My Anti Spyware

jibber · Joined: 09 Nov 2008 Posts: 14

Hi All,

I am Very new to this site, and really need some help to try and remove CID popups.
I have had them on my computer for a long time now, and have tried everything to get rid of them, without success!! They are very well hidden.

I have been on many sites and read alot about it and how to get rid, however this will be the first time that i have created a log.
I have run NoAdware, Spyhunter, CCleaner, NoLop in both safe and normal modes, tried removing Messenger plus in add or remove programs, looking in C drive application data, but still they keep appearing.

Can someone please help me!!!!!!!!!

I am getting to the point now where i am willing to completely delete my Hard drive an re install everything.

Any help on this woulg be most appreciated.

Please find a copy of my log.

Many thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:01, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\setup bin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Documents and Settings\jason\Application Data\Adobe\Player.exe
O4 - HKCU\..\Run: [Fix-It Utilities Express OLR] C:\PROGRA~1\BVRPSO~1\FIX-IT~1\BVRPOlr.exe /Fix-It Utilities Express
O4 - HKCU\..\Run: [CityProc] C:\DOCUME~1\jason\APPLIC~1\TYPE2M~1\ERRORCOALSETUP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209118859495
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209121744875
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.google.co.uk/intl/en_uk/images/logo.gif

--
End of file - 6652 bytes

patrik · Site Admin Joined: 08 Jan 2006 Posts: 1865

Hello jibber, welcome to the Myantispyware forum!

Download Deljob.exe from here and save it on your desktop.
Doubleclick Deljob.exe. When the tool is finished, it will produce a report for you. The log saved to c:\logit.txt

Now download Combofix by sUBs and save to your desktop.
Close any open browsers. Double click on combofix.exe and follow the prompts.

Post back with following:
- deljob log
- combofix log

jibber · Joined: 09 Nov 2008 Posts: 14

Hi Patrik,

Thank you for your quick response. I have done as you asked, well i think i have anyway!!

Please find attched a copy of the logs from Delijob and combofix.
I hope it is ok and let me know what i need to do next.

Many Thanks

Jibber

Backups created in C:\deljob

B00D3D9B93A6ADDB.job
--------------------------------------------------------
Files in Windows Tasks folder

AppleSoftwareUpdate.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is 2859-8198

Directory of C:\Documents and Settings\jason\Application Data

10/11/2008 16:32 <DIR> .
10/11/2008 16:32 <DIR> ..
10/11/2008 16:32 <DIR> Adobe
26/04/2008 17:24 <DIR> ADWARE~1 AdwareAlert
17/05/2008 18:13 <DIR> APPLEC~1 Apple Computer
03/10/2008 18:11 <DIR> AVANQU~1 Avanquest
02/11/2008 17:48 <DIR> AVGTOO~1 AVGTOOLBAR
25/04/2008 10:29 <DIR> Google
25/04/2008 10:12 <DIR> Help
23/04/2008 21:12 <DIR> IDENTI~1 Identities
02/11/2008 13:00 <DIR> INSTAL~1 InstallShield
04/05/2008 18:00 <DIR> Lavasoft
18/10/2008 09:42 <DIR> LEXMAR~1 Lexmark Productivity Studio
09/10/2008 16:34 <DIR> LimeWire
25/04/2008 11:33 <DIR> MACROM~1 Macromedia
05/11/2008 16:09 <DIR> MICROS~1 Microsoft
01/10/2008 14:11 <DIR> PCTOOL~1 PC Tools
02/05/2008 16:08 <DIR> Sony
28/04/2008 17:20 <DIR> Sun
31/10/2008 18:57 <DIR> TYPE2M~1 Type2Memo
10/11/2008 11:34 <DIR> uTorrent
01/10/2008 14:52 <DIR> VCOM
05/11/2008 16:09 <DIR> Vso
0 File(s) 0 bytes
23 Dir(s) 150,437,306,368 bytes free
Volume in drive C has no label.
Volume Serial Number is 2859-8198

