Gus Firefox & Interent Explorer both crash before opening

I saw a Thread in the Internet forum regarding both IE and Firefox crashing when started, there was a request to post on the malware thread, so I am posting here also

I have installed and run both Malwarebyte and Hijackthis the logs are below, as is the firefox log

The problem maybe related to 'add-ons' although there is a small amount of malware present

--------------------------------------

Firefox

Add-ons: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5,avg@igeared:2.506.014.001,{3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090813W,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
BuildID: 20090824101458
CrashTime: 1262910436
InstallTime: 1262904306
ProductName: Firefox
SecondsSinceLastCrash: 136
StartupTime: 1262910435
Theme: classic/1.0
Throttleable: 1
URL:
Vendor: Mozilla
Version: 3.5.3

----------------------

HijackThis

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 00:22:56, on 08/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\My Music\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\Virgin Broadband Wireless\wpa_supplicant.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061213
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=2057&fid=RegXPWizCredOnly
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [realtecks] "C:\Documents and Settings\Garfield\Application Data\Google\wcwdu16814728.exe" 2
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\My Music\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S54B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 18104 bytes

-------------------------------

Malwarebyte

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

08/01/2010 00:21:43
Zara mbam-log-2010-01-08 (00-21-24)

Scan type: Full Scan (C:\|)
Objects scanned: 275170
Time elapsed: 1 hour(s), 28 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realtecks (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Please see 'Commy Log' below

-----------------------------------

ComboFix 10-01-04.01 - Garfield 08/01/2010 20:09:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1116 [GMT 0:00]
Running from: c:\documents and settings\Garfield\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\EventSystem.log
c:\windows\system32\STEC3.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_STEC3
-------\Service_NPF
-------\Service_STEC3


((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 20:20 . 2010-01-08 20:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-08 00:22 . 2010-01-08 00:22 -------- d-----w- c:\program files\TrendMicro
2010-01-07 22:44 . 2010-01-07 22:44 -------- d-----w- c:\documents and settings\Garfield\Application Data\Malwarebytes
2010-01-07 22:44 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:44 . 2010-01-07 22:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 22:44 . 2010-01-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 22:44 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 11:02 . 2010-01-06 11:02 -------- d-----w- c:\documents and settings\Garfield\Local Settings\Application Data\Temp
2010-01-06 10:57 . 2010-01-06 10:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-04 22:33 . 2010-01-04 22:33 -------- d-----w- c:\windows\LastGood
2009-12-30 00:47 . 2005-05-18 10:55 32768 ----a-w- c:\windows\VMZoom.exe
2009-12-30 00:47 . 2005-05-18 10:54 24576 ----a-w- c:\windows\VMPipe.dll
2009-12-30 00:47 . 2000-10-31 12:00 307200 ----a-w- c:\windows\vidcap32.Exe
2009-12-30 00:47 . 2009-12-30 00:47 -------- d-----w- c:\windows\CatRoot
2009-12-30 00:47 . 2005-05-02 16:45 53248 ----a-w- c:\windows\Sti303.exe
2009-12-30 00:47 . 2005-04-30 18:46 24576 ----a-w- c:\windows\RunSetup.dll
2009-12-30 00:47 . 2009-12-30 00:47 -------- d-----w- c:\windows\EffectResources
2009-12-30 00:47 . 2009-12-30 00:47 -------- d-----w- c:\program files\Vimicro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 20:23 . 2008-09-29 17:11 -------- d-----w- c:\documents and settings\Garfield\Application Data\Affinegy
2010-01-08 20:23 . 2006-12-13 00:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 00:22 . 2010-01-08 00:22 388096 ----a-r- c:\documents and settings\Garfield\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 22:22 . 2008-08-13 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-06 11:03 . 2006-12-13 00:39 -------- d-----w- c:\program files\Google
2009-12-30 00:47 . 2006-12-13 00:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-10 07:24 . 2009-02-06 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-26 07:51 . 2009-11-26 07:51 -------- d-----w- c:\program files\MSXML 4.0
2009-11-15 17:08 . 2009-11-10 21:51 -------- d-----w- c:\program files\Driving Test Success - All Tests (2008-2009)
2009-11-15 17:08 . 2009-11-10 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Driving Test Success
2009-10-31 22:03 . 2006-12-13 00:45 70448 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 05:04 . 2004-08-11 17:00 668672 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-11 17:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-11 17:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-11 17:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-11 17:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-11 17:00 112128 ----a-w- c:\windows\system32\rastls.dll
2009-02-07 20:35 . 2007-01-01 18:56 168 --sh--r- c:\windows\system32\0EB3380D28.sys
2009-02-07 20:35 . 2007-01-01 18:56 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 09:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLAGENTEXE"="dslagent.exe USB" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-13 236544]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 999424]
"GSICONEXE"="gsicon.exe" [2003-05-14 90112]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 139264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-03 185632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-19 200704]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\my music\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-03-27 181544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-13 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-13 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 09:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-10 15:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\My Music\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/03/2009 22:38 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/03/2009 22:38 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/06/2009 09:16 298776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [27/03/2009 14:54 165160]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [14/07/2006 01:01 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [14/07/2006 01:02 13696]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 10:57 135664]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\Garfield\LOCALS~1\Temp\cdrmkaun.sys --> c:\docume~1\Garfield\LOCALS~1\Temp\cdrmkaun.sys [?]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys --> c:\windows\System32\Drivers\sunkfilt6.sys [?]
S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [23/07/2004 14:55 46536]
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-01 17:28]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 10:57]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 10:57]

