Internet connected - but every few minutes the server can't be found

Hello -

Since a couple days ago, I've been getting kicked off my connection to the server every few minutes. This happens with both IE and Firefox. I can reconnect by clicking "repair" and then I'm good for another few minutes. The wireless network connection icon on the bottom of my screen says that my signal strength remains Excellent, my status Connected and speed 54.0 mbps. The automatic updates function has been feeding me some new items - IE 7 and a Microsoft Malicious Software Remover, which I've installed. I've tried your other suggestions, such as Winsock XP Fix, to no avail. I recently ran a system scan with Microsoft Security Essentials and it found 3 "Severe" viruses -
Exploit:Java/CVE-2008-5353.B
Trojan:Java/Selace.B
Trojan:Java/Selace.A
It supposedly removed these items. Below is the read out from the Hijak This program. Thanks for you help! I'm going bananas!
Rosey


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:34 PM, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andy\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.openofficestart.com/?cfg=1-2-1-krs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca4c562023c416) (gupdate1ca4c562023c416) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5543 bytes

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Hello - Here are the logs (we ran a full scan, fixed selected and then a quick scan).

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/12/2009 11:23:10 AM
mbam-log-2009-12-12 (11-23-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 130956
Time elapsed: 27 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Andy\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

----------------------------------------


Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/12/2009 11:43:04 AM
mbam-log-2009-12-12 (11-43-04).txt

Scan type: Quick Scan
Objects scanned: 94455
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I just found that we are still experiencing the problem.
Any suggestions?
Thanks

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Sorry if I'm doing something stupid....when I cut and paste that command into the run box it says: "Windows cannot find 'C:/Documents and settings/Andy/desktop/commy.exe'.
Should I just click it on my desktop to run it?
Also - in my security center should I turn off both firewall and virus protection? I don't have any other anti virus program. Just the microsoft security essentials --- do I need to turn that off too?
Thanks

Yes, go ahead and double-click it. Don't worry about disabling the security program.

OK - Here is the log report:

ComboFix 09-12-11.05 - Andy 12/13/2009 6:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1396 [GMT -7:00]
Running from: c:\documents and settings\Andy\Desktop\commy.exe.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\st325602.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-13 01:21 . 2009-12-13 01:21 -------- d-----w- c:\windows\LastGood
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\documents and settings\Andy\Application Data\Malwarebytes
2009-12-12 14:20 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 14:20 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 03:32 . 2009-10-29 07:46 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-12 03:32 . 2009-10-29 07:46 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-12 03:32 . 2009-10-29 07:46 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-12 03:32 . 2009-10-29 07:46 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-12 03:32 . 2009-10-29 07:46 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-12-12 03:32 . 2009-10-28 14:36 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-12 03:32 . 2009-10-29 07:46 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-12-12 03:32 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-18 17:46 . 2009-11-18 17:46 -------- d-----w- c:\documents and settings\Andy\Application Data\HorizonWimba

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 04:17 . 2009-11-12 15:58 1 ----a-w- c:\documents and settings\Andy\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-12 10:16 . 2009-09-23 18:44 16504 ----a-w- c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-12 05:27 . 2009-11-12 05:27 -------- d-----w- c:\documents and settings\Andy\Application Data\OpenOffice.org
2009-11-12 05:18 . 2009-11-12 05:18 -------- d-----w- c:\program files\JRE
2009-11-12 05:18 . 2009-11-12 05:18 -------- d-----w- c:\program files\OpenOffice.org 3
2009-11-03 03:42 . 2009-09-23 19:00 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:46 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 14:58 . 2009-10-13 22:40 -------- d-----w- c:\program files\DivX
2009-10-15 00:17 . 2009-10-15 00:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-15 00:16 . 2009-10-15 00:16 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 23:12 . 2009-10-11 23:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 23:12 . 2009-10-11 23:12 152576 ----a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-25 00:35 . 2009-09-23 18:31 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-23 22:53 . 2009-09-23 22:53 0 ----a-w- c:\windows\nsreg.dat
2009-09-23 18:29 . 2009-09-23 18:29 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-21 23:09 . 2009-09-21 23:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S0 cerc6;cerc6; [x]
S2 gupdate1ca4c562023c416;Google Update Service (gupdate1ca4c562023c416);c:\program files\Google\Update\GoogleUpdate.exe [10/13/2009 3:40 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HTTPFILTER
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.openofficestart.com/?cfg=1-2-1-krs
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\5jh9bcfd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.openofficestart.com/?cfg=1-2-1-krs
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Andy\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 07:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-12-13 07:01:26
ComboFix-quarantined-files.txt 2009-12-13 14:01

