search problems

A

altvic

New Member
Sorry but I keep coming back every Sunday. I appear to have my desktop computer infected again after a religious reformat and new virus/firewall installation.
This time I cannot get onto internet easily, each time I have to clean up firefox and IExplorer by deleting history etc; this has to occur each restart of the browser and works better in safe mode. ALSO, search engines do not work so I have to type in the address.
I am now on laptop.
attached are HJ and combofix logs in full mode.

many thanks for looking.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:31:40, on 31/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Dad\Desktop\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219938552078
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5021 bytes

ComboFix 08-08-23.03 - Dad 2008-08-31 7:26:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.625 [GMT 1:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-31 06:31 . 2008-08-31 06:31 <DIR> d-------- C:\Program Files\RegCure
2008-08-30 20:24 . 2008-08-30 20:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-30 20:24 . 2008-08-31 06:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-30 17:22 . 2008-08-31 06:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 07:51 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-29 00:40 . 2008-08-29 00:42 <DIR> d-------- C:\Program Files\Windows Live
2008-08-29 00:40 . 2008-08-31 06:31 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-29 00:39 . 2008-08-29 00:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-29 00:32 . 2008-08-29 00:32 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Windows Desktop Search
2008-08-29 00:31 . 2008-08-29 00:31 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-29 00:31 . 2008-08-29 00:31 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-29 00:31 . 2008-03-07 18:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-29 00:31 . 2008-03-07 18:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-29 00:31 . 2008-03-07 18:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-29 00:29 . 2008-06-23 17:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-29 00:29 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-29 00:29 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-29 00:29 . 2008-06-23 17:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-29 00:29 . 2008-06-23 17:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-29 00:29 . 2008-06-23 17:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-29 00:29 . 2008-06-23 17:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-29 00:29 . 2008-06-23 17:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-29 00:29 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-29 00:15 . 2008-08-29 00:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-29 00:13 . 2008-08-31 06:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-29 00:13 . 2008-08-29 00:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-28 23:31 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 23:30 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-28 23:29 . 2008-07-22 15:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-28 23:29 . 2008-07-22 15:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-28 23:29 . 2008-07-22 15:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-28 23:28 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-28 23:28 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-28 23:15 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-28 17:36 . 2006-11-01 18:31 1,669,120 -----c--- C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-08-28 17:35 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-28 17:34 . 2006-10-18 21:47 991,744 -----c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2008-08-28 17:33 . 2006-10-18 21:47 542,720 -----c--- C:\WINDOWS\system32\dllcache\blackbox.dll
2008-08-28 16:53 . 2008-08-29 09:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-28 16:49 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-28 16:49 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-28 16:49 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-28 16:49 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-28 16:47 . 2008-08-28 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-28 16:27 . 2008-08-28 16:28 <DIR> d-------- C:\Program Files\BitLord
2008-08-28 16:21 . 2008-08-28 16:21 <DIR> d--hs---- C:\Documents and Settings\Dad\UserData
2008-08-26 11:03 . 2008-08-28 16:09 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\skypePM
2008-08-26 11:03 . 2008-08-26 11:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-26 11:02 . 2008-08-28 16:48 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Program Files\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-25 22:51 . 2001-05-03 10:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-08-25 22:51 . 1996-02-26 22:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-08-25 22:28 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-08-25 22:28 . 2008-04-13 19:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-25 22:28 . 2008-04-14 01:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-25 22:28 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-25 22:26 . 2008-08-25 22:26 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Talkback
2008-08-25 21:15 . 2008-08-25 21:16 <DIR> d-------- C:\Program Files\OUeTMAFileHandler
2008-08-25 21:15 . 2008-08-25 21:15 245,760 --------- C:\WINDOWS\OUFHSetup1.exe
2008-08-25 21:15 . 2008-08-25 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-08-25 21:11 . 2008-08-25 22:51 <DIR> d-------- C:\Program Files\FirstClass
2008-08-25 21:11 . 2008-08-25 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
2008-08-25 18:13 . 2008-08-25 18:13 <DIR> d-------- C:\Program Files\PowerQuest
2008-08-25 17:15 . 2008-08-25 17:15 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-08-25 16:44 . 2008-08-31 06:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OsaSync
2008-08-25 16:08 . 2008-08-25 16:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-25 16:07 . 2008-08-25 16:08 <DIR> d-------- C:\Program Files\CCleaner