Directory of C:\Documents and Settings\All Users\Application Data

08/10/2008 18:55 <DIR> .
08/10/2008 18:55 <DIR> ..
02/05/2008 14:27 <DIR> Adobe
25/04/2008 11:24 <DIR> Ahead
04/05/2008 16:17 <DIR> Apple
04/05/2008 16:21 <DIR> APPLEC~1 Apple Computer
03/10/2008 18:11 <DIR> AVANQU~1 Avanquest
06/10/2008 18:13 <DIR> avg8
02/11/2008 13:06 <DIR> BVRPSO~1 BVRP Software
25/04/2008 10:20 <DIR> Google
04/05/2008 17:49 <DIR> Lavasoft
23/08/2008 18:08 <DIR> MESSEN~1 Messenger Plus!
06/10/2008 21:15 <DIR> MICROS~1 Microsoft
31/10/2008 18:55 <DIR> PARTDE~1 part dead amok eggs
08/10/2008 18:55 <DIR> PCTOOL~1 PC Tools
08/10/2008 18:48 <DIR> PrevxCSI
02/05/2008 16:08 <DIR> Sony
03/05/2008 11:08 <DIR> SONYER~1 Sony Ericsson
08/10/2008 19:49 <DIR> TEMP
25/04/2008 11:12 <DIR> WINDOW~1 Windows Genuine Advantage
25/04/2008 20:11 <DIR> WINDOW~2 Windows Live Toolbar
23/09/2008 17:43 <DIR> WLINST~1 WLInstaller
0 File(s) 0 bytes
22 Dir(s) 150,437,306,368 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
alex

ComboFix 08-11-09.04 - jason 2008-11-10 16:32:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.203 [GMT 0:00]
Running from: c:\documents and settings\jason\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jason\Application Data\Adobe\Player.exe.bak
c:\documents and settings\jason\Application Data\inst.exe
c:\windows\k.txt
c:\windows\system32\EV02
c:\windows\system32\MSINET.oca
c:\windows\system32\pac.txt
c:\windows\system32\TDSSinit.dll
c:\windows\system32\tdssservers.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 16:21 . 2008-11-10 16:21 <DIR> d-------- C:\deljob
2008-11-09 14:42 . 2008-11-09 14:42 <DIR> d-------- c:\program files\Trend Micro
2008-11-03 17:11 . 2008-11-10 14:34 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-03 17:11 . 2008-11-03 17:11 1,409 --a------ c:\windows\QTFont.for
2008-11-02 13:01 . 2008-11-02 13:01 <DIR> d-------- c:\program files\Avanquest update
2008-11-02 13:00 . 2008-11-02 13:00 <DIR> d-------- c:\documents and settings\jason\Application Data\InstallShield
2008-10-31 18:54 . 2008-10-31 18:54 <DIR> d-------- c:\program files\Type2Memo
2008-10-24 14:56 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 09:42 . 2008-10-18 09:42 <DIR> d-------- c:\documents and settings\jason\Application Data\Lexmark Productivity Studio
2008-10-18 09:30 . 2008-10-18 09:30 <DIR> d-------- C:\logs
2008-10-17 07:46 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-17 07:44 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-17 07:42 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 07:42 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 07:41 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 07:41 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-11 15:39 . 2008-11-09 13:51 <DIR> d-------- C:\Temp
2008-10-11 14:42 . 2008-10-11 14:42 <DIR> d-------- c:\program files\LimeWire
2008-10-11 14:40 . 2001-08-17 21:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-10-11 14:40 . 2001-08-17 21:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-10-11 14:40 . 2001-08-17 21:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-10-11 14:40 . 2001-08-17 21:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-10-11 14:40 . 2008-04-14 00:09 6,144 --a------ c:\windows\system32\kbd106.dll
2008-10-11 14:40 . 2001-08-17 13:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-10-11 14:40 . 2001-08-17 13:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-10-11 14:40 . 2008-04-14 00:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2008-10-11 14:40 . 2001-08-17 13:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-10-11 14:40 . 2001-08-17 13:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-10-11 14:40 . 2001-08-17 13:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-10-11 14:40 . 2001-08-17 13:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 11:34 --------- d-----w c:\documents and settings\jason\Application Data\uTorrent
2008-11-05 16:09 --------- d-----w c:\documents and settings\jason\Application Data\Vso
2008-11-05 14:04 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-05 14:04 50,968 ----a-w c:\windows\system32\avgfwdx.dll
2008-11-05 14:04 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2008-11-02 17:48 --------- d-----w c:\documents and settings\jason\Application Data\AVGTOOLBAR
2008-11-02 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-11-02 13:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-02 13:00 --------- d-----w c:\program files\Sony Ericsson
2008-11-01 20:06 --------- d-----w c:\program files\NoAdware5.0
2008-10-31 18:57 --------- d-----w c:\documents and settings\jason\Application Data\Type2Memo
2008-10-31 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\part dead amok eggs
2008-10-30 09:00 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-19 14:00 --------- d-----w c:\program files\Common Files\EPSON
2008-10-09 16:34 --------- d-----w c:\documents and settings\jason\Application Data\LimeWire
2008-10-08 19:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-08 19:04 --------- d-----w c:\program files\PC Tools Firewall Plus
2008-10-08 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-10-08 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2008-10-06 21:35 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2008-10-06 21:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-06 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-03 18:11 --------- d-----w c:\documents and settings\jason\Application Data\Avanquest
2008-10-03 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Avanquest
2008-10-02 12:31 --------- d-----w c:\program files\Enigma Software Group
2008-10-01 14:52 --------- d-----w c:\documents and settings\jason\Application Data\VCOM
2008-10-01 14:51 --------- d-----w c:\program files\VCOM
2008-10-01 14:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-01 14:49 --------- d-----w c:\program files\BVRP Software
2008-10-01 14:11 --------- d-----w c:\documents and settings\jason\Application Data\PC Tools
2008-10-01 13:19 --------- d-----w c:\program files\Spyware Doctor
2008-09-26 06:14 95,384 ----a-w c:\windows\system32\drivers\pctplfw.sys
2008-09-26 06:14 58,136 ----a-w c:\windows\system32\drivers\FWAuthdriver.sys
2008-09-23 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-22 15:20 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-05-02 21:42 47,360 ----a-w c:\documents and settings\jason\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Fix-It Utilities Express OLR"="c:\progra~1\BVRPSO~1\FIX-IT~1\BVRPOlr.exe" [2006-12-08 53248]
"CityProc"="c:\docume~1\jason\APPLIC~1\TYPE2M~1\ERRORCOALSETUP.exe" [2008-10-31 487424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-24 1235736]
"Amok Eggs Four Web"="c:\documents and settings\All Users\Application Data\part dead amok eggs\setup bin.exe" [2008-11-10 9355264]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-06 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-05 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-06 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-05-03 13352]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Local Page = \blank.htm
R0 -: HKCU-Main,Start Page = hxxp://0891/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 16:34:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-10 16:36:06
ComboFix-quarantined-files.txt 2008-11-10 16:35:56