Pre-Run: 233,163,960,320 bytes free
Post-Run: 233,556,320,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D9C81EA90226922D88A0A4F6E6D51650

Please post a new HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:08 PM, on 12/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andy\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.openofficestart.com/?cfg=1-2-1-krs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca4c562023c416) (gupdate1ca4c562023c416) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5310 bytes

Please perform a scan with Kaspersky Online Virus Scanner.
alternate link for scan

• Before starting your scan, disable antivirus or antispyware software.
  
• Read the "Advantages - Requirements and Limitations" then press the ACCEPT... button.
  
• You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  
• When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the SETTINGS... button.
  
• Make sure these boxes are checked. By default, they should be. If not, please check them and click on the SAVE... button afterwards:
  
  
  
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
    
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases:
    
  
  
• Click on My Computer under the Scan section. OK any warnings from your protection programs.
  
• The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  
• Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  
• Click on Save Report As... and change the Files of type to Text file (.txt)
  
• Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  
• Copy and paste the contents of that file in your next reply.
  

*Note: This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools. Some online scanners will detect existing anti-virus software and they may interfere or stop the scan. If that occurs, disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

Here is the kaspscan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, December 14, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, December 14, 2009 13:42:14
Records in database: 3370547
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 31206
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 00:41:10


File name / Threat / Threats count
C:\Documents and Settings\Andy\Application Data\Sun\Java\Deployment\cache\6.0\50\44e4ef72-67b6a6b0 Infected: Trojan-Downloader.Java.Agent.ab 1

Selected area has been scanned.

Please delete this folder:
C:\Documents and Settings\Andy\Application Data\Sun\Java\Deployment\cache\6.0\50\44e4ef72-67b6a6b0

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.42
Database version: 3365
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/15/2009 8:57:43 AM
mbam-log-2009-12-15 (08-57-43).txt

Scan type: Quick Scan
Objects scanned: 97006
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Andy\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Here you go:

