:04 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-16 15:47 . 2009-06-16 15:47 -------- d-----w- c:\program files\VS Revo Group
2009-06-16 11:22 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-16 11:22 . 2009-03-19 23:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-16 11:22 . 2009-06-16 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-16 11:22 . 2009-06-16 11:22 -------- d-----w- c:\program files\Bonjour
2009-06-16 11:18 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-15 16:19 . 2009-06-15 16:19 -------- d-----w- c:\program files\Trend Micro
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-11 19:29 . 2009-06-16 18:43 54123520 ----a-w- c:\windows\avg_iswt_stf_en_8_93a1300.exe
2009-06-11 19:23 . 2009-06-11 19:23 -------- d-----w- c:\docume~1\MIKE\APPLIC~1\Uniblue
2009-06-11 19:23 . 2009-06-11 19:23 -------- d-----w- c:\documents and settings\MIKE\Local Settings\Application Data\WinZip
2009-06-11 19:22 . 2009-06-19 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-10 19:55 . 2009-06-10 19:55 -------- d-sh--w- c:\documents and settings\MIKE\IECompatCache
2009-06-10 19:09 . 2009-06-17 21:05 -------- d-----w- c:\docume~1\MIKE\APPLIC~1\Yahoo!
2009-06-10 19:09 . 2009-06-17 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-10 19:09 . 2009-06-17 21:09 -------- d-----w- c:\program files\Yahoo!
2009-06-10 19:08 . 2009-06-10 19:09 -------- d-----w- c:\program files\CCleaner
2009-06-10 18:01 . 2009-06-10 18:01 -------- d-----w- c:\docume~1\MIKE\APPLIC~1\nCleaner
2009-06-10 18:01 . 2009-06-10 18:01 -------- d-----w- c:\program files\NKProds
2009-06-09 20:57 . 2009-06-17 18:31 -------- d-----w- c:\program files\RegCure
2009-06-09 20:57 . 2009-06-16 20:15 -------- d-----w- c:\windows\RegCure
2009-06-09 20:46 . 2009-06-09 20:46 -------- d-sh--w- c:\documents and settings\MIKE\PrivacIE
2009-06-09 20:35 . 2009-06-09 20:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-09 20:34 . 2009-06-09 20:34 -------- d-sh--w- c:\documents and settings\MIKE\IETldCache
2009-06-09 20:12 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 20:12 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 20:12 . 2009-06-17 19:33 -------- d-----w- c:\windows\ie8updates
2009-06-09 20:12 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-09 18:58 . 2009-06-09 19:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-01 15:58 . 2009-06-01 15:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 02:37 . 2005-12-21 19:53 -------- d-----w- c:\docume~1\MIKE\APPLIC~1\AdobeUM
2009-06-20 17:14 . 2006-09-06 22:53 -------- d-----w- c:\program files\Google
2009-06-19 19:13 . 2005-12-09 03:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 16:42 . 2007-05-04 19:50 -------- d-----w- c:\program files\XoftSpySE
2009-06-17 18:32 . 2007-05-15 16:28 -------- d-----w- c:\docume~1\MIKE\APPLIC~1\OpenOffice.org2
2009-06-17 16:22 . 2008-08-08 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-16 19:08 . 2007-11-20 21:50 -------- d-----w- c:\program files\Common Files\Apple
2009-06-15 16:32 . 2009-03-01 18:13 -------- d-----w- c:\docume~1\MIKE\APPLIC~1\Vso
2009-06-09 20:37 . 2005-12-14 17:35 102080 ----a-w- c:\documents and settings\MIKE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 20:31 . 2009-02-05 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 20:24 . 2009-02-05 17:36 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 07:38 . 2008-07-14 07:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-05 18:42 . 2007-11-20 21:51 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-30 02:43 . 2009-02-17 22:09 -------- d-----w- c:\docume~1\MIKE\APPLIC~1\Move Networks
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-19 01:30 . 2009-05-19 01:30 0 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\hpq442.tmp
2009-05-07 15:32 . 2005-08-16 10:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 19:13 . 2009-03-27 20:26 -------- d-----w- c:\program files\SlySoft
2009-04-24 03:08 . 2005-12-14 19:06 104 --sha-r- c:\windows\system32\586C4B7CDE.sys
2009-04-24 03:08 . 2005-12-14 19:06 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-17 12:26 . 2005-08-16 10:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 10:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-12-21 10:13 . 2005-12-21 10:13 251 -c--a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2008-09-30 258856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2008-09-30 23:04 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-17 16:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Picture Package\Picture Package Menu\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Picture Package\Picture Package VCD Maker\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MIKE^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MIKE^Start Menu^Programs^Startup^Shrink Pic.lnk]
path=c:\documents and settings\MIKE\Start Menu\Programs\Shrink Pic\Shrink Pic.lnk
backup=c:\windows\pss\Shrink Pic.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/16/2009 11:46 AM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/16/2009 11:46 AM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/16/2009 11:46 AM 108552]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [4/21/2006 8:22 AM 70912]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 solewxte;solewxte Service; [x]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/17/2009 9:22 AM 906520]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/16/2009 11:45 AM 298776]
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-06-24 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-10-24 18:59]

2009-06-19 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-10-24 18:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 10:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

- - - - - - - > 'explorer.exe'(3600)
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-06-24 10:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 17:50

Pre-Run: 82,955,440,128 bytes free
Post-Run: 83,450,724,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

723 --- E O F --- 2009-06-22 16:37

[donk]

Was not able to right click AVG and or disable it in services or task manager

[donk]

Actually Ried I was able to disable AVG and stop it threw Services but as soon as I started the scan I got a message saying AVG was found and needed to be shut down. You are not able to right click on the icon and disable it so I hope without having to remove it from the system that you got what you needed in the way of the scan results sent to you. Let me know. Mike will be taking off for the weekend starting tomorrow so I will not be able to work on his computer but non the less please provide me with the info you find, Thanks Again.
Donk

[Ried]

Hello Donk,

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:

Driver::
solewxte

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt


--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior

[donk]

Thanks Ried, I will remove AVG from his computer in order to make sure it is or will not run. I will not be able to work on his computer for a couple of days, how do you want me to notify you when I have completed all this, just reply back to this thread or reopen a new one? Mike has gone camping for the weekend I was using remote assistance and gotomypc in order to help him, so my hands are kinda tied wright now. Will anyway, It will for sure give me time to study over what I have to do. Take care and I will get back with you asap.

[Ried]

Do not begin a new thread or I won't know that you've replied and you'll have me chasing down trying to read and piece together the events of 2 threads. I would not be a happy camper.

I'll remain subscribed to this thread, so please continue here. I'll be notified when you post the logs.

[donk]

Ried,
I had sent everything up to you, where is it? I had closed out the other thread as to not mix the two. I had also made sure that the files had made it to the post, but as I am looking at this thread now and I don't see any of my attached files or for that matter my responds explaining to you that Mike will not be able to let me acess his computer until Mon. next. Whasup my friend

[Ried]

This thread is 2 pages. I see all the info, are you looking at both pages?

[donk]

No! I had not realized I stacked up two pages already, I guess that just might do it. Anyway,I'll be getting back with you soon, or as soon as Mike gets back.
Donk

[donk]

Ried,
I hope you are still checking this site otherwise let me know weather I should post another thread when Mike gets back. Talking at you soon.
Donk

[Ried]

No worries, donk. As I mentioned - I am subscribed to this thread so everytime you make a post in this thread, I get an email notification.