2008-08-25 15:54 . 2008-08-25 15:54 1,160 --a------ C:\WINDOWS\mozver.dat
2008-08-25 15:53 . 2008-08-25 15:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-25 15:42 . 2008-08-25 15:41 102,400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys
2008-08-25 15:42 . 2008-08-25 15:41 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2008-08-25 15:41 . 2008-08-25 15:41 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-25 15:41 . 2008-08-25 15:41 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-08-25 15:41 . 2008-08-25 15:41 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-08-25 15:26 . 2008-08-25 15:42 <DIR> d-------- C:\Program Files\COMODO
2008-08-25 15:26 . 2008-08-25 15:26 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Comodo
2008-08-25 15:26 . 2008-08-25 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-25 15:26 . 2008-08-25 15:26 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-25 15:26 . 2008-08-25 15:26 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-25 15:26 . 2008-08-25 15:26 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-25 15:13 . 2008-08-25 15:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-25 14:52 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-25 14:52 . 2008-08-25 15:41 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-25 14:52 . 2008-08-25 15:41 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-25 14:50 . 2002-01-11 10:54 167,936 -ra------ C:\WINDOWS\A4.dll
2008-08-25 14:50 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-08-25 14:50 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-08-25 14:50 . 2001-10-18 11:01 45,056 -ra------ C:\WINDOWS\GetKey.dll
2008-08-25 14:50 . 2008-04-13 19:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-25 14:50 . 2001-03-14 18:07 8,192 --------- C:\WINDOWS\system32\drivers\Artec48.usb
2008-08-25 14:50 . 2002-01-06 04:57 7,168 -ra------ C:\WINDOWS\system32\48UMicro.dll
2008-08-25 14:17 . 2008-08-25 16:03 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\stickies
2008-08-25 14:16 . 2008-08-25 14:16 <DIR> d-------- C:\Program Files\Stickies
2008-08-25 14:16 . 2008-08-25 14:16 <DIR> d-------- C:\Program Files\OsaSync
2008-08-25 14:16 . 2000-12-05 23:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-08-25 14:16 . 1998-10-09 15:04 65,024 --a------ C:\WINDOWS\system32\apigid32.dll
2008-08-25 14:16 . 2001-12-11 12:31 49,152 --a------ C:\WINDOWS\system32\advutil.dll
2008-08-25 14:15 . 2008-08-25 14:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-25 14:14 . 2008-08-25 14:14 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-25 14:12 . 2008-08-29 00:07 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-25 14:12 . 2008-08-31 06:31 <DIR> d-------- C:\Program Files\MSECache
2008-08-25 14:09 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-25 14:09 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-25 14:08 . 2008-08-25 14:08 <DIR> d-------- C:\Program Files\Microsoft Works
2008-08-25 14:07 . 2008-08-25 14:07 <DIR> d-------- C:\Program Files\MSBuild
2008-08-25 14:07 . 2008-08-29 08:43 <DIR> d-------- C:\Document Themes 12
2008-08-25 14:07 . 2008-08-25 14:07 <DIR> d-------- C:\CLIPART
2008-08-25 14:04 . 2008-08-25 14:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-25 14:04 . 2008-08-25 14:04 <DIR> d-------- C:\Templates
2008-08-25 14:04 . 2008-08-25 14:04 <DIR> d-------- C:\Stationery
2008-08-25 14:04 . 2008-08-31 06:30 <DIR> d-------- C:\Office12
2008-08-25 14:04 . 2008-08-25 14:04 <DIR> d-------- C:\MEDIA
2008-08-25 14:04 . 2008-08-31 06:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-25 14:03 . 2008-08-25 14:03 <DIR> dr-h----- C:\MSOCache
2008-08-25 14:00 . 2008-08-25 14:00 <DIR> d-------- C:\Program Files\Brownie
2008-08-25 13:59 . 2002-12-20 01:00 163,840 --a------ C:\WINDOWS\system32\BRSPL01A.DLL
2008-08-25 13:59 . 2002-08-30 01:00 102,400 --a------ C:\WINDOWS\system32\BRSPL01A.EXE
2008-08-25 13:59 . 2002-06-10 01:02 81,920 --a------ C:\WINDOWS\system32\BRSPLWMK.DLL
2008-08-25 13:59 . 2002-09-11 01:03 77,824 --a------ C:\WINDOWS\system32\BRSPL2KB.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 12:37 24,064 ----a-w C:\WINDOWS\autoload.exe
2008-08-25 10:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-26 21:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
2008-05-26 21:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
2008-05-26 21:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 21:19 273,408 ------w C:\WINDOWS\system32\oeph.dll
2008-05-26 21:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll
2008-05-26 21:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
2008-05-26 21:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll
2008-05-26 21:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll
2008-05-26 21:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll
2008-05-26 21:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll
2008-05-26 21:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 21:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll
2008-05-26 21:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
2008-05-26 21:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
2008-05-26 21:18 350,208 ------w C:\WINDOWS\system32\mssph.dll
2008-05-26 21:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll
2008-05-26 21:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
2008-05-26 21:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 21:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 21:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
2008-05-26 21:17 754,176 ------w C:\WINDOWS\system32\propsys.dll
2008-05-26 21:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
2008-05-26 21:17 34,816 ------w C:\WINDOWS\system32\msscb.dll
2008-05-26 21:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
2008-05-26 21:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
2008-05-26 21:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll
2008-05-26 20:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 20:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
.