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
``````````````````````````````
Anti-malware/Other Utilities Check:
HijackThis 2.0.2
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

This has been an amazingly helpful experience and I am hugely grateful for your time and help. Couple of questions - Should I keep and run any of the programs/scans that you've had me download (ie malware bytes, kapsky, security check)? Or should I just use my new AVG and Security Essentials?
Also, I'm guessing I caught the bug while either streaming True Blood episodes or downloading music...is it dangerous to use torrents? Do I need to clean up my using habits? Again, I can't thank you enough for your assistance.
Rosey

Hi - one more thing --- AVG is asking me to remove Microsoft Security Essentials to avoid conflicts. What do you suggest?

Indeed. Do not use more than one antivirus. AVG will do fine. Remove one, and use the other.

Keep Malwarebytes as it can be a scanner only. Use it from time to time to help remove malware or detect it.

Go ahead and delete the other tools, (security check, etc).

P2P and torrents are a big contributor to installing viruses and other malware. Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall any P2P programs (Limewire, Frostwire, BearShare, Gnutalle, uTorrent, etc), however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Got it. Thanks again.

Hi --- me again. I don't know if this is still a live thread...Anyway the problem is back again. I ran an avg and malwarebytes scan and they found no threats. Online armor has been blocking some programs....
Here is a hijackthis scan from a few minutes ago:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:23 PM, on 12/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andy\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.openofficestart.com/?cfg=1-2-1-krs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca4c562023c416) (gupdate1ca4c562023c416) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7167 bytes

Just ran malwarebytes again - one infection found:

Malwarebytes' Anti-Malware 1.42
Database version: 3365
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/26/2009 6:20:06 PM
mbam-log-2009-12-26 (18-20-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 138839
Time elapsed: 22 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Andy\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> No action taken.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Hey - I just saw that you replied. Before seeing that suggestion though, I went a head and ran combofix and here is that result:

ComboFix 09-12-26.05 - Andy 12/27/2009 7:35.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1363 [GMT -7:00]
Running from: c:\documents and settings\Andy\Desktop\commy.exe.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 05:22 . 2009-12-27 05:24 -------- d-----w- C:\commy.exe
2009-12-22 17:39 . 2009-12-16 01:58 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-22 17:39 . 2009-12-16 01:58 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-22 17:39 . 2009-12-16 01:58 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-22 17:39 . 2009-12-16 01:58 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-21 23:03 . 2009-12-21 23:03 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-21 22:59 . 2009-12-21 22:59 -------- d-sh--w- c:\documents and settings\Andy\IETldCache
2009-12-21 22:52 . 2009-12-22 01:09 -------- d-----w- c:\windows\ie8updates
2009-12-21 22:49 . 2009-12-21 22:50 -------- dc-h--w- c:\windows\ie8
2009-12-21 22:47 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-21 22:47 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-21 22:44 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-18 15:34 . 2009-12-18 15:34 294656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-18 15:34 . 2009-12-16 01:58 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-16 23:25 . 2009-12-16 23:25 -------- d-----w- c:\program files\uTorrent
2009-12-16 23:24 . 2009-12-27 14:39 -------- d-----w- c:\documents and settings\Andy\Application Data\uTorrent
2009-12-16 04:56 . 2009-12-27 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-12-16 04:56 . 2009-12-16 04:56 -------- d-----w- c:\documents and settings\Andy\Application Data\OnlineArmor
2009-12-16 04:55 . 2009-12-05 14:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-12-16 04:55 . 2009-12-05 14:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-12-16 04:55 . 2009-12-05 14:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-12-16 04:55 . 2009-12-16 04:55 -------- d-----w- c:\program files\Tall Emu
2009-12-16 01:59 . 2009-12-16 01:59 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\AVG Security Toolbar
2009-12-16 01:59 . 2009-12-25 01:55 -------- d-----w- C:\$AVG
2009-12-16 01:59 . 2009-12-16 01:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-16 01:59 . 2009-12-16 01:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-16 01:59 . 2009-12-16 01:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-16 01:59 . 2009-12-16 01:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-16 01:59 . 2009-12-27 05:56 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-16 01:58 . 2009-12-16 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-16 01:58 . 2009-12-16 01:58 -------- d-----w- c:\program files\AVG
2009-12-16 01:58 . 2009-12-16 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-16 01:58 . 2009-12-16 05:09 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-16 00:33 . 2009-12-16 00:33 -------- d-----w- c:\program files\Java
2009-12-16 00:33 . 2009-12-16 00:33 152576 ----a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 00:28 . 2009-12-16 00:28 79488 ----a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\documents and settings\Andy\Application Data\Malwarebytes
