Trojan/Worm dramas

[niketu99]

Hi all. I would like to thank everyone who helped fix the rootkit virus on my computer last week and a special mention to crunchie from Mandurah, WA for some extraordinary support.

Sadly, this time a friend's PC is sick and needs some help. He got me a list of files that he thinks are trojans/worms on his PC, possibly appeared in an Norton AV or AVG scan. I have tried to have a look at his PC, and it is simply struggling. Windows takes forever to load unless started up in safe mode. Below is the list that he provided me with:

Trojan Horse: 9um68.exe
Generic2_CBPNW
32/HEUR
TC_69.exe
W32silly.fdc

First things first, I'll run another AVG/Norton scan and maybe even Spybot/Ad-Aware scans and post the logs here. Anything other suggestions welcome.

[Train]

Just follow these instructions.

http://discussions.virtualdr.com/sho...d.php?t=167915

And post the logs in this thread.

[niketu99]

Hi Train. Sorry for the late post. Been running around a little bit to get things done.

The Malwarebytes scan appeared with 22 infections like Rootkits, Trojans and Worms. Cleaned all of these. The GMER scan didn't work too well and rebooted the PC automatically, so ran the Gooredfix scan instead. Also ran the DDS scan. Logs in the next post.

[niketu99]

DDS.txt:


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Admin at 16:05:35.17 on Sun 12/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1398 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://au.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/turbo-racing/en/"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [THGuard] "c:\program files\trojanhunter 5.3\THGuard.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://codestore.meadroid.com/products/scriptx/binary.ashx?version=6,4,438,06&filename=smsx.cab&refsrc=http://www.meadroid.com/scriptx/doinstall.asp
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: {2ABE15DA-75B8-4283-8664-4D3A39BD0108} = 203.12.160.35,203.12.160.36
TCP: {678BC6E8-4CF7-4F10-9EAC-65B23F7086D1} = 203.12.160.35,203.12.160.36
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\le1895di.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-5 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-1-5 486280]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-8-26 128016]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-26 165456]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-5 335240]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-5 27784]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-8-26 317072]
S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-10-11 464264]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-26 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-26 40384]
S2 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-26 40384]
S2 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-26 40384]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-28 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-28 297752]
S2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-1 53248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-4 136176]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
S2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
S3 pacdcacm;pacdcacm;c:\windows\system32\drivers\pacdcacm.sys [2008-2-10 26496]

=============== Created Last 30 ================

2010-09-12 06:04:49 201728 ----a-w- c:\temp\OTC.exe
2010-09-12 06:04:29 1193882 ----a-w- c:\temp\tdsskiller.zip
2010-09-12 06:02:23 156329 ----a-w- c:\temp\JavaRa.zip
2010-09-12 06:01:51 576000 ----a-w- c:\temp\OTL.exe
2010-09-12 06:00:24 869051 ----a-w- c:\temp\SecurityCheck.exe
2010-09-12 05:59:30 525824 ----a-w- c:\temp\dds.scr
2010-09-12 05:58:02 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-09-12 05:57:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 05:57:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 05:57:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-12 05:57:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-12 05:50:18 71398 ----a-w- c:\temp\GooredFix.exe
2010-09-12 05:49:42 6153352 ----a-w- c:\temp\mbam-setup-1.46.exe
2010-09-12 05:32:44 0 d-sha-r- C:\cmdcons
2010-09-12 05:29:02 98816 ----a-w- c:\windows\sed.exe
2010-09-12 05:29:02 77312 ----a-w- c:\windows\MBR.exe
2010-09-12 05:29:02 256512 ----a-w- c:\windows\PEV.exe
2010-09-12 05:29:02 161792 ----a-w- c:\windows\SWREG.exe
2010-09-12 05:28:51 0 d-----w- C:\ComboFix
2010-09-10 10:10:25 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-10 10:10:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-03 04:08:50 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-03 04:05:17 0 d-----w- c:\docume~1\admin\applic~1\TrojanHunter
2010-09-03 02:25:11 0 d-----w- c:\docume~1\alluse~1\applic~1\TrojanHunter
2010-09-03 02:24:58 0 d-----w- c:\program files\TrojanHunter 5.3
2010-09-02 04:36:48 110592 ----a-w- c:\temp\vx2finder.exe
2010-09-02 04:36:42 7516167 ----a-w- c:\temp\stinger1010995.exe
2010-09-02 04:36:29 532480 ----a-w- c:\temp\cwshredder.exe
2010-09-02 04:36:29 16409960 ----a-w- c:\temp\spybotsd162.exe
2010-09-02 04:36:27 1445888 ----a-w- c:\temp\WinsockxpFix.exe
2010-09-02 04:36:10 23412448 ----a-w- c:\temp\TrojanHunterSetup.exe
2010-09-02 04:34:09 133582520 ----a-w- c:\temp\Ad-AwareInstall.exe
2010-09-02 04:34:03 0 d-----w- C:\temp
2010-08-26 13:02:49 38848 ----a-w- c:\windows\avastSS.scr
2010-08-26 13:02:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-26 12:44:30 0 d-----w- c:\windows\system32\drivers\NSS
2010-08-26 12:42:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-08-26 12:42:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-08-26 12:42:35 0 d-----w- c:\program files\NortonInstaller
2010-08-26 12:42:35 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-08-26 10:28:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 10:14:33 0 d-----w- c:\docume~1\admin\applic~1\CheckPoint
2010-08-26 10:14:05 0 d-----w- c:\program files\CheckPoint
2010-08-26 10:13:58 128016 ----a-w- c:\windows\system32\drivers\kl1.sys

