Infected PC - help HUGELY appreciated

[MentalPenguin]

Hi Guys,

 

I've been hijacked and and my PC is undoubtedly harbouring an infection. My knowledge of which processes should be running and which are malicious is extremely limited so I ask if somebody may please be able to help me.

 

I have followed the guidelines for malware removal assistance and have pasted the logs below.

 

Thanks in advance for any assistance that anybody may offer - I don't know what I would do without you.

 

IObit Security 360 Report - from IObit Security 360.

 

IObit Security 360

 

OS:Windows XP

Version:1.5.0.13

Define Version:1910

Time Elapsed:00:20:25

Objects Scanned:62861

Threats Found:5

 

|Name|Type|Description|ID|

Tracking Cookies - Removed, Cookies, Cookie:sue crump@com.com/, 7-9

Trojan.Win32/BHO - Removed, Registry Key, HKEY_CLASSES_ROOT\CLSID\{376892ae-1825-4e5f-9f85-23f9640051cc}, 5-2530

Trojan.Win32/BHO - Removed, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc}, 5-2530

Misleading.SpywareCease - Removed, Registry Key, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit, 4-30716

Trojan.Agent - Quarantined, File, C:\Program Files\AltBinz\download\150000 Drivers for XP, 2000, Vista and Windows 7\New Folder\D\S3apphk.exe, 11-10151

 

DDS - from DDS

 

DDS (Ver_10-10-21.02) - NTFSx86

Run by Sue Crump at 17:00:14.75 on 22/10/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2459 [GMT 1:00]

 

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Sue Crump\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.co.uk/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll

TB: {7C5C0F58-E061-457D-9033-77307F5ED00C} - No File

TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

StartupFolder: c:\docume~1\suecru~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

TCP: NameServer = 93.188.164.77,93.188.166.227

TCP: {99E34595-E822-4C9B-86B4-A90BD336874F} = 93.