2009-12-12 14:20 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-12 14:20 . 2009-12-12 14:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 14:20 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 03:32 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-12 03:32 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-12 03:32 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-12 03:32 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-12 03:32 . 2009-10-28 14:36 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-12 03:32 . 2009-03-08 11:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2009-12-12 03:32 . 2009-03-08 11:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2009-12-12 03:32 . 2009-02-07 04:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-16 23:20 . 2009-11-12 15:58 1 ----a-w- c:\documents and settings\Andy\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-16 00:33 . 2009-10-11 23:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-18 17:46 . 2009-11-18 17:46 -------- d-----w- c:\documents and settings\Andy\Application Data\HorizonWimba
2009-11-12 10:16 . 2009-09-23 18:44 16504 ----a-w- c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-12 05:27 . 2009-11-12 05:27 -------- d-----w- c:\documents and settings\Andy\Application Data\OpenOffice.org
2009-11-12 05:18 . 2009-11-12 05:18 -------- d-----w- c:\program files\JRE
2009-11-12 05:18 . 2009-11-12 05:18 -------- d-----w- c:\program files\OpenOffice.org 3
2009-11-03 03:42 . 2009-09-23 19:00 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-13_14.00.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 03:54 . 2009-07-12 03:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 03:32 . 2009-07-12 03:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 08:07 . 2009-07-12 08:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 08:19 . 2009-07-12 08:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-12-27 14:19 . 2009-12-27 14:19 16384 c:\windows\Temp\Perflib_Perfdata_190.dat
+ 2009-09-23 19:02 . 2009-01-08 01:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-10-13 23:11 . 2009-01-08 01:20 16928 c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 46592 c:\windows\system32\pngfilt.dll
+ 2008-04-14 12:00 . 2009-12-27 14:23 38162 c:\windows\system32\perfc009.dat
- 2006-06-29 15:05 . 2006-06-29 15:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 15:05 . 2009-01-08 01:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 00:59 . 2006-06-29 00:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-29 00:59 . 2009-01-08 01:20 24576 c:\windows\system32\nlsdl.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 48128 c:\windows\system32\mshtmler.dll
- 2008-04-14 12:00 . 2007-08-14 01:01 48128 c:\windows\system32\mshtmler.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 66560 c:\windows\system32\mshtmled.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 45568 c:\windows\system32\mshta.exe
- 2008-04-14 12:00 . 2007-08-14 01:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-14 01:36 . 2009-03-08 11:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 01:54 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 12:00 . 2009-03-08 11:34 43008 c:\windows\system32\licmgr10.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 94720 c:\windows\system32\inseng.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-14 01:39 . 2009-03-08 11:32 36864 c:\windows\system32\ieudinit.exe
+ 2008-04-14 12:00 . 2009-03-08 11:32 71680 c:\windows\system32\iesetup.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 15:05 . 2009-01-08 01:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 15:05 . 2006-06-29 15:05 26112 c:\windows\system32\idndl.dll
+ 2007-08-14 01:36 . 2009-03-08 11:31 59904 c:\windows\system32\icardie.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2008-04-14 12:00 . 2007-08-14 01:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 12:00 . 2007-08-14 01:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-04-14 12:00 . 2009-03-08 11:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-04-14 12:00 . 2009-03-08 11:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-09-23 18:29 . 2009-03-08 11:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2008-04-14 12:00 . 2009-03-08 11:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2008-04-14 12:00 . 2009-03-08 11:33 18944 c:\windows\system32\corpol.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 72704 c:\windows\system32\admparse.dll
+ 2009-12-21 22:52 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-21 22:52 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-21 22:52 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-12-21 22:50 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 44544 c:\windows\ie8\pngfilt.dll
+ 2009-12-21 22:49 . 2007-08-14 01:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-12-21 22:49 . 2007-08-14 01:32 45568 c:\windows\ie8\mshta.exe
+ 2009-12-21 22:49 . 2007-08-14 01:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-12-21 22:49 . 2009-10-29 07:46 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-12-21 22:49 . 2007-08-14 01:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 27648 c:\windows\ie8\jsproxy.dll
+ 2009-12-21 22:49 . 2007-08-14 01:39 92672 c:\windows\ie8\inseng.dll
+ 2009-12-21 22:49 . 2007-08-14 01:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-12-21 22:49 . 2007-08-14 01:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 44544 c:\windows\ie8\iernonce.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 78336 c:\windows\ie8\ieencode.dll
+ 2009-12-21 22:49 . 2009-10-28 14:36 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-12-21 22:49 . 2009-10-29 07:46 63488 c:\windows\ie8\icardie.dll