------- Sigcheck -------

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-14 01:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 01:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2008-04-14 01:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-25 15:26 1655552]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-08-25 15:41 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
2008-08-25 15:41 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-08 15:25 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2005-04-12 10:11 229376 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-01-10 15:04 4263936 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
-ra------ 2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2003-01-10 15:04 315392 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Office12\\OUTLOOK.EXE"=
"C:\\Office12\\GROOVE.EXE"=
"C:\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\COMODO\\Comodo AntiVirus\\CavEmSrv.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-25 15:26]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-25 15:26]
R2 ATTSCAP;AVerMedia, WDM MPEG-2 TS Capture (DVBT);C:\WINDOWS\system32\drivers\attscap.sys [2003-06-24 12:19]
R2 ATVCAP;AVerMedia, DVB-T WDM Video Capture;C:\WINDOWS\system32\drivers\atvcap.sys [2003-06-24 12:22]
R2 ATXBAR;AVerMedia, DVB-T WDM Crossbar;C:\WINDOWS\system32\drivers\ATXBAR.sys [2003-06-24 12:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j2tcx1li.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bbc.co.uk/
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 07:28:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-08-31 7:30:25
ComboFix-quarantined-files.txt 2008-08-31 06:30:19

Pre-Run: 75,533,938,688 bytes free
Post-Run: 75,522,768,896 bytes free

288
 
I have attempted to run virus checks etc but not getting any better. Whether I open IExplore or Firfox it is difficult or impossible to serch for urls. I have noted that when I delete the cach/history I have a better chance of successfully clicking on a url and going to it; but this is hit and miss.
Regards

Latest hijack first then combo below.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:20, on 01/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Dad\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.co.uk/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219938552078
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5212 bytes