2010-01-08 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (ZARA-Garfield).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-12-13 18:18]

2010-01-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 22:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=2057&fid=RegXPWizCredOnly
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Garfield\Application Data\Mozilla\Firefox\Profiles\vzqhybl1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\my music\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-realtecks - c:\documents and settings\Garfield\Application Data\Google\wcwdu16814728.exe
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files\Electronic Arts\The Lord of the Rings



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 20:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(5532)
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\stsystra.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\windows\system32\gsicon.exe
c:\windows\system32\dslagent.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Virgin Broadband Wireless\ndis_events.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2010-01-08 20:28:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 20:28

Pre-Run: 6,794,510,336 bytes free
Post-Run: 9,515,679,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2FFA5182C800446C43DE010BEA77D9E2

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is D00E-65F1

Directory of C:\Windows\System32\Drivers

08/01/2010 20:28 .
08/01/2010 20:28 ..
13/12/2006 00:07 6,097 1028_Dell_INS_9400.mrk
03/08/2004 23:10 53,248 1394bus.sys
17/08/2001 13:52 23,552 ABP480N5.SYS
04/08/2004 05:00 187,776 acpi.sys
04/08/2004 05:00 11,648 acpiec.sys
17/08/2001 14:07 101,888 adpu160m.sys
15/02/2006 00:22 142,464 aec.sys
13/12/2006 00:32 21,275 AegisP.sys
14/08/2008 09:51 138,368 afd.sys
26/05/2008 15:09 27,072 AFGSp50.sys
03/08/2004 23:07 42,368 AGP440.SYS
03/08/2004 23:07 44,928 AGPCPQ.SYS
17/08/2001 13:52 12,800 aha154x.sys
17/08/2001 14:07 55,168 aic78u2.sys
17/08/2001 14:07 56,960 aic78xx.sys
17/08/2001 13:51 5,248 aliide.sys
03/08/2004 23:07 42,752 ALIM1541.SYS
03/08/2004 23:07 43,008 AMDAGP.SYS
04/08/2004 05:00 36,992 amdk6.sys
04/08/2004 05:00 37,376 amdk7.sys
17/08/2001 13:52 12,032 amsint.sys
12/08/2005 17:50 16,128 APPDRV.SYS
04/08/2004 05:00 60,800 arp1394.sys
17/08/2001 13:52 26,496 asc.sys
17/08/2001 13:52 22,400 asc3350p.sys
17/08/2001 13:51 14,848 asc3550.sys
15/08/2007 21:23 8,552 asctrm.sys