==================== Find3M ====================

2010-08-26 10:16:05 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-11-08 02:27:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110820081109\index.dat

============= FINISH: 16:06:20.85 ===============

[niketu99]

Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/01/2007 10:21:44 PM
System Uptime: 9/12/2010 3:54:40 PM (-2111 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 945GCM-S2L
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2210/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 251.964 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP657: 31/05/2010 6:00:10 PM - System Checkpoint
RP658: 1/06/2010 7:42:52 PM - System Checkpoint
RP659: 3/06/2010 11:57:32 PM - System Checkpoint
RP660: 5/06/2010 12:52:32 PM - Software Distribution Service 3.0
RP661: 6/06/2010 2:02:55 PM - System Checkpoint
RP662: 7/06/2010 4:17:38 PM - System Checkpoint
RP663: 8/06/2010 4:46:28 PM - System Checkpoint
RP664: 9/06/2010 5:14:15 PM - System Checkpoint
RP665: 9/06/2010 7:55:47 PM - Installed Windows XP -- Software Updates KB952011.
RP666: 9/06/2010 8:01:18 PM - Software Distribution Service 3.0
RP667: 10/06/2010 9:32:51 PM - System Checkpoint
RP668: 11/06/2010 10:33:18 PM - System Checkpoint
RP669: 13/06/2010 11:35:05 AM - System Checkpoint
RP670: 14/06/2010 2:30:08 PM - System Checkpoint
RP671: 15/06/2010 5:47:11 PM - System Checkpoint
RP672: 17/06/2010 1:28:15 PM - System Checkpoint
RP673: 18/06/2010 6:49:58 PM - System Checkpoint
RP674: 20/06/2010 7:23:32 PM - System Checkpoint
RP675: 21/06/2010 8:09:24 PM - System Checkpoint
RP676: 22/06/2010 8:29:42 PM - System Checkpoint
RP677: 23/06/2010 1:08:47 PM - Avg8 Update
RP678: 24/06/2010 10:24:20 PM - Software Distribution Service 3.0
RP679: 28/06/2010 5:46:14 PM - System Checkpoint
RP680: 29/06/2010 7:09:37 PM - System Checkpoint
RP681: 30/06/2010 9:38:12 PM - System Checkpoint
RP682: 3/07/2010 6:01:51 PM - System Checkpoint
RP683: 5/07/2010 6:00:12 PM - System Checkpoint
RP684: 6/07/2010 9:14:30 PM - System Checkpoint
RP685: 8/07/2010 11:27:34 AM - System Checkpoint
RP686: 9/07/2010 11:30:33 AM - Avg8 Update
RP687: 10/07/2010 3:45:34 PM - Avg8 Update
RP688: 11/07/2010 4:40:08 PM - System Checkpoint
RP689: 12/07/2010 5:59:11 PM - System Checkpoint
RP690: 13/07/2010 8:29:11 PM - System Checkpoint
RP691: 15/07/2010 5:28:08 PM - Software Distribution Service 3.0
RP692: 16/07/2010 8:52:53 PM - System Checkpoint
RP693: 18/07/2010 11:52:31 AM - System Checkpoint
RP694: 19/07/2010 6:09:57 PM - System Checkpoint
RP695: 20/07/2010 7:38:16 PM - System Checkpoint
RP696: 23/07/2010 9:02:27 PM - System Checkpoint
RP697: 25/07/2010 5:38:32 PM - System Checkpoint
RP698: 26/07/2010 6:07:19 PM - System Checkpoint
RP699: 27/07/2010 6:56:02 PM - System Checkpoint
RP700: 30/07/2010 8:14:29 PM - System Checkpoint
RP701: 1/08/2010 2:52:09 PM - System Checkpoint
RP702: 2/08/2010 6:01:02 PM - System Checkpoint
RP703: 3/08/2010 7:43:12 PM - System Checkpoint
RP704: 4/08/2010 3:41:13 PM - Software Distribution Service 3.0
RP705: 7/08/2010 7:53:26 PM - System Checkpoint
RP706: 9/08/2010 6:12:52 PM - System Checkpoint
RP707: 10/08/2010 6:34:47 PM - System Checkpoint
RP708: 13/08/2010 2:48:21 PM - Software Distribution Service 3.0
RP709: 14/08/2010 6:12:37 PM - System Checkpoint
RP710: 15/08/2010 6:49:16 PM - System Checkpoint
RP711: 17/08/2010 4:24:59 PM - System Checkpoint
RP712: 18/08/2010 7:41:11 PM - System Checkpoint
RP713: 20/08/2010 5:38:53 PM - System Checkpoint
RP714: 21/08/2010 6:39:28 PM - System Checkpoint
RP715: 22/08/2010 7:42:35 PM - System Checkpoint
RP716: 24/08/2010 6:58:59 PM - System Checkpoint
RP717: 26/08/2010 8:27:41 PM - Installed Java(TM) 6 Update 21
RP718: 26/08/2010 11:02:43 PM - avast! Free Antivirus Setup
RP719: 31/08/2010 10:39:34 AM - System Checkpoint
RP720: 3/09/2010 2:36:19 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AFL Premiership 2005
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
avast! Free Antivirus
AVG Free 8.5
AviSynth 2.5
Bonjour
Canon CanoScan Toolbox 4.1
Click'N Design 3D (V5)
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DigitImg
DVD Shrink 3.2
DVD Suite
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Maker
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
HP Software Update
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
LimeWire PRO 4.12.6
Malwarebytes' Anti-Malware
Manual CanoScan LiDE 50
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MixMeister Express 6 Demo
Mozilla Firefox (2.0.0.20)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
ninemsn Internet Software
Norton PC Checkup
Norton Security Scan
OGA Notifier 1.7.0105.35.0
OmniPage SE
OpenOffice.org 2.2
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
PC Wizard 2007.1.73
PCFriendly
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
PowerDVD
PowerProducer
Presto! PageManager 6
PS7700
PSP Video 9 5.03
PSShortcuts
PSUsage
QFolder
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
SmartSound Quicktracks Plugin
Spybot - Search & Destroy
TrojanHunter 5.3
Ulead VideoStudio 10
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VLC media player 0.9.9
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Software Update
Yahoo!7 Toolbar
YouTube Downloader App 2.03
ZoneAlarm Security Suite
ZoneAlarm Spy Blocker Toolbar
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