ComboFix 08-08-31.01 - Dad 2008-09-01 13:50:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.588 [GMT 1:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 09:17 . 2008-09-01 09:17 <DIR> d-------- C:\Program Files\eAnnouncer
2008-09-01 09:17 . 2008-09-01 12:01 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\eAnnouncer
2008-09-01 00:08 . 2008-09-01 00:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-01 00:07 . 2008-09-01 00:09 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-01 00:07 . 2008-09-01 00:07 <DIR> d-------- C:\Program Files\AVG
2008-09-01 00:07 . 2008-09-01 09:30 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-31 23:52 . 2008-09-01 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-31 22:02 . 2008-08-31 22:02 <DIR> d--hs---- C:\Documents and Settings\Dad\PrivacIE
2008-08-31 21:55 . 2008-08-31 21:56 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-08-31 21:47 . 2008-08-31 21:47 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-31 17:33 . 2008-08-31 17:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 16:04 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-31 16:04 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-31 07:35 . 2008-09-01 00:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-31 06:31 . 2008-08-31 06:31 <DIR> d-------- C:\Program Files\RegCure
2008-08-30 20:24 . 2008-08-30 20:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-30 20:24 . 2008-08-31 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-30 17:22 . 2008-08-31 06:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 07:51 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-29 00:40 . 2008-08-29 00:42 <DIR> d-------- C:\Program Files\Windows Live
2008-08-29 00:40 . 2008-08-31 06:31 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-29 00:39 . 2008-08-29 00:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-29 00:32 . 2008-08-29 00:32 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Windows Desktop Search
2008-08-29 00:31 . 2008-08-29 00:31 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-29 00:31 . 2008-08-29 00:31 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-29 00:31 . 2008-03-07 18:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-29 00:31 . 2008-03-07 18:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-29 00:31 . 2008-03-07 18:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-29 00:29 . 2008-08-22 03:10 11,985,408 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-29 00:29 . 2008-07-29 22:58 3,670,112 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-29 00:29 . 2008-08-22 03:06 1,778,688 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-29 00:29 . 2008-08-22 03:15 1,216,512 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-29 00:29 . 2008-08-22 03:05 580,608 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-29 00:29 . 2008-08-22 02:42 443,392 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-29 00:29 . 2008-08-22 03:05 61,952 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-29 00:29 . 2008-08-22 03:05 53,760 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-29 00:29 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-29 00:15 . 2008-08-29 00:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-29 00:13 . 2008-08-31 08:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-29 00:13 . 2008-08-29 00:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-28 23:31 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 23:30 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-28 23:29 . 2008-07-22 15:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-28 23:29 . 2008-07-22 15:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-28 23:29 . 2008-07-22 15:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-28 23:28 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-28 23:28 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-28 23:15 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-28 17:36 . 2006-11-01 18:31 1,669,120 -----c--- C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-08-28 17:35 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-28 17:34 . 2006-10-18 21:47 991,744 -----c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2008-08-28 17:33 . 2006-10-18 21:47 542,720 -----c--- C:\WINDOWS\system32\dllcache\blackbox.dll
2008-08-28 16:53 . 2008-08-29 09:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-28 16:49 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-28 16:49 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-28 16:49 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-28 16:49 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-28 16:47 . 2008-08-28 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-28 16:27 . 2008-08-28 16:28 <DIR> d-------- C:\Program Files\BitLord
2008-08-28 16:21 . 2008-08-28 16:21 <DIR> d--hs---- C:\Documents and Settings\Dad\UserData
2008-08-26 11:03 . 2008-08-28 16:09 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\skypePM
2008-08-26 11:03 . 2008-08-26 11:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-26 11:02 . 2008-08-28 16:48 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Program Files\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-25 22:51 . 2001-05-03 10:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-08-25 22:51 . 1996-02-26 22:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-08-25 22:28 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-08-25 22:28 . 2008-04-13 19:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-25 22:28 . 2008-04-14 01:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-25 22:28 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-25 22:26 . 2008-08-25 22:26 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Talkback