04/08/2004 05:00 14,336 asyncmac.sys
03/08/2004 22:59 95,360 atapi.sys
23/05/2006 13:19 45,056 ati2erec.dll
23/05/2006 14:06 1,578,496 ati2mtag.sys
08/02/2006 08:44 1,114,674 ativcaxx.cpa
08/02/2006 08:44 929 ativcaxx.vp
14/10/2005 02:10 58,560 ativckxx.vp
23/05/2006 14:24 28,976 ativvpxx.vp
04/08/2004 05:00 59,904 atmarpc.sys
04/08/2004 05:00 31,360 atmepvc.sys
04/08/2004 05:00 55,936 atmlane.sys
04/08/2004 05:00 352,256 atmuni.sys
17/08/2001 13:59 3,072 audstub.sys
17/08/2009 09:29 Avg
02/08/2009 09:25 335,752 avgldx86.sys
26/06/2009 09:16 27,784 avgmfx86.sys
19/05/2009 16:30 108,552 avgtdix.sys
17/08/2001 13:57 14,080 battc.sys
25/08/2006 07:23 44,544 bcm4sbxp.sys
04/08/2004 05:00 4,224 beep.sys
04/08/2004 05:00 71,552 bridge.sys
13/06/2008 13:10 272,128 bthport.sys
17/08/2001 13:52 13,952 cbidf2k.sys
03/08/2004 23:10 17,024 CCDECODE.sys
17/08/2001 13:52 7,680 cd20xrnt.sys
04/08/2004 05:00 18,688 cdaudio.sys
04/08/2004 05:00 63,744 cdfs.sys
18/10/2006 01:00 2,432 cdr4_xp.sys
18/10/2006 01:00 2,560 cdralw2k.sys
04/08/2004 05:00 49,536 cdrom.sys
04/08/2004 05:00 262,528 cinemst2.sys
04/08/2004 05:00 49,664 classpnp.sys
03/08/2004 23:07 14,080 CmBatt.sys
17/08/2001 13:51 6,656 cmdide.sys
17/08/2001 13:58 9,344 compbatt.sys
17/08/2001 13:52 14,976 cpqarray.sys
04/08/2004 05:00 11,776 cpqdap01.sys
04/08/2004 05:00 36,480 crusoe.sys
17/08/2001 13:52 179,584 dac2w2k.sys
17/08/2001 13:52 14,720 dac960nt.sys
01/12/2005 05:39 141,497 del1028.cty
11/08/2004 17:02 disdn
04/08/2004 05:00 36,352 disk.sys
04/08/2004 05:00 14,208 diskdump.sys
04/08/2004 05:00 799,744 dmboot.sys
04/08/2004 05:00 153,344 dmio.sys
04/08/2004 05:00 5,888 dmload.sys
03/08/2004 23:07 52,864 DMusic.sys
17/08/2001 14:07 20,192 dpti2o.sys
03/08/2004 23:08 60,288 drmk.sys
03/08/2004 23:07 2,944 drmkaud.sys
01/12/2004 03:22 87,488 drvmcdb.sys
23/11/2004 02:56 40,480 drvnddm.sys
04/08/2004 05:00 10,496 dxapi.sys
04/08/2004 05:00 71,040 dxg.sys
04/08/2004 05:00 3,328 dxgthk.sys
17/08/2001 12:12 117,760 e100b325.sys
17/08/2001 13:46 6,400 enum1394.sys
08/01/2010 20:21 etc
04/08/2004 05:00 143,360 fastfat.sys
04/08/2004 05:00 27,392 fdc.sys
04/08/2004 05:00 34,944 fips.sys
04/08/2004 05:00 20,480 flpydisk.sys
21/08/2006 09:14 128,896 fltmgr.sys
04/08/2004 05:00 12,160 fsvga.sys
04/08/2004 05:00 7,936 fs_rec.sys
17/08/2001 13:52 125,056 ftdisk.sys
19/03/2009 15:32 23,400 GEARAspiWDM.sys
04/08/2004 05:00 3,440,660 gm.dls
04/08/2004 05:00 646 gmreadme.txt
28/04/2003 11:10 276,904 gwausb.sys
