Cannot access Antivirus Sites/Google/Avast etc.

bohe

thanks bakuryu, here is the combofix log:

ComboFix 09-01-08.01 - alef 2009-01-09 10:42:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.284 [GMT -2:00]
Running from: c:\documents and settings\alef\Desktop\Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\eMule_Secure\Cookies\Prison Break s03e09 Vostfr Dvdrip.avi
c:\documents and settings\eMule_Secure\Cookies\Prison Break s03e10 Vostfr Hdtv.wmv
c:\documents and settings\eMule_Secure\Cookies\prison break s03x09 VOST..avi
c:\windows\system32\drivers\TDSSmhlt.sys
c:\windows\system32\TDSShrxr.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlrvd.dat
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSrhyp.log
c:\windows\system32\TDSSrtql.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSxfum.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-08 16:00 . 2009-01-08 16:00 149 --a------ c:\windows\wininit.ini
2009-01-08 14:09 . 2009-01-08 23:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-08 14:09 . 2009-01-09 10:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 13:44 . 2009-01-08 13:44 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 23:12 . 2009-01-09 10:03 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-07 23:12 . 2009-01-07 23:25 <DIR> d-------- c:\documents and settings\bet\Application Data\AVGTOOLBAR
2009-01-07 23:12 . 2009-01-07 23:12 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-07 23:12 . 2009-01-07 23:12 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-07 23:12 . 2009-01-07 23:12 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-07 23:10 . 2009-01-07 23:19 <DIR> d-------- c:\windows\nview
2009-01-07 23:10 . 2004-10-26 12:01 13,866 --a------ c:\windows\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-08 18:05 --------- d-----w c:\documents and settings\alef\Application Data\mIRC
2009-01-08 16:15 --------- d-----w c:\program files\mIRC
2009-01-08 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-01-07 15:21 90,112 ----a-w c:\windows\DUMP7095.tmp
2009-01-07 14:17 90,112 ----a-w c:\windows\DUMP7136.tmp
2009-01-07 14:16 90,112 ----a-w c:\windows\DUMP7135.tmp
2009-01-07 14:15 90,112 ----a-w c:\windows\DUMP72da.tmp
2009-01-07 14:13 90,112 ----a-w c:\windows\DUMP712b.tmp
2009-01-06 11:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-31 17:56 90,112 ----a-w c:\windows\DUMP67f0.tmp
2008-12-24 23:43 --------- d-----w c:\program files\Google
2008-12-17 19:44 --------- d-----w c:\program files\DYNALOG
2008-10-28 02:09 90,112 ----a-w c:\windows\DUMP6c0b.tmp
2008-10-28 02:07 90,112 ----a-w c:\windows\DUMP6818.tmp
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT \TINTSETP.EXE" [2002-09-03 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TIN TSETP.EXE" [2002-09-03 455168]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2002-08-22 143360]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-07 1261336]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2008-04-13 169984]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"PCTVOICE"="pctspk.exe" [2002-07-18 c:\windows\system32\pctspk.exe]
"nwiz"="nwiz.exe" [2004-10-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\3ivxConfig.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 as6eio;as6eio;c:\windows\system32\drivers\AS6EIO.S YS [2008-07-15 3616]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-07 97928]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2008-07-03 24786]
R3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-07 231704]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-07 875288]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-07 76040]
R4 MSSQL$HWOF;MSSQL$HWOF;c:\program files\Microsoft SQL Server\MSSQL$HWOF\Binn\sqlservr.exe [2005-05-04 9150464]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2008-08-04 45534]
S3 SQLAgent$HWOF;SQLAgent$HWOF;c:\program files\Microsoft SQL Server\MSSQL$HWOF\Binn\sqlagent.EXE [2005-05-03 323584]
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe


.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\alef\Application Data\Mozilla\Firefox\Profiles\naz7ufb6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector .dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 10:46:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\alef\LOCALS~1\Temp\Perflib_Perfdata_c9 0.dat 0 bytes

scan completed successfully
hidden files: 1

************************************************** ************************
.
Completion time: 2009-01-09 10:47:59
ComboFix-quarantined-files.txt 2009-01-09 12:47:41

Pre-Run: 14,867,709,952 bytes free
Post-Run: 15,191,556,096 bytes free

176 --- E O F --- 2008-12-19 11:14:53

Strider

Hi bohe,

It looks like your problems are fixed. The following entries were the culprits:

So, your problems are fixed now?