8/09/2010 8:49:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/09/2010 8:48:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec kl1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The avast! Web Scanner service depends on the avast! Antivirus service which failed to start because of the following error: The dependency service or group failed to start.
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The avast! Mail Scanner service depends on the avast! Antivirus service which failed to start because of the following error: The dependency service or group failed to start.
8/09/2010 8:48:53 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/09/2010 8:48:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/09/2010 8:48:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/09/2010 5:46:53 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
6/09/2010 5:54:44 PM, error: Service Control Manager [7022] - The UStorage Server Service service hung on starting.
6/09/2010 5:54:44 PM, error: Service Control Manager [7022] - The AVG8 E-mail Scanner service hung on starting.
6/09/2010 5:54:44 PM, error: Service Control Manager [7022] - The Apple Mobile Device service hung on starting.
6/09/2010 5:53:18 PM, error: Service Control Manager [7022] - The avast! Mail Scanner service hung on starting.
10/09/2010 7:17:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/09/2010 7:13:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi AvgLdx86 AvgMfx86 Fips intelppm kl1 KLIF

==== End Of File ===========================

[niketu99]

Gooredfix.txt:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:17 on 12/09/2010 (Admin)
Firefox version 2.0.0.20 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [11:53 01/01/2007]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [11:53 01/01/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [10:50 20/01/2008]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [23:39 28/03/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [00:11 17/08/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [04:42 05/04/2009]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [10:28 26/08/2010]

C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\le1895di.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [07:20 08/03/2010]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [02:56 05/04/2009]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [02:16 13/06/2010]
{E9A1DEE0-C623-4439-8932-001E7D17607D} [03:42 11/10/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [04:27 05/04/2009]
"avg@igeared"="C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared" [10:14 03/01/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [23:16 16/11/2009]
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker" [10:14 26/08/2010]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:42 05/04/2009]

-=E.O.F=-

[niketu99]

I know this isn't in the manual, but I've also tried the following scans: TDSSKiller, stinger, spybot search and destroy, unhackme, trojanhunter, securitycheck, stinger and combofix. Each of these scans had to be run in safe mode since when loading up Windows XP in normal mode, the desktop background is displayed but none of the icons appear, nor does the taskbar appear. The PC just freezes at this stage until it is rebooted via the CPU.

The trojanhunter scan popped up a message which I have attached here. Don't worry, the virus is on my friend's PC, not mine. And I've scanned the USB stick twice on my PC to check if any viruses got copied and none did. Have also attached the scan logs of some of the scans.

[Broni]

Our instructions clearly say:

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Now, I need DDS logs from normal mode, not safe mode and Malwarebytes log.