2008-08-25 21:15 . 2008-08-25 21:16 <DIR> d-------- C:\Program Files\OUeTMAFileHandler
2008-08-25 21:15 . 2008-08-25 21:15 245,760 --------- C:\WINDOWS\OUFHSetup1.exe
2008-08-25 21:15 . 2008-08-25 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-08-25 21:11 . 2008-08-25 22:51 <DIR> d-------- C:\Program Files\FirstClass
2008-08-25 21:11 . 2008-08-25 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
2008-08-25 18:13 . 2008-08-25 18:13 <DIR> d-------- C:\Program Files\PowerQuest
2008-08-25 17:15 . 2008-08-25 17:15 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-08-25 16:44 . 2008-08-31 08:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OsaSync
2008-08-25 16:08 . 2008-08-25 16:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-25 16:07 . 2008-08-25 16:08 <DIR> d-------- C:\Program Files\CCleaner
2008-08-25 15:54 . 2008-08-25 15:54 1,160 --a------ C:\WINDOWS\mozver.dat
2008-08-25 15:53 . 2008-08-25 15:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-25 15:42 . 2008-08-25 15:41 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2008-08-25 15:41 . 2008-08-25 15:41 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-25 15:41 . 2008-08-25 15:41 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-08-25 15:41 . 2008-08-25 15:41 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-08-25 15:26 . 2008-08-31 08:13 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Comodo
2008-08-25 15:26 . 2008-08-31 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-25 15:13 . 2008-08-25 15:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-25 14:52 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-25 14:52 . 2008-08-25 15:41 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-25 14:52 . 2008-08-25 15:41 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-25 14:50 . 2002-01-11 10:54 167,936 -ra------ C:\WINDOWS\A4.dll
2008-08-25 14:50 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-08-25 14:50 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-08-25 14:50 . 2001-10-18 11:01 45,056 -ra------ C:\WINDOWS\GetKey.dll
2008-08-25 14:50 . 2008-04-13 19:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-25 14:50 . 2001-03-14 18:07 8,192 --------- C:\WINDOWS\system32\drivers\Artec48.usb
2008-08-25 14:50 . 2002-01-06 04:57 7,168 -ra------ C:\WINDOWS\system32\48UMicro.dll
2008-08-25 14:17 . 2008-08-25 16:03 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\stickies
2008-08-25 14:16 . 2008-08-25 14:16 <DIR> d-------- C:\Program Files\Stickies
2008-08-25 14:15 . 2008-08-25 14:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-25 14:14 . 2008-08-25 14:14 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-25 14:12 . 2008-08-29 00:07 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-08-25 14:12 . 2008-08-31 06:31 <DIR> d-------- C:\Program Files\MSECache
2008-08-25 14:09 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-25 14:09 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-25 14:08 . 2008-08-25 14:08 <DIR> d-------- C:\Program Files\Microsoft Works
2008-08-25 14:07 . 2008-08-25 14:07 <DIR> d-------- C:\Program Files\MSBuild
2008-08-25 14:07 . 2008-08-29 08:43 <DIR> d-------- C:\Document Themes 12
2008-08-25 14:07 . 2008-08-25 14:07 <DIR> d-------- C:\CLIPART
2008-08-25 14:04 . 2008-08-25 14:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-25 14:04 . 2008-08-25 14:04 <DIR> d-------- C:\Templates
2008-08-25 14:04 . 2008-08-25 14:04 <DIR> d-------- C:\Stationery
2008-08-25 14:04 . 2008-08-31 21:01 <DIR> d-------- C:\Office12
2008-08-25 14:04 . 2008-08-25 14:04 <DIR> d-------- C:\MEDIA
2008-08-25 14:04 . 2008-08-31 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-25 14:03 . 2008-08-25 14:03 <DIR> dr-h----- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 12:37 24,064 ----a-w C:\WINDOWS\autoload.exe
2008-08-25 10:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 02:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 02:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 02:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 02:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 02:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-12 10:27 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 10:27 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-06-12 10:27 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-06-12 10:27 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-01 09:30 1235736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-08 15:25 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-01-10 15:04 4263936 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
-ra------ 2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2003-01-10 15:04 315392 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Office12\\OUTLOOK.EXE"=
"C:\\Office12\\GROOVE.EXE"=
"C:\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-01 09:30]
R2 ATTSCAP;AVerMedia, WDM MPEG-2 TS Capture (DVBT);C:\WINDOWS\system32\drivers\attscap.sys [2003-06-24 12:19]
R2 ATVCAP;AVerMedia, DVB-T WDM Video Capture;C:\WINDOWS\system32\drivers\atvcap.sys [2003-06-24 12:22]
R2 ATXBAR;AVerMedia, DVB-T WDM Crossbar;C:\WINDOWS\system32\drivers\ATXBAR.sys [2003-06-24 12:23]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 09:30]