+ 2009-12-21 22:49 . 2007-08-14 01:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 17408 c:\windows\ie8\corpol.dll
+ 2009-12-21 22:49 . 2007-08-14 01:39 71680 c:\windows\ie8\admparse.dll
+ 2009-12-21 22:52 . 2009-03-08 11:35 2048 c:\windows\ie8updates\KB975364-IE8\iecompat.dll
+ 2009-07-12 08:12 . 2009-07-12 08:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 08:09 . 2009-07-12 08:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 08:08 . 2009-07-12 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 121856 c:\windows\system32\xmllite.dll
+ 2008-04-14 12:00 . 2009-01-08 01:21 121856 c:\windows\system32\xmllite.dll
+ 2007-08-14 01:45 . 2009-03-08 11:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2008-04-14 12:00 . 2009-03-08 11:34 236544 c:\windows\system32\webcheck.dll
+ 2008-04-14 12:00 . 2009-03-08 11:33 420352 c:\windows\system32\vbscript.dll
- 2008-04-14 12:00 . 2009-10-29 07:46 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2009-12-27 14:23 305886 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2009-03-08 11:34 193536 c:\windows\system32\msrating.dll
+ 2008-04-14 12:00 . 2009-03-08 11:22 156160 c:\windows\system32\msls31.dll
- 2008-04-14 12:00 . 2007-08-14 01:54 156160 c:\windows\system32\msls31.dll
+ 2007-08-14 01:54 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 265720 c:\windows\system32\msdbg2.dll
+ 2008-04-14 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-12-16 00:33 . 2009-12-16 00:33 149280 c:\windows\system32\javaws.exe
- 2009-10-11 23:12 . 2009-10-11 23:12 149280 c:\windows\system32\javaws.exe
+ 2009-12-16 00:33 . 2009-12-16 00:33 145184 c:\windows\system32\javaw.exe
- 2009-10-11 23:12 . 2009-10-11 23:12 145184 c:\windows\system32\javaw.exe
- 2009-10-11 23:12 . 2009-10-11 23:12 145184 c:\windows\system32\java.exe
+ 2009-12-16 00:33 . 2009-12-16 00:33 145184 c:\windows\system32\java.exe
+ 2007-08-14 01:54 . 2009-03-08 11:22 164352 c:\windows\system32\ieui.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 19:27 . 2009-03-08 11:11 445952 c:\windows\system32\ieapfltr.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 163840 c:\windows\system32\ieakui.dll
+ 2008-04-14 12:00 . 2009-03-08 11:33 229376 c:\windows\system32\ieaksie.dll
+ 2008-04-14 12:00 . 2009-03-08 11:33 125952 c:\windows\system32\ieakeng.dll
+ 2008-04-14 12:00 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-03-08 11:31 216064 c:\windows\system32\dxtrans.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2009-03-08 11:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-09-23 18:30 . 2009-03-08 11:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-04-14 12:00 . 2009-03-08 11:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2008-04-14 12:00 . 2009-10-29 07:46 105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 12:00 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 12:00 . 2009-03-08 11:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2008-04-14 12:00 . 2007-08-14 01:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-04-14 12:00 . 2009-03-08 11:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-04-14 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-23 18:29 . 2009-03-08 21:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2008-04-14 12:00 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2008-04-14 12:00 . 2009-03-08 11:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-14 12:00 . 2009-03-08 11:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-14 12:00 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-03-08 11:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-14 12:00 . 2009-03-08 11:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2008-04-14 12:00 . 2009-03-08 11:32 128512 c:\windows\system32\advpack.dll
+ 2009-12-16 01:58 . 2009-12-16 01:58 424448 c:\windows\Installer\1cc0375.msi
+ 2009-12-16 00:33 . 2009-12-16 00:33 537600 c:\windows\Installer\1780a76.msi
+ 2009-12-21 22:52 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-21 22:52 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-21 22:52 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-21 22:52 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-21 22:52 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-21 22:52 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-21 22:52 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-21 22:52 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-21 22:52 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-12-21 22:52 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll
+ 2009-12-21 22:52 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe
+ 2009-12-22 01:09 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-12-22 01:09 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-12-22 01:09 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 832512 c:\windows\ie8\wininet.dll
+ 2009-12-21 22:49 . 2007-08-14 01:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-12-21 22:49 . 2009-10-29 07:46 233472 c:\windows\ie8\webcheck.dll
+ 2009-12-21 22:49 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2009-12-21 22:49 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 105984 c:\windows\ie8\url.dll
+ 2009-12-21 22:50 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-12-21 22:50 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-12-21 22:49 . 2006-09-07 00:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-12-21 22:49 . 2009-10-29 07:46 102912 c:\windows\ie8\occache.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 671232 c:\windows\ie8\mstime.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 193024 c:\windows\ie8\msrating.dll