Pre-Run: 150,255,382,528 bytes free
Post-Run: 150,416,044,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

176 --- E O F --- 2008-10-24 17:41:57

patrik · Site Admin Joined: 08 Jan 2006 Posts: 1865

Open notepad, copy/paste the text in the code box below into notepad:

jibber · Joined: 09 Nov 2008 Posts: 14

Hi Patrik,

Again have completed as per your last instructions, and please find the ComboFix log after i finished it.
A couple of things i need to let you know. firstly when i ran CombFix it started up and then came up with "A new version is available do you want to update" I clicked on No. Hope that was ok. Also after i had completed the scan with ComboFix it then added a second internet explorer icon on my desktop. I used this one to open internet explorer instead of the normal one i use.
I haven't done anything with it yet.

The last log as follows

Many Thanks

ComboFix 08-11-09.04 - jason 2008-11-11 18:08:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.138 [GMT 0:00]
Running from: c:\documents and settings\jason\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jason\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\jason\APPLIC~1\TYPE2M~1
c:\docume~1\jason\APPLIC~1\TYPE2M~1\0
c:\docume~1\jason\APPLIC~1\TYPE2M~1\bsrkvrjj.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\elsplwlp.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\ERRORCOALSETUP.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\gcopzovx.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\ihujrrms.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\jebbplbu.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\pure lies dead.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\rivzcewv.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\surfnamemoverule.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\vciwqnvg.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\wgkmbvkl.exe
c:\docume~1\jason\APPLIC~1\TYPE2M~1\wtkrnblc.exe
c:\documents and settings\All Users\Application Data\part dead amok eggs
c:\documents and settings\All Users\Application Data\part dead amok eggs\data math.exe
c:\documents and settings\All Users\Application Data\part dead amok eggs\Kind Ante.exe
c:\documents and settings\All Users\Application Data\part dead amok eggs\setup bin.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-11 16:42 . 2008-11-11 16:42 419 --a------ c:\windows\BRWMARK.INI
2008-11-11 16:42 . 2008-11-11 16:42 27 --a------ c:\windows\BRPP2KA.INI
2008-11-11 16:40 . 2008-11-11 16:40 50 --a------ c:\windows\system32\bridf07a.dat
2008-11-11 16:39 . 2007-02-01 13:19 1,520,640 --a------ c:\windows\system32\BrWia07a.dll
2008-11-11 16:39 . 2006-12-28 13:39 176,128 --------- c:\windows\system32\BroSNMP.dll
2008-11-11 16:39 . 2007-01-25 17:16 94,208 -r------- c:\windows\system32\BrDctF2.dll
2008-11-11 16:39 . 2007-01-26 16:13 54,784 --a------ c:\windows\system32\brinsstr.dll
2008-11-11 16:39 . 2007-01-26 14:06 45,568 --a------ c:\windows\system32\BrUsi07a.dll
2008-11-11 16:39 . 2004-10-15 12:50 15,295 --a------ c:\windows\system32\drivers\BrScnUsb.sys
2008-11-11 16:39 . 2007-01-15 21:54 12,288 -r------- c:\windows\system32\BrDctF2S.dll
2008-11-11 16:39 . 2007-01-15 16:09 12,288 -r------- c:\windows\system32\BrDctF2L.dll
2008-11-11 16:38 . 2008-11-11 16:39 <DIR> d-------- c:\program files\Brother
2008-11-11 16:38 . 2007-01-18 13:51 163,840 --------- c:\windows\system32\NSSearch.dll
2008-11-11 16:38 . 2007-02-15 13:54 131,072 --------- c:\windows\brunin03.dll
2008-11-11 16:38 . 2001-11-15 01:00 6,224 --------- c:\windows\CVRPAGE.BMP
2008-11-11 16:37 . 2008-11-11 16:37 <DIR> d-------- c:\program files\Nuance
2008-11-11 16:37 . 2006-10-24 15:34 31,567 --a------ c:\windows\maxlink.ini
2008-11-11 16:36 . 2008-11-11 16:36 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2008-11-11 16:36 . 2008-11-11 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-11-11 16:35 . 2008-11-11 16:35 <DIR> d-------- c:\program files\ScanSoft