*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\j2tcx1li.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bbc.co.uk/
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 13:51:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-01 13:53:04
ComboFix-quarantined-files.txt 2008-09-01 12:53:02
ComboFix2.txt 2008-08-31 06:30:27

Pre-Run: 73,915,604,992 bytes free
Post-Run: 73,902,120,960 bytes free

247 --- E O F --- 2008-08-31 20:33:26
 
Try and do the following:

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 
Thanks Cohen I'll do as you suggest.
I have noticed that firefox in safe mode works really well but still cannot access my home site for some reason (www.bbc.co.uk).
 
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 02, 2008 00:43:26
Records in database: 1176244


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 57321
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:30:44

No malware has been detected. The scan area is clean.
The selected area was scanned
 
Ok, thanks,

Pls wait for a pro, like ceewi1 to come along and post further instructions.
 
Hi
I have been running adaware etc all week + kapersky and avg but I still have this annoying problem:
Even in safe mode I cannot get to www.bbc.co.uk home page or anything linked to that; I have tried to locate with no virus checker/firewall and in firefox safe mode without success. Otherwise, the computer appears to be running well.
This moring I ran combo then hijack in windows safe mode, the results are below.
I would be greatful for any help. Tnank you.

ComboFix 08-09-05.02 - Administrator 2008-09-07 5:05:59.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.798 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-06 19:30 . 2008-09-06 19:33 <DIR> d-------- C:\Program Files\Weather Watcher
2008-09-06 19:17 . 2008-09-06 19:20 <DIR> d-------- C:\Program Files\RegCure
2008-09-04 18:17 . 2008-09-04 18:17 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Windows Search
2008-09-01 23:43 . 2008-09-01 23:43 <DIR> d-------- C:\WINDOWS\Sun
2008-09-01 23:42 . 2008-09-01 23:42 <DIR> d-------- C:\Program Files\Google
2008-09-01 23:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-01 23:41 . 2008-09-01 23:42 <DIR> d-------- C:\Program Files\Java
2008-09-01 23:40 . 2008-09-01 23:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-01 16:22 . 2008-09-01 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-09-01 16:22 . 2008-09-01 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-09-01 16:19 . 2008-09-01 16:19 30,720 --a------ C:\WINDOWS\6816White12.dat
2008-09-01 16:19 . 2008-09-01 16:19 30,720 --a------ C:\WINDOWS\6816Dark12.dat
2008-09-01 16:19 . 2008-09-01 18:07 414 --a------ C:\WINDOWS\Ausba4.ini
2008-09-01 16:19 . 2008-09-01 16:19 6 --a------ C:\WINDOWS\6816Exposure.dat
2008-09-01 16:19 . 2008-09-01 16:19 4 --a------ C:\WINDOWS\6816Error.dat
2008-09-01 16:19 . 2008-09-01 16:19 3 --a------ C:\WINDOWS\6816Offset.dat
2008-09-01 16:19 . 2008-09-01 16:19 3 --a------ C:\WINDOWS\6816Gain.dat
2008-09-01 09:17 . 2008-09-01 09:17 <DIR> d-------- C:\Program Files\eAnnouncer
2008-09-01 09:17 . 2008-09-01 12:01 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\eAnnouncer
2008-09-01 00:08 . 2008-09-01 00:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-01 00:07 . 2008-09-07 04:50 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-01 00:07 . 2008-09-01 00:07 <DIR> d-------- C:\Program Files\AVG
2008-09-01 00:07 . 2008-09-01 09:30 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-31 23:52 . 2008-09-01 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-31 22:02 . 2008-08-31 22:02 <DIR> d--hs---- C:\Documents and Settings\Dad\PrivacIE
2008-08-31 21:55 . 2008-08-31 21:56 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-08-31 21:47 . 2008-08-31 21:47 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-31 17:33 . 2008-08-31 17:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 16:04 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-31 16:04 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-31 07:35 . 2008-09-01 00:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-30 20:24 . 2008-08-30 20:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-30 20:24 . 2008-08-31 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-30 17:22 . 2008-08-31 06:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 07:51 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-29 00:40 . 2008-08-29 00:42 <DIR> d-------- C:\Program Files\Windows Live