12/08/2004 17:45 137,728 Hdaudbus.sys
12/08/2004 17:45 113,664 Hdaudio.sys
04/08/2004 05:00 36,224 hidclass.sys
04/08/2004 05:00 24,960 hidparse.sys
17/08/2001 14:02 9,600 hidusb.sys
14/07/2006 01:01 13,824 hnm_wrls_pkt.sys
17/08/2001 14:07 25,952 hpn.sys
01/12/2005 07:40 192,512 HSXHWAZL.sys
01/12/2005 07:40 669,696 HSX_CNXT.sys
01/12/2005 07:40 936,960 HSX_DPV.sys
20/10/2009 14:58 263,552 http.sys
03/08/2004 23:00 8,192 i2omgmt.sys
03/08/2004 23:00 18,560 i2omp.sys
04/08/2004 05:00 52,736 i8042prt.sys
04/08/2004 05:00 41,856 imapi.sys
17/08/2001 13:52 16,000 ini910u.sys
03/08/2004 22:59 5,504 intelide.sys
04/08/2004 05:00 36,096 intelppm.sys
04/08/2004 05:00 29,056 ip6fw.sys
04/08/2004 05:00 32,896 ipfltdrv.sys
04/08/2004 05:00 20,992 ipinip.sys
29/09/2004 22:28 134,912 ipnat.sys
04/08/2004 05:00 74,752 ipsec.sys
04/08/2004 05:00 11,264 irenum.sys
17/08/2001 13:58 35,840 isapnp.sys
03/08/2004 22:58 24,576 kbdclass.sys
14/06/2006 08:47 172,416 kmixer.sys
03/08/2004 23:15 140,928 ks.sys
22/06/2009 11:35 92,544 ksecdd.sys
29/03/2000 17:11 8,096 MASPINT.SYS
30/12/2009 14:54 19,160 mbam.sys
30/12/2009 14:55 38,224 mbamswissarmy.sys
04/08/2004 05:00 7,680 mcd.sys
05/10/2005 04:57 12,544 mdmxsdk.sys
04/08/2004 05:00 63,744 mf.sys
04/08/2004 05:00 4,224 mnmdd.sys
04/08/2004 05:00 30,080 modem.sys
03/08/2004 22:58 23,040 mouclass.sys
17/08/2001 13:48 12,160 mouhid.sys
04/08/2004 05:00 42,240 mountmgr.sys
16/08/2005 16:18 80,640 MpFirewall.sys
22/06/2009 11:48 91,776 mqac.sys
17/08/2001 13:52 17,280 mraid35x.sys
18/12/2007 09:51 179,584 mrxdav.sys
24/10/2008 11:10 453,632 mrxsmb.sys
04/08/2004 05:00 19,072 msfs.sys
04/08/2004 05:00 35,072 msgpc.sys
03/08/2004 22:58 7,552 MSKSSRV.sys
03/08/2004 22:58 5,376 MSPCLOCK.sys
03/08/2004 22:58 4,992 MSPQM.sys
03/08/2004 23:07 15,488 mssmbios.sys
03/08/2004 22:58 5,504 MSTEE.sys
04/08/2004 05:00 107,904 mup.sys
03/08/2004 23:10 85,376 NABTSFEC.sys
10/08/2005 11:22 114,464 naiavf5x.sys
04/08/2004 05:00 182,912 ndis.sys
03/08/2004 23:10 10,880 NdisIP.sys
04/08/2004 05:00 9,600 ndistapi.sys
04/08/2004 05:00 12,928 ndisuio.sys
04/08/2004 05:00 91,776 ndiswan.sys
04/08/2004 05:00 38,016 ndproxy.sys
04/08/2004 05:00 34,560 netbios.sys
04/08/2004 05:00 162,816 netbt.sys
01/04/2003 17:55 35,319 NETMD031.sys
10/11/2003 11:31 36,232 NETMD033.sys
31/10/2005 09:46 36,679 NETMD052.sys
08/08/2002 14:51 38,951 NETMDUSB.sys
04/08/2004 05:00 61,824 nic1394.sys
04/08/2004 05:00 12,032 nikedrv.sys
04/08/2004 05:00 40,320 nmnt.sys