+ 2009-12-21 22:49 . 2007-08-14 01:54 156160 c:\windows\ie8\msls31.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 477696 c:\windows\ie8\mshtmled.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 459264 c:\windows\ie8\msfeeds.dll
+ 2009-12-21 22:49 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2009-12-21 22:49 . 2009-10-28 06:54 634632 c:\windows\ie8\iexplore.exe
+ 2009-12-21 22:49 . 2007-08-14 01:54 180736 c:\windows\ie8\ieui.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 268288 c:\windows\ie8\iertutil.dll
+ 2009-12-21 22:49 . 2007-08-14 01:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-12-21 22:49 . 2007-08-14 01:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-12-21 22:49 . 2009-10-28 06:52 161792 c:\windows\ie8\ieakui.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 230400 c:\windows\ie8\ieaksie.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 153088 c:\windows\ie8\ieakeng.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 214528 c:\windows\ie8\dxtrans.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 124928 c:\windows\ie8\advpack.dll
+ 2009-07-12 03:46 . 2009-07-12 03:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 03:46 . 2009-07-12 03:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll
+ 2007-08-14 01:34 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
+ 2007-02-12 23:10 . 2009-02-07 04:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-04-14 12:00 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll
+ 2009-12-21 22:52 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-21 22:52 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-21 22:52 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 1168384 c:\windows\ie8\urlmon.dll
+ 2009-12-21 22:49 . 2009-10-29 20:16 3598336 c:\windows\ie8\mshtml.dll
+ 2009-12-21 22:49 . 2009-10-29 07:46 6067200 c:\windows\ie8\ieframe.dll
+ 2009-12-21 22:49 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2007-08-14 01:54 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll
+ 2009-12-21 22:52 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 20:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-16 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-16 2033432]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-16 01:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/15/2009 6:59 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/15/2009 6:59 PM 360584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/15/2009 9:55 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/15/2009 9:55 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/15/2009 9:55 PM 29776]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/15/2009 6:58 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/15/2009 6:58 PM 285392]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [12/15/2009 9:55 PM 1282248]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [12/15/2009 9:55 PM 3291336]
S0 cerc6;cerc6; [x]
S2 gupdate1ca4c562023c416;Google Update Service (gupdate1ca4c562023c416);c:\program files\Google\Update\GoogleUpdate.exe [10/13/2009 3:40 PM 133104]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.openofficestart.com/?cfg=1-2-1-krs
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\5jh9bcfd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.openofficestart.com/?cfg=1-2-1-krs
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 07:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-27 07:45:54
ComboFix-quarantined-files.txt 2009-12-27 14:45
ComboFix2.txt 2009-12-13 14:01

Pre-Run: 230,910,435,328 bytes free
Post-Run: 231,407,357,952 bytes free

- - End Of File - - B1C10F443A71E734484574E6C16B75F9

Please navigate to this webpage: http://support.microsoft.com/kb/313222 and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

Please download CKScanner by askey127 from here

Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

Hi - Just wanted to let you know - I am not able to run the ESET scan bc I can't stay online long enough to download and register. I'm getting booted every 10 seconds or so. I did run the microsoft fixit -- but so far there's no change.

Press start, then run and enter cmd - then hit OK.

In the command prompt window, press in the following code exactly:


netsh winsock reset catalog

Then, exit out.
==

Do you have stable Internet after performing the above process?

==

Please download RenewMyDNS by DragonMaster Jay.

• Save it to your Desktop.
  
• Right-click on the file and select Extract All...
  
• Choose a location to save extracted files and keep pressing Next until Finish.
  
• Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  
• Follow the prompts, and when finished it will launch a log.
  
• Post that log in your next reply.
  
• After posting the log, delete the folder RenewMyDNS.

Here is that log. Should I try to run that eset scan?

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : andy-a23018bc95

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-1D-09-CF-08-7D



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-1F-3A-5D-62-26

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.188.112.3

63.81.160.11

Lease Obtained. . . . . . . . . . : Sunday, December 27, 2009 5:48:17 PM

Lease Expires . . . . . . . . . . : Monday, December 28, 2009 5:44:20 PM


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))
Ping request could not find host yahoo.com. Please check the name and try again.

Ping request could not find host geekpolice.net. Please check the name and try again.

Ping request could not find host facebook.com. Please check the name and try again.

Ping request could not find host microsoft.com. Please check the name and try again.


********************
EOF

Don't worry about the ESET scan.

LSP-Check

1. Please download LSPFix from here.
   
2. Run the LSPFix.exe that you have just finished downloading.
   