2008-08-29 00:40 . 2008-08-31 06:31 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-29 00:39 . 2008-08-29 00:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-29 00:32 . 2008-08-29 00:32 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Windows Desktop Search
2008-08-29 00:31 . 2008-08-29 00:31 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-29 00:31 . 2008-08-29 00:31 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-29 00:31 . 2008-03-07 18:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-29 00:31 . 2008-03-07 18:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-29 00:31 . 2008-03-07 18:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-29 00:29 . 2008-08-22 03:10 11,985,408 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-29 00:29 . 2008-07-29 22:58 3,670,112 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-29 00:29 . 2008-08-22 03:06 1,778,688 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-29 00:29 . 2008-08-22 03:15 1,216,512 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-29 00:29 . 2008-08-22 03:05 580,608 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-29 00:29 . 2008-08-22 02:42 443,392 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-29 00:29 . 2008-08-22 03:05 61,952 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-29 00:29 . 2008-08-22 03:05 53,760 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-29 00:29 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-29 00:15 . 2008-08-29 00:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-29 00:13 . 2008-08-31 08:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-29 00:13 . 2008-08-29 00:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-28 23:31 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 23:30 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-28 23:29 . 2008-07-22 15:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-28 23:29 . 2008-07-22 15:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-28 23:29 . 2008-07-22 15:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-28 23:28 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-28 23:28 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-28 23:15 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-28 17:36 . 2006-11-01 18:31 1,669,120 -----c--- C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-08-28 17:35 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-28 17:34 . 2006-10-18 21:47 991,744 -----c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2008-08-28 17:33 . 2006-10-18 21:47 542,720 -----c--- C:\WINDOWS\system32\dllcache\blackbox.dll
2008-08-28 16:53 . 2008-08-29 09:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-28 16:49 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-28 16:49 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-28 16:49 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-28 16:49 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-28 16:47 . 2008-08-28 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-28 16:27 . 2008-08-28 16:28 <DIR> d-------- C:\Program Files\BitLord
2008-08-28 16:21 . 2008-08-28 16:21 <DIR> d--hs---- C:\Documents and Settings\Dad\UserData
2008-08-26 11:03 . 2008-09-05 04:14 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\skypePM
2008-08-26 11:03 . 2008-08-26 11:03 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-26 11:02 . 2008-09-06 00:16 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Program Files\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-26 11:01 . 2008-08-26 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-25 22:51 . 2001-05-03 10:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-08-25 22:51 . 1996-02-26 22:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-08-25 22:28 . 2008-04-13 19:45 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-08-25 22:28 . 2008-04-13 19:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-25 22:28 . 2008-04-14 01:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-25 22:28 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-25 22:26 . 2008-08-25 22:26 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Talkback
2008-08-25 21:15 . 2008-08-25 21:16 <DIR> d-------- C:\Program Files\OUeTMAFileHandler
2008-08-25 21:15 . 2008-08-25 21:15 245,760 --------- C:\WINDOWS\OUFHSetup1.exe
2008-08-25 21:15 . 2008-08-25 21:15 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-08-25 21:11 . 2008-08-25 22:51 <DIR> d-------- C:\Program Files\FirstClass
2008-08-25 21:11 . 2008-08-25 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
2008-08-25 18:13 . 2008-08-25 18:13 <DIR> d-------- C:\Program Files\PowerQuest