04/08/2004 05:00 30,848 npfs.sys
09/02/2007 11:10 574,464 ntfs.sys
04/08/2004 05:00 2,944 null.sys
03/08/2004 22:29 1,897,408 nv4_mini.sys
04/08/2004 05:00 12,416 nwlnkflt.sys
04/08/2004 05:00 32,512 nwlnkfwd.sys
04/08/2004 05:00 88,448 nwlnkipx.sys
04/08/2004 05:00 63,232 nwlnknb.sys
04/08/2004 05:00 55,936 nwlnkspx.sys
13/10/2006 10:23 163,584 nwrdr.sys
03/08/2004 23:10 61,056 ohci1394.sys
13/02/2004 16:46 17,153 omci.sys
04/08/2004 05:00 3,456 oprghdlr.sys
04/08/2004 05:00 42,496 p3.sys
15/10/2006 09:36 11,136 packet.sys
04/08/2004 05:00 80,128 parport.sys
04/08/2004 05:00 18,688 partmgr.sys
04/08/2004 05:00 6,784 parvdm.sys
03/08/2004 23:07 68,224 pci.sys
17/08/2001 13:51 3,328 pciide.sys
03/08/2004 22:59 25,088 pciidex.sys
04/08/2004 05:00 119,936 pcmcia.sys
17/08/2001 14:07 27,296 perc2.sys
17/08/2001 14:07 5,504 perc2hib.sys
16/03/2004 11:58 136,960 portcls.sys
04/08/2004 05:00 35,328 processr.sys
04/08/2004 05:00 69,120 psched.sys
04/08/2004 05:00 17,792 ptilink.sys
18/10/2006 01:00 36,624 pxhelp20.sys
17/08/2001 13:52 40,320 ql1080.sys
17/08/2001 13:52 33,152 ql10wnt.sys
17/08/2001 13:52 45,312 ql12160.sys
17/08/2001 13:52 40,448 ql1240.sys
17/08/2001 13:52 49,024 ql1280.sys
04/08/2004 05:00 8,832 rasacd.sys
04/08/2004 05:00 51,328 rasl2tp.sys
04/08/2004 05:00 41,472 raspppoe.sys
04/08/2004 05:00 48,384 raspptp.sys
04/08/2004 05:00 16,512 raspti.sys
04/08/2004 05:00 34,432 rawwan.sys
05/05/2006 09:47 174,592 rdbss.sys
04/08/2004 05:00 4,224 rdpcdd.sys
03/08/2004 23:01 196,864 rdpdr.sys
10/06/2005 04:09 139,528 rdpwd.sys
03/08/2004 22:59 57,472 redbook.sys
14/07/2005 23:58 28,544 rimmptsk.sys
13/07/2005 00:00 51,328 rimsptsk.sys
04/08/2004 05:00 12,032 rio8drv.sys
04/08/2004 05:00 12,032 riodrv.sys
14/07/2005 22:28 307,968 rixdptsk.sys
08/05/2008 12:28 202,752 rmcast.sys
04/08/2004 05:00 30,080 rndismp.sys
04/08/2004 05:00 5,888 rootmdm.sys
01/05/2006 09:52 13,568 s24trans.sys
04/08/2004 05:00 96,256 scsiport.sys
04/08/2004 05:00 67,584 sdbus.sys
13/11/2007 10:25 20,480 secdrv.sys
04/08/2004 05:00 15,488 serenum.sys
04/08/2004 05:00 64,896 serial.sys
04/08/2004 05:00 11,136 sffdisk.sys
04/08/2004 05:00 10,240 sffp_sd.sys
04/08/2004 05:00 11,392 sfloppy.sys
03/08/2004 23:07 41,088 SISAGP.SYS
03/08/2004 23:10 11,136 SLIP.sys
04/08/2004 05:00 14,592 smclib.sys
04/08/2004 05:00 25,472 sonydcam.sys
17/08/2001 14:07 19,072 sparrow.sys
14/06/2006 08:47 6,400 splitter.sys
04/08/2004 05:00 73,472 sr.sys
11/12/2008 11:57 333,184 srv.sys