2008-11-11 16:35 . 2008-11-11 17:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2008-11-11 16:35 . 2008-11-11 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Brother
2008-11-10 16:21 . 2008-11-10 16:21 <DIR> d-------- C:\deljob
2008-11-09 14:42 . 2008-11-09 14:42 <DIR> d-------- c:\program files\Trend Micro
2008-11-03 17:11 . 2008-11-11 16:56 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-03 17:11 . 2008-11-03 17:11 1,409 --a------ c:\windows\QTFont.for
2008-11-02 13:01 . 2008-11-02 13:01 <DIR> d-------- c:\program files\Avanquest update
2008-11-02 13:00 . 2008-11-02 13:00 <DIR> d-------- c:\documents and settings\jason\Application Data\InstallShield
2008-10-31 18:54 . 2008-10-31 18:54 <DIR> d-------- c:\program files\Type2Memo
2008-10-24 14:56 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 09:42 . 2008-10-18 09:42 <DIR> d-------- c:\documents and settings\jason\Application Data\Lexmark Productivity Studio
2008-10-18 09:30 . 2008-10-18 09:30 <DIR> d-------- C:\logs
2008-10-17 07:46 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-17 07:44 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-17 07:42 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 07:42 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 07:41 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 07:41 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-11 15:39 . 2008-11-09 13:51 <DIR> d-------- C:\Temp
2008-10-11 14:42 . 2008-10-11 14:42 <DIR> d-------- c:\program files\LimeWire
2008-10-11 14:40 . 2001-08-17 21:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-10-11 14:40 . 2001-08-17 21:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-10-11 14:40 . 2001-08-17 21:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-10-11 14:40 . 2001-08-17 21:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-10-11 14:40 . 2008-04-14 00:09 6,144 --a------ c:\windows\system32\kbd106.dll
2008-10-11 14:40 . 2001-08-17 13:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-10-11 14:40 . 2001-08-17 13:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-10-11 14:40 . 2008-04-14 00:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2008-10-11 14:40 . 2001-08-17 13:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-10-11 14:40 . 2001-08-17 13:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-10-11 14:40 . 2001-08-17 13:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-10-11 14:40 . 2001-08-17 13:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:09 --------- d-----w c:\documents and settings\jason\Application Data\uTorrent
2008-11-11 16:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 16:36 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-05 16:09 --------- d-----w c:\documents and settings\jason\Application Data\Vso
2008-11-05 14:04 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-05 14:04 50,968 ----a-w c:\windows\system32\avgfwdx.dll
2008-11-05 14:04 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2008-11-02 17:48 --------- d-----w c:\documents and settings\jason\Application Data\AVGTOOLBAR
2008-11-02 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-11-02 13:00 --------- d-----w c:\program files\Sony Ericsson
2008-11-01 20:06 --------- d-----w c:\program files\NoAdware5.0
2008-10-30 09:00 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-19 14:00 --------- d-----w c:\program files\Common Files\EPSON
2008-10-09 16:34 --------- d-----w c:\documents and settings\jason\Application Data\LimeWire
2008-10-08 19:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-08 19:04 --------- d-----w c:\program files\PC Tools Firewall Plus
2008-10-08 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-10-08 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2008-10-06 21:35 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2008-10-06 21:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-06 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-03 18:11 --------- d-----w c:\documents and settings\jason\Application Data\Avanquest
2008-10-03 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Avanquest