__________________
Want to ask a question? Try This! A guide on how to post a question, reply to a post etc.

bohe

Thanks strider, yes it seems that my probles are fixed. Thanks you guys. Keep up the good work.

nicky2412

Strider, thank you, I did everything you said and I think all is good, I really appreciate the help! I ran hijackthis again, does it look clean now?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:35 AM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\AppRanger\SWSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AppRanger\SWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ESPN: The Worldwide Leader In Sports
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AppRanger IE Sandbox - {1ec7abb1-e555-404b-901c-6d24af4ce44d} - C:\Program Files\AppRanger\TSBoxIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SWTray] C:\Program Files\AppRanger\SWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Txoculukacega] rundll32.exe "C:\WINDOWS\Apaban.dll",e
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-21-1929826288-3674321825-1826784771-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'nicky')
O4 - HKUS\S-1-5-21-1929826288-3674321825-1826784771-1008\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'nicky')
O4 - HKUS\S-1-5-21-1929826288-3674321825-1826784771-1008\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUt il.exe -p (User 'nicky')
O4 - HKUS\S-1-5-21-1929826288-3674321825-1826784771-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Eric')
O4 - HKUS\S-1-5-21-1929826288-3674321825-1826784771-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppRanger Service (apprngr_svc) - AppRanger, Inc. - C:\Program Files\AppRanger\SWSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11482 bytes

nicky2412

And here is the combofix log:
ComboFix 09-01-08.05 - Home 2009-01-09 19:14:58.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1006.657 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1296 [VPS 090109-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaifmqrdkt.sys
c:\windows\system32\gytigy.dll
c:\windows\system32\hpowiax8.dll
c:\windows\system32\naeqsedo.dll
c:\windows\system32\QXxFNqru.ini
c:\windows\system32\QXxFNqru.ini2
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekaetloriqj.dll
c:\windows\system32\senekahbaqgivk.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaovtkwbkm.dll
c:\windows\system32\syvtya.dll
c:\windows\system32\uhmkdtvs.dll
c:\windows\system32\xevdnqbq.ini
c:\windows\system32\yoanhboc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-08 20:54 . 2009-01-08 20:57 <DIR> d-------- C:\Fix
2009-01-08 19:52 . 2009-01-08 19:52 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 19:47 . 2009-01-07 19:47 73,216 --a------ c:\windows\system32\ffkuz.dll
2009-01-05 19:07 . 2009-01-05 19:07 <DIR> d-------- c:\program files\AVG
2009-01-04 15:27 . 2009-01-04 15:27 <DIR> d-------- c:\program files\Alwil Software
2009-01-04 15:27 . 2009-01-04 15:27 0 --------- c:\windows\system32\asw139.tmp
2009-01-03 21:49 . 2009-01-03 21:49 135,168 --a------ c:\windows\oxigizoy.dll
2009-01-03 21:41 . 2009-01-03 21:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 21:41 . 2009-01-03 21:41 <DIR> d-------- c:\documents and settings\Home\Application Data\Malwarebytes
2009-01-03 21:41 . 2009-01-03 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 21:41 . 2008-10-16 20:25 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 21:41 . 2008-10-16 20:25 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 21:39 . 2009-01-03 21:39 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-03 20:45 . 2009-01-03 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-03 20:44 . 2009-01-03 20:44 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-03 20:44 . 2009-01-03 20:44 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-03 20:44 . 2009-01-03 20:44 <DIR> d-------- c:\documents and settings\Home\Application Data\SUPERAntiSpyware.com
2009-01-03 20:37 . 2009-01-03 20:37 <DIR> d-------- c:\windows\logs
2009-01-03 20:37 . 2009-01-03 20:37 <DIR> d-------- c:\program files\AppRanger
2009-01-03 20:37 . 2009-01-08 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\AppRanger
2009-01-03 20:31 . 2009-01-04 07:46 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-03 20:31 . 2009-01-03 21:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-03 20:00 . 2005-04-06 08:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-01-03 20:00 . 2005-04-06 08:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-01-03 20:00 . 2005-04-06 08:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2009-01-03 20:00 . 2009-01-03 20:00 <DIR> d-------- c:\documents and settings\Administrator
2009-01-03 19:30 . 2009-01-03 19:30 <DIR> d-------- c:\documents and settings\Eric\Application Data\HPAppData
2009-01-03 18:16 . 2009-01-03 18:16 <DIR> d-------- c:\windows\system32\config\systemprofile\Applicati on Data\s_4610_fHx8fHx8fDEyNDM2NTA3MDd8_
2009-01-03 18:16 . 2009-01-03 18:20 <DIR> d-------- c:\windows\system32\config\systemprofile\Applicati on Data\Rapid Antivirus
2009-01-03 17:56 . 2009-01-03 17:56 40,448 --a------ c:\windows\system32\k9261108.exe
2009-01-03 17:56 . 2009-01-03 17:56 40,448 --a------ c:\windows\Apaban.dll
2008-12-17 20:50 . 2008-12-17 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-17 19:36 . 2008-12-06 05:05 1,203,770 --------- c:\windows\system32\dllcache\sysmain.sdb
2008-12-12 16:02 . 2008-12-12 16:02 207,872 --a------ c:\windows\system32\drivers\apprngr.sys
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-05 23:53 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-01-03 22:47 --------- d-----w c:\documents and settings\Home\Application Data\HPAppData
2008-12-18 01:52 --------- d-----w c:\program files\Bonjour
2008-12-18 01:50 --------- d-----w c:\program files\iTunes
2008-12-18 01:50 --------- d-----w c:\program files\iPod
2008-12-18 01:50 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 01:48 --------- d-----w c:\program files\QuickTime
2008-12-06 20:35 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2008-12-06 20:34 --------- d-----w c:\program files\HP
2008-12-06 20:33 --------- d-----w c:\documents and settings\Home\Application Data\HP
2008-12-06 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-12-06 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-06 20:26 --------- d-----w c:\program files\Hewlett-Packard
2008-12-06 20:26 --------- d-----w c:\program files\Common Files\HP
2008-12-06 20:26 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-12-06 20:25 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-13 00:20 --------- d-----w c:\program files\Java
2008-11-11 22:21 --------- d-----w c:\program files\BookSmart
2008-12-20 01:46 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 01:46 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 01:46 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 01:46 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 01:46 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-08_20.56.23.80 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-09 00:33:21 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2009-01-09 23:57:37 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2009-01-09 00:33:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-09 23:57:37 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-09 00:33:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-09 23:57:37 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 00:21:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_79c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-12 136600]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-06 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2008-05-20 737280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Txoculukacega"="c:\windows\Apaban.dll" [2009-01-03 40448]
"SWTray"="c:\program files\AppRanger\SWTray.exe" [2008-12-12 663623]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-11-26 81000]
"Gmugesu"="c:\windows\oxigizoy.dll" [2009-01-03 135168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-04-06 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-03-25 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour

R1 apprngr;AppRanger Scan Driver;c:\windows\system32\drivers\apprngr.sys [2008-12-12 207872]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-05 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R4 apprngr_svc;AppRanger Service;c:\program files\AppRanger\SWSvc.exe [2008-12-12 1032266]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-01-05 20560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-10 c:\windows\Tasks\grmqkjxr.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\TLIEFlashCtrlU.dll - O16 -: {94B82441-A413-4E43-8422-D49930E69764}
hxxps://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\9lrfj66m.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.espn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartSelect.dl l
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartWebPrinti ng.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 19:22:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
************************************************** ************************
.
Completion time: 2009-01-09 19:27:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-10 00:27:00
ComboFix2.txt 2009-01-09 01:57:11
ComboFix3.txt 2009-01-05 23:50:13

Pre-Run: 49,762,971,648 bytes free
Post-Run: 49,651,224,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

279 --- E O F --- 2008-12-18 03:12:10

bakuryu

@nicky2412:::
Fix this entry in HijackThis :

O4 - HKLM\..\Run: [Txoculukacega] rundll32.exe "C:\WINDOWS\Apaban.dll",e

also delete the file C:\WINDOWS\Apaban.dll

__________________
Please don't click here

nicky2412

thanks bakuryu, all done! I really appreciate the help!

acidbass303

respected gurus...
i have read everything and went through the steps as guided but still i cant AVG site or update it...im feeling so helpless! please help me out
posting combofix log:

ComboFix 09-01-10.03 - Shaggy&Billi&Mariam 2009-01-11 18:05:15.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.142 [GMT 5:00]
Running from: c:\fix\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-11 17:37 . 2009-01-11 17:37 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 17:26 . 2009-01-11 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-11 17:04 . 2009-01-11 17:04 <DIR> d-------- c:\documents and settings\Administrator
2009-01-11 16:28 . 2009-01-11 16:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-11 16:28 . 2009-01-11 16:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 16:06 . 2009-01-11 16:06 <DIR> d-------- C:\fix
2009-01-09 23:43 . 2009-01-09 23:43 <DIR> d-------- c:\program files\Passcape
2009-01-09 23:34 . 2009-01-09 23:34 <DIR> d--hs---- C:\FOUND.008
2009-01-07 14:48 . 2009-01-07 14:48 <DIR> d--hs---- C:\FOUND.007
2009-01-07 02:07 . 2009-01-07 02:07 <DIR> d--hs---- C:\FOUND.006
2009-01-03 03:33 . 2009-01-03 03:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-03 03:32 . 2009-01-03 03:32 <DIR> d-------- c:\program files\AoA Audio Extractor
2009-01-03 03:29 . 2009-01-03 03:29 <DIR> d-------- c:\program files\DoremiSoft
2009-01-02 05:04 . 2009-01-02 05:04 <DIR> d-------- c:\program files\Moyea
2009-01-02 05:04 . 2009-01-02 05:04 <DIR> d-------- c:\documents and settings\Shaggy&Billi&Mariam\Application Data\Moyea
2009-01-02 04:52 . 2009-01-02 04:52 47,360 --a------ c:\windows\system32\drivers\Pcouffin.sys
2009-01-02 04:51 . 2009-01-02 04:52 <DIR> d-------- c:\program files\Video Convert Master
2009-01-02 04:23 . 2009-01-02 04:23 <DIR> d-------- c:\program files\Wondershare
2009-01-02 04:20 . 2009-01-02 04:20 <DIR> d-------- c:\windows\system32\RMBin
2009-01-02 04:20 . 2005-07-21 13:33 2,846,720 --a------ c:\windows\system32\NCTAudioCompress3.dll
2009-01-02 04:20 . 2001-08-23 17:00 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-01-02 04:20 . 2005-04-14 19:07 780,288 --a------ c:\windows\system32\NCTVideoCompress.dll
2009-01-02 04:20 . 2005-06-01 12:16 778,240 --a------ c:\windows\system32\NCTAudioCompress2.dll
2009-01-02 04:20 . 2005-03-18 15:01 626,688 --a------ c:\windows\system32\NCTImageFile.dll
2009-01-02 04:20 . 2005-02-22 17:32 312,320 --a------ c:\windows\system32\NCTVideoView.dll
2009-01-02 04:20 . 2003-08-07 15:01 237,568 --a------ c:\windows\system32\lame_enc.dll
2009-01-02 04:20 . 2005-07-01 18:09 215,552 --a------ c:\windows\system32\NCTWMVFile.dll
2009-01-02 04:20 . 2005-06-29 16:28 188,416 --a------ c:\windows\system32\NCTVideoFile.dll
2009-01-02 04:20 . 2005-06-15 20:04 90,112 --a------ c:\windows\system32\NCTAudioFormatSettings3.dll
2009-01-01 17:34 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-01-01 17:34 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2008-12-31 19:14 . 2008-12-31 19:14 3,072,054 --a------ c:\windows\ACD Wallpaper.bmp
2008-12-31 15:40 . 2008-12-31 15:40 <DIR> d--hs---- C:\FOUND.005
2008-12-30 01:47 . 2008-12-30 01:47 <DIR> d--hs---- C:\FOUND.004
2008-12-27 01:21 . 2008-12-27 01:22 <DIR> d-------- c:\documents and settings\Shaggy&Billi&Mariam\Application Data\ZoomBrowser EX
2008-12-27 01:17 . 2008-12-27 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-12-27 00:37 . 2008-12-27 00:37 <DIR> d-------- c:\program files\Canon
2008-12-25 05:35 . 2008-12-25 05:35 <DIR> d-------- c:\documents and settings\Shaggy&Billi&Mariam\Application Data\vlc
2008-12-25 05:34 . 2008-12-25 05:34 <DIR> d-------- c:\program files\VideoLAN
2008-12-25 05:19 . 2008-12-25 05:19 <DIR> d-------- c:\documents and settings\Shaggy&Billi&Mariam\Application Data\Blackberry Desktop
2008-12-25 05:18 . 2008-12-25 05:18 <DIR> d-------- c:\documents and settings\Shaggy&Billi&Mariam\Application Data\Research In Motion
2008-12-25 05:17 . 2008-12-25 05:35 256 --a------ c:\documents and settings\Shaggy&Billi&Mariam\pool.bin
2008-12-24 22:18 . 2008-12-24 22:18 <DIR> d-------- c:\program files\Apoint2K
2008-12-24 22:18 . 2003-10-08 03:40 94,601 --a------ c:\windows\system32\drivers\Apfiltr.sys
2008-12-24 22:18 . 2003-10-08 03:40 87,821 --a------ c:\windows\system32\Vxdif.dll
2008-12-24 22:16 . 2008-12-24 22:16 <DIR> d-------- c:\windows\tiinst
2008-12-24 22:16 . 2008-12-24 22:16 <DIR> d-------- C:\SWSetup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-11-19 20:32 --------- d-----w c:\documents and settings\Shaggy&Billi&Mariam\Application Data\Flickr
2008-11-08 20:36 17,030,256 ----a-w c:\windows\system32\xa5169375.exe
2008-11-08 20:36 17,030,256 ----a-w c:\windows\system32\xa5168031.exe
2008-12-20 22:07 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 22:07 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 22:07 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 22:07 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 22:07 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-14 00:41 168,509 --sh--r c:\windows\system32\hjfiris.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 22:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-16 08:56 236016 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-10-30 18:40 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"HTTPFilter"=3 (0x3)
"CCALib8"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"9659:TCP"= 9659:TCP:BitComet 9659 TCP
"9659:UDP"= 9659:UDP:BitComet 9659 UDP
"24895:TCP"= 24895:TCP:BitComet 24895 TCP
"24895:UDP"= 24895:UDP:BitComet 24895 UDP
"23351:TCP"= 23351:TCP:BitComet 23351 TCP
"23351:UDP"= 23351:UDP:BitComet 23351 UDP
"5107:TCP"= 5107:TCP:uuxlk