14/07/2004 11:29 5,627 sscdbhk5.sys
14/07/2004 11:28 23,545 ssrtln.sys
30/08/2005 16:57 58,320 ss_bus.sys
30/08/2005 16:58 6,144 ss_cm.sys
30/08/2005 16:58 6,144 ss_cmnt.sys
30/08/2005 16:58 8,304 ss_mdfl.sys
30/08/2005 16:59 94,000 ss_mdm.sys
30/08/2005 16:57 5,808 ss_wh.sys
30/08/2005 16:57 5,808 ss_whnt.sys
19/08/2009 14:43 5,632 StarOpen.sys
24/03/2006 23:34 1,156,648 sthda.sys
04/08/2004 05:00 48,640 stream.sys
03/08/2004 23:10 15,360 StreamIP.sys
23/07/2004 14:55 46,536 sunkfilt62.sys
03/08/2004 22:58 4,352 swenum.sys
17/08/2001 14:00 54,272 swmidi.sys
17/08/2001 14:07 16,256 symc810.sys
17/08/2001 14:07 32,640 symc8xx.sys
17/08/2001 14:07 28,384 sym_hi.sys
17/08/2001 14:07 30,688 sym_u3.sys
08/03/2006 18:35 191,872 SynTP.sys
03/08/2004 23:15 60,800 sysaudio.sys
04/08/2004 05:00 14,976 tape.sys
20/06/2008 10:45 360,320 tcpip.sys
20/06/2008 09:52 225,920 tcpip6.sys
04/08/2004 05:00 18,560 tdi.sys
04/08/2004 05:00 12,040 tdpipe.sys
04/08/2004 05:00 21,896 tdtcp.sys
04/08/2004 01:01 40,840 termdd.sys
04/08/2004 05:00 51,712 tosdvd.sys
17/08/2001 13:51 4,992 toside.sys
04/08/2004 05:00 21,376 tsbvcap.sys
04/08/2004 05:00 12,416 tunmp.sys
04/08/2004 05:00 66,176 udfs.sys
17/08/2001 13:52 36,736 ultra.sys
28/06/2009 17:58 UMDF
23/04/2007 10:32 364,160 update.sys
04/08/2004 05:00 12,672 usb8023.sys
26/03/2009 14:23 36,864 usbaapl.sys
04/08/2004 05:00 23,808 usbcamd.sys
04/08/2004 05:00 23,936 usbcamd2.sys
03/08/2004 23:08 31,616 usbccgp.sys
04/08/2004 05:00 4,736 usbd.sys
25/10/2005 23:39 27,264 usbehci.sys
03/08/2004 23:08 57,600 usbhub.sys
04/08/2004 05:00 16,000 usbintel.sys
25/10/2005 23:39 143,104 usbport.sys
03/08/2004 22:01 25,856 usbprint.sys
03/08/2004 22:58 15,104 usbscan.sys
03/08/2004 23:08 26,496 USBSTOR.SYS
03/08/2004 23:08 20,480 usbuhci.sys
14/07/2005 12:59 389,788 usbVM303.sys
25/11/2001 11:11 81,924 VC4CB104.SYS
04/08/2004 05:00 58,112 vdmindvd.sys
04/08/2004 05:00 20,992 vga.sys
03/08/2004 23:07 42,240 VIAAGP.SYS
03/08/2004 22:59 5,376 viaide.sys
04/08/2004 05:00 79,744 videoprt.sys
04/08/2004 05:00 52,352 volsnap.sys
26/04/2006 23:13 1,429,632 w39n51.sys
04/08/2004 05:00 34,560 wanarp.sys
14/06/2006 09:00 82,944 wdmaud.sys
03/08/2004 23:07 8,832 wmiacpi.sys
04/08/2004 05:00 4,352 wmilib.sys
18/10/2006 19:00 38,528 wpdusb.sys
04/08/2004 05:00 12,032 ws2ifsl.sys
14/07/2006 01:02 13,696 wsp_pkt.sys
03/08/2004 23:10 19,328 WSTCODEC.SYS
28/09/2006 17:55 77,568 WudfPf.sys
28/09/2006 18:00 82,944 WudfRd.sys
304 File(s) 30,209,132 bytes