2008-10-02 12:31 --------- d-----w c:\program files\Enigma Software Group
2008-10-01 14:52 --------- d-----w c:\documents and settings\jason\Application Data\VCOM
2008-10-01 14:51 --------- d-----w c:\program files\VCOM
2008-10-01 14:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-01 14:49 --------- d-----w c:\program files\BVRP Software
2008-10-01 14:11 --------- d-----w c:\documents and settings\jason\Application Data\PC Tools
2008-10-01 13:19 --------- d-----w c:\program files\Spyware Doctor
2008-09-26 06:14 95,384 ----a-w c:\windows\system32\drivers\pctplfw.sys
2008-09-26 06:14 58,136 ----a-w c:\windows\system32\drivers\FWAuthdriver.sys
2008-09-23 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-22 15:20 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-05-02 21:42 47,360 ----a-w c:\documents and settings\jason\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-10_16.35.21.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-07-25 17:13:18 24,576 ----a-w c:\windows\Downloaded Program Files\dwusplay.dll
+ 2002-07-25 17:13:12 196,608 ----a-w c:\windows\Downloaded Program Files\dwusplay.exe
+ 2005-02-16 16:15:20 401,408 ----a-w c:\windows\Downloaded Program Files\isusweb.dll
+ 2008-11-11 16:37:37 10,134 ----a-r c:\windows\Installer\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}\ARPPRODUCTICON.exe
+ 2008-11-11 16:36:50 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\ARPPRODUCTICON.exe
+ 2008-11-11 16:36:50 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut10_02E73E50651348028600B5A5BA185BE3.exe
+ 2008-11-11 16:36:50 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut11_02E73E50651348028600B5A5BA185BE3.exe
+ 2008-11-11 16:36:51 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut12_02E73E50651348028600B5A5BA185BE3.exe
+ 2008-11-11 16:36:51 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut13_F2CDC39AAD4A470EADF36CE15914D115.exe
+ 2008-11-11 16:36:51 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut14_F2CDC39AAD4A470EADF36CE15914D115.exe
+ 2008-11-11 16:36:51 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut15_F2CDC39AAD4A470EADF36CE15914D115.exe
+ 2008-11-11 16:36:51 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut16_F2CDC39AAD4A470EADF36CE15914D115.exe
+ 2008-11-11 16:36:52 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut20_F2CDC39AAD4A470EADF36CE15914D115.exe
+ 2008-11-11 16:36:52 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut4_F2CDC39AAD4A470EADF36CE15914D115.exe
+ 2008-11-11 16:36:53 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut5_F2CDC39AAD4A470EADF36CE15914D115.exe
+ 2008-11-11 16:36:52 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut7_02E73E50651348028600B5A5BA185BE3.exe
+ 2008-11-11 16:36:52 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut8_02E73E50651348028600B5A5BA185BE3.exe
+ 2008-11-11 16:36:52 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\NewShortcut9_02E73E50651348028600B5A5BA185BE3.exe
+ 2008-11-11 16:36:50 450,560 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\PageViewer.exe
+ 2008-11-11 16:36:50 573,440 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\PaperPort_F2CDC39AAD4A470EADF36CE15914D115.exe
+ 2008-11-11 16:36:50 65,536 ----a-r c:\windows\Installer\{B6C89654-A6A2-477C-873B-724EC1C56407}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2007-02-02 19:13:26 81,920 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrScnDev.dll
+ 2004-10-15 12:50:20 15,295 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrScnUsb.sys
+ 2006-11-20 20:48:46 9,728 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrSti07a.dll
+ 2007-01-29 16:03:00 36,864 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrStiIf.dll
+ 2007-02-01 07:35:40 81,920 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrTwdLng.dll
+ 2007-02-02 19:14:00 131,072 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrTwds.dll
+ 2007-02-02 19:13:48 1,531,904 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrTwdScn.dll
+ 2007-02-02 19:14:30 139,264 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrTwdsUi.dll