R0 atiide;atiide;c:\windows\system32\drivers\atiide.s ys [2008-10-06 5632]
S3 SMCUSBT;EZ ConnectTM g 108Mbps Wireless USB Adapter Service;c:\windows\system32\drivers\smcusbt1.sys [2008-04-12 360000]
S4 wopeak;Time Support;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wopeak

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{084eb56a-d778-11dd-aab3-000fb003821a}]
\shell\PlayWithPowerDVD\Command - "c:\program files\CyberLink\PowerDVD\PowerDVD.exe" "%l"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{16da01c2-cb93-11dd-aa7f-000fb003821a}]
\Shell\AutoRun\command - K:\h.cmd
\Shell\explore\Command - K:\h.cmd
\Shell\open\Command - K:\h.cmd
.
Contents of the 'Scheduled Tasks' folder

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://internet.wateen.net/home?t=flyxsjqp
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\Shaggy&Billi&Mariam\Application Data\Mozilla\Firefox\Profiles\cujy9emy.default\
FF - prefs.js: browser.startup.homepage - hxxp://internet.wateen.net/home?t=flz0ru4z
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 18:06:27
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w opeak]
"ServiceDll"="c:\windows\system32\hjfiris.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-11 18:07:13
ComboFix-quarantined-files.txt 2009-01-11 13:07:12
ComboFix4.txt 2009-01-11 11:22:36
ComboFix3.txt 2009-01-11 11:59:04
ComboFix2.txt 2009-01-11 12:33:24

Pre-Run: 5,838,356,480 bytes free
Post-Run: 5,827,854,336 bytes free

165



and the hijackthis log reads like this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:02 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://internet.wateen.net/home?t=flyxsjqp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 2586 bytes



desperately waiting for help


thanks...

bakuryu

Delete these files :
c:\windows\system32\xa5169375.exe
c:\windows\system32\xa5168031.exe
c:\windows\system32\hjfiris.dll
K:\h.cmd

Disconnect from the internet and clear your dns cache.
ipconfig /flushdns

then reconnect to the internet and see if you can visit antivirus sites.

acidbass303

no luck

used killbox to delete the files but still the same problem exists!

what am i gonna do....