2008-08-25 17:15 . 2008-08-25 17:15 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-08-25 16:44 . 2008-08-31 08:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OsaSync
2008-08-25 16:08 . 2008-08-25 16:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-25 16:07 . 2008-08-25 16:08 <DIR> d-------- C:\Program Files\CCleaner
2008-08-25 15:54 . 2008-08-25 15:54 1,160 --a------ C:\WINDOWS\mozver.dat
2008-08-25 15:53 . 2008-08-25 15:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-25 15:42 . 2008-08-25 15:41 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2008-08-25 15:41 . 2008-08-25 15:41 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-25 15:41 . 2008-08-25 15:41 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-08-25 15:41 . 2008-08-25 15:41 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-08-25 15:26 . 2008-08-31 08:13 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Comodo
2008-08-25 15:26 . 2008-08-31 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-25 15:13 . 2008-08-25 15:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-25 14:52 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-25 14:52 . 2008-08-25 15:41 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-25 14:52 . 2008-08-25 15:41 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-25 14:50 . 2002-01-11 10:54 167,936 -ra------ C:\WINDOWS\A4.dll
2008-08-25 14:50 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-08-25 14:50 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-08-25 14:50 . 2001-10-18 11:01 45,056 -ra------ C:\WINDOWS\GetKey.dll
2008-08-25 14:50 . 2008-04-13 19:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-25 14:50 . 2001-03-14 18:07 8,192 --------- C:\WINDOWS\system32\drivers\Artec48.usb
2008-08-25 14:50 . 2002-01-06 04:57 7,168 -ra------ C:\WINDOWS\system32\48UMicro.dll
2008-08-25 14:17 . 2008-09-06 23:41 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\stickies
2008-08-25 14:16 . 2008-08-25 14:16 <DIR> d-------- C:\Program Files\Stickies
2008-08-25 14:15 . 2008-08-25 14:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 12:37 24,064 ----a-w C:\WINDOWS\autoload.exe
2008-08-25 10:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 02:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 02:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 02:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 02:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 02:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-05 16:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-12 10:27 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 10:27 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-06-12 10:27 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-06-12 10:27 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-01 1235736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-08 15:25 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-01-10 15:04 4263936 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-01 23:42 162744 C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
-ra------ 2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2003-01-10 15:04 315392 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Office12\\OUTLOOK.EXE"=
"C:\\Office12\\GROOVE.EXE"=
"C:\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-01 97928]
S2 ATTSCAP;AVerMedia, WDM MPEG-2 TS Capture (DVBT);C:\WINDOWS\system32\drivers\attscap.sys [2003-06-24 18048]
S2 ATVCAP;AVerMedia, DVB-T WDM Video Capture;C:\WINDOWS\system32\drivers\atvcap.sys [2003-06-24 56320]
S2 ATXBAR;AVerMedia, DVB-T WDM Crossbar;C:\WINDOWS\system32\drivers\ATXBAR.sys [2003-06-24 8576]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]

*Newly Created Service* - ATXBAR
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gn8lt8xp.default\
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 05:07:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-07 5:08:29
ComboFix-quarantined-files.txt 2008-09-07 04:08:22
ComboFix2.txt 2008-09-01 12:53:05
ComboFix3.txt 2008-08-31 06:30:27

Pre-Run: 74,677,362,688 bytes free
Post-Run: 74,662,916,096 bytes free

253 --- E O F --- 2008-08-31 20:33:26


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:11:49, on 07/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219938552078
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5199 bytes
 
Hijack in ord mode

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:02:28, on 07/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dad\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219938552078
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5635 bytes
 
You must log in or register to reply here.
Back
Top