+ 2007-01-26 14:06:18 45,568 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrUsi07a.dll
+ 2007-02-01 13:19:58 1,520,640 -c--a-w c:\windows\system32\DRVSTORE\brimb7e1_D4B591C041F100F7C2C61C35457EF44601B31169\BrWia07a.dll
+ 2007-02-19 17:44:04 73,728 -c--a-w c:\windows\system32\DRVSTORE\brprb7e1_F6785D979A83BEFB19F6CA264D99CF51ED2BD025\bril07a.dll
+ 2007-03-02 09:59:26 1,733,915 -c--a-w c:\windows\system32\DRVSTORE\brprb7e1_F6785D979A83BEFB19F6CA264D99CF51ED2BD025\brio07a.dll
+ 2007-03-02 09:59:26 1,139,032 -c--a-w c:\windows\system32\DRVSTORE\brprb7e1_F6785D979A83BEFB19F6CA264D99CF51ED2BD025\briu07a.dll
+ 2007-01-26 03:06:00 116,544 -c--a-w c:\windows\system32\DRVSTORE\brprb7e1_F6785D979A83BEFB19F6CA264D99CF51ED2BD025\brqikmon.exe
- 2008-10-17 13:35:50 192,184 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-11 16:55:08 192,976 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2006-07-11 18:43:32 1,060,864 ----a-w c:\windows\system32\mfc71.dll
+ 2006-07-11 19:02:30 1,053,184 ----a-w c:\windows\system32\mfc71u.dll
- 2007-04-20 17:32:20 348,160 ----a-w c:\windows\system32\msvcr71.dll
+ 2006-07-11 18:35:38 348,160 ----a-w c:\windows\system32\msvcr71.dll
+ 2002-02-04 02:52:54 1,230,336 ----a-w c:\windows\system32\msxml4.dll
+ 2002-02-04 02:43:00 82,432 ----a-w c:\windows\system32\msxml4r.dll
+ 2007-02-19 17:44:04 73,728 ----a-w c:\windows\system32\spool\drivers\w32x86\3\bril07a.dll
+ 2007-03-02 09:59:26 1,733,915 ----a-w c:\windows\system32\spool\drivers\w32x86\3\brio07a.dll
+ 2007-03-02 09:59:26 1,139,032 ----a-w c:\windows\system32\spool\drivers\w32x86\3\briu07a.dll
+ 2007-01-26 03:06:00 116,544 ----a-w c:\windows\system32\spool\drivers\w32x86\3\brqikmon.exe
+ 2007-01-29 21:19:42 87,592 ----a-w c:\windows\system32\spool\drivers\w32x86\3\NuanImageConvert.dll
+ 2007-01-29 21:19:18 189,992 ----a-w c:\windows\system32\spool\drivers\w32x86\3\NuanOemUiRes.dll
+ 2007-01-29 21:19:46 25,640 ----a-w c:\windows\system32\spool\drivers\w32x86\3\NuanUI.dll
+ 2007-01-29 21:19:46 27,176 ----a-w c:\windows\system32\spool\drivers\w32x86\3\NuanUni.dll
+ 2008-04-14 01:12:08 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2008-04-14 01:12:08 744,448 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2007-05-15 09:08:54 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2007-02-19 17:44:04 73,728 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_135cf5a8\bril07a.dll
+ 2007-03-02 09:59:26 1,733,915 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_135cf5a8\brio07a.dll
+ 2007-03-02 09:59:26 1,139,032 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_135cf5a8\briu07a.dll
+ 2007-01-26 03:06:00 116,544 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_135cf5a8\brqikmon.exe
+ 2005-09-07 12:03:40 722,192 ----a-w c:\windows\system32\Vb40032.dll
+ 2007-02-02 19:13:26 81,920 ----a-w c:\windows\twain_32\BrMfSc0e\Common\BrScnDev.dll
+ 2007-01-29 16:03:00 36,864 ----a-w c:\windows\twain_32\BrMfSc0e\Common\BrStiIf.dll
+ 2007-02-02 19:14:00 131,072 ----a-w c:\windows\twain_32\BrMfSc0e\Common\BrTwds.dll
+ 2007-02-02 19:13:48 1,531,904 ----a-w c:\windows\twain_32\BrMfSc0e\Common\BrTwdScn.dll
+ 2007-02-02 19:14:30 139,264 ----a-w c:\windows\twain_32\BrMfSc0e\Common\BrTwdsUi.dll
+ 2007-01-26 09:10:50 94,208 ----a-w c:\windows\twain_32\BrMfSc0e\DC135CU\BrDbgOut.dll
+ 2007-02-01 07:35:40 81,920 ----a-w c:\windows\twain_32\BrMfSc0e\Lang\BrTwdLng.dll
+ 2008-11-11 16:36:26 1,230,336 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2008-11-11 16:36:26 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Fix-It Utilities Express OLR"="c:\progra~1\BVRPSO~1\FIX-IT~1\BVRPOlr.exe" [2006-12-08 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-24 1235736]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-06 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-05 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-06 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-05 1212184]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-05-03 13352]
.
Contents of the 'Scheduled Tasks' folder