3. Write down all files that are in the left column (example: mswsock.dll, winrnr.dll, rsvpsp.dll) and then post them in your next reply, along with whether or not you see the phrase "No problems found".
   

mswsock.dll Tcpip
winrnr.dll NTDS
nwprovau.dll NWLink IPX/SPX/NetBIOS
rsvpsp.dll (Protocol handler)

I do see "No problems found"

I again had to click "repair" to have the browser connect with the server

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky.fr and save it to your Desktop.

• Please close all other applications running on your system.
  
• Please double click GetSystemInfo.exe to open it.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.
  

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Here you go:

http://www.getsysteminfo.com/read.php?file=e277efc599066c71a5127e2ac0251beb

Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePath setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

Does this help?

I changed the source path to C: and restarted the computer. However, when I punched in the sfc /scannow it still asked me for the windows cd/dvd!
What am I doing wrong?

It may not be able to find the files. Do you have a Windows CD?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe
cngaudit.dll
beep.sys
wscntfy.exe
atapi.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:37 on 28/12/2009 by Andy (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
No files found.

Searching for "netlogon.dll"
No files found.

Searching for "eventlog.dll"
No files found.

Searching for "winlogon.exe"
No files found.

Searching for "comres.dll"
No files found.

Searching for "crypt32.dll"
No files found.

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
No files found.

Searching for "sfc.dll"
No files found.

Searching for "svchost.exe"
No files found.

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
No files found.

Searching for "wscntfy.exe"
No files found.

Searching for "atapi.sys"
No files found.

-=End Of File=-

I don't believe I have a windows disc but will check.

Volume in drive C has no label.
Volume Serial Number is 5CB0-4D7F

Directory of C:\WINDOWS\ERDNT\cache

04/14/2008 05:00 AM 181,248 scecli.dll

Directory of C:\WINDOWS\ERDNT\cache

04/14/2008 05:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\ERDNT\cache

04/14/2008 05:00 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/14/2008 05:00 AM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/14/2008 05:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/14/2008 05:00 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32\dllcache

04/14/2008 05:00 AM 181,248 scecli.dll

Directory of C:\WINDOWS\system32\dllcache

04/14/2008 05:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache

04/14/2008 05:00 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,933,824 bytes
0 Dir(s) 231,389,003,776 bytes free

Please go HERE. Copy and paste the following file path in to the box.

c:\windows\system32\user32.DLL

Do the same for these two files:

C:\windows\system32\userinit.exe
C:\windows\explorer.exe

Then click submit.

Please post the results (URL) to your next reply.

analisis/acd0ae7b4d5f871e148276c6cc4ae3a216e33f67fc78d827c16986e1f945438c-1261958312

analisis/944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f-1262029298

analisis/1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455-1262049808


BTW - I found a Micosoft Windows XP Operating System Reinstallation CD -- it is not from the kit of cd's that was originally installed in my pc. However, it is for Dell and I too have a Dell. Would that work for that sfc scan?

Do you have the links for the results?

I pasted the three "permalinks" (each starting with analisis..)
Since they were labeled as such and highlighted, I didn't think I needed to paste the url addresses. If I do - would I need to redo the whole process or can I somehow get back to my report pages?

I resubmitted and here are the urls:

http://www.virustotal.com/reanalisis.html?acd0ae7b4d5f871e148276c6cc4ae3a216e33f67fc78d827c16986e1f945438c-1262061410

http://www.virustotal.com/reanalisis.html?944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f-1262061455

http://www.virustotal.com/reanalisis.html?1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455-1262061521

Those are not found. Do you remember the results? (For example 0/0 or 4/41)

userinit and explorer exe both show 0/41

user32.dll shows 2/41
esafe shows win32.banker
McAfee GW edition shows - Heuristic.LooksLike.Win32.NewMalware.J

http://www.virustotal.com/analisis/acd0ae7b4d5f871e148276c6cc4ae3a216e33f67fc78d827c16986e1f945438c-1261958312

http://www.virustotal.com/analisis/944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f-1262029298

http://www.virustotal.com/analisis/1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455-1262078589

User32.dll is an important system file that will need to be replaced. It has been infected. First, we need to find where the backup location is, then we will replace it with ComboFix.

Please copy and paste the following in to Notepad:



Save this as red.bat to your Desktop. Choose Save as type: All Files.

Exit Notepad, and then double-click on it to run. It will run for a short time, then launch a log in Notepad. Please paste the results back here.

Volume in drive C has no label.
Volume Serial Number is 5CB0-4D7F

Directory of C:\windows\ERDNT\cache

04/14/2008 05:00 AM 578,560 user32.dll
1 File(s) 578,560 bytes

Directory of C:\windows\system32

04/14/2008 05:00 AM 578,560 user32.dll
1 File(s) 578,560 bytes

Directory of C:\windows\system32\dllcache

04/14/2008 05:00 AM 578,560 user32.dll
1 File(s) 578,560 bytes

Total Files Listed:
3 File(s) 1,735,680 bytes
0 Dir(s) 231,383,465,984 bytes free