Directory of C:\Windows\System32\Drivers\Avg

17/08/2009 09:29 .
17/08/2009 09:29 ..
01/03/2009 22:38 6,061,540 avi7.avg
17/08/2009 09:29 39,918,921 incavi.avm
16/08/2009 17:17 65,360 microavi.avg
02/07/2009 08:02 463,779 miniavi.avg
4 File(s) 46,509,600 bytes

Directory of C:\Windows\System32\Drivers\disdn

11/08/2004 17:02 .
11/08/2004 17:02 ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

08/01/2010 20:21 .
08/01/2010 20:21 ..
08/01/2010 20:21 27 hosts
04/08/2004 05:00 734 hosts.msn
04/08/2004 05:00 3,683 lmhosts.sam
04/08/2004 05:00 407 networks
04/08/2004 05:00 799 protocol
04/08/2004 05:00 7,116 services
6 File(s) 12,766 bytes

Directory of C:\Windows\System32\Drivers\UMDF

28/06/2009 17:58 .
28/06/2009 17:58 ..
18/10/2006 20:47 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
315 File(s) 77,402,730 bytes
14 Dir(s) 9,553,498,112 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is D00E-65F1

Directory of C:\Windows\System32\Drivers



*********************Processes*******************







******************************************
EOF

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Please find below the GMER Log

---------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-11 15:40:05
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Garfield\LOCALS~1\Temp\pxtdypow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[196] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00F23E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Creative\Mixer\CTSVolFE.exe[256] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E73E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[284] WS2_32.dll!connect 71AB406A 5 Bytes JMP 016F3E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[412] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[556] WS2_32.dll!connect 71AB406A 5 Bytes JMP 02553E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text ...
.text C:\WINDOWS\system32\SearchIndexer.exe[2464] kernel32.dll!WriteFile 7C810D97 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\dslagent.exe[2564] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00903E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe[2676] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01183E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\Program Files\QuickTime\QTTask.exe[2720] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00A53E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe[2744] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E53E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text C:\WINDOWS\VM303_STI.EXE[2752] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E33E00 c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/McAfee, Inc.)
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00BAB88B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00BAB69E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00BA70C9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00BA7CA2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00BA9A4C
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00BA846E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00BA7E87
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00BA92C7
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00BAAF32
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00BAAF62
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00BABAA5
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00BAAC8C
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00BA99DC
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00BA8B2E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00BA8282
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00BA87CA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00BABDD1
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00BA94C6
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00BA98D8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00BAA01B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00BA9D0B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00BA9FC9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00BAA608
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00BAA113
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00BA8096
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00BA8A83
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00BAB00D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00BA9DCD
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00BA998F
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00BA9703
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00BA9ADC
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00BABAB1
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00BA9CA2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00BABC36
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00BABC04
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00BABD59
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00BABDB5
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[4420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00BABCA2

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Is this is a different computer than the one I am helping you on the other thread, or the same?

This is 2 separate computers

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Hi,

We have had a review of our home PCs as my job has changed

For the PC that has this problem we have decided to re-format the c: drive and re-install the operating system to give us a fresh clean laptop

I have just carried this out on an older PC we have and it has worked well with not much initially to re-install

Cheers

Gus

Very well.

Thanks for letting me know.