2008-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 18:12:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-11 18:14:42
ComboFix-quarantined-files.txt 2008-11-11 18:14:35
ComboFix2.txt 2008-11-10 16:36:08

Pre-Run: 149,936,021,504 bytes free
Post-Run: 149,942,484,992 bytes free

269 --- E O F --- 2008-10-24 17:41:57

jibber · Joined: 09 Nov 2008 Posts: 14

Also Patrik after having a look in my C drive i notice there is a file named Qoobox. Is that to do with ComboFix as it has the logs and quarantine files etc.

Cheers

Jibber

patrik · Site Admin Joined: 08 Jan 2006 Posts: 1865

jibber · Joined: 09 Nov 2008 Posts: 14

Bloody hell!!!!!

Finally after all this time i think we have cracked it! My computer is running so much faster and also have been on it today and not a single CID popup has appeared.

So what was it that had caused those CIDs in the first place? I will try to avoid it in future.
I am not a computer expert but do know how to get around, but these CIds really did get to me, and i would to have an idea of how you got rid of them.

Thank you very much for all your help.

I have deleted the icons on my desktop for deljob and combofix, however i did what you said, went to start run typed in combofix/u and it said windows could not find it. Tpyed it several times differently to.

Any ideas? can i uninstall it through control panel?

patrik · Site Admin Joined: 08 Jan 2006 Posts: 1865

Glad to help you Smile

jibber · Joined: 09 Nov 2008 Posts: 14

Hi Patrik,

have uninstalled combofix successfully now, as i did as per your instructions. Also uninstalled Deljob to.

Again many thanks for your help. I will keep a close eye in future to what i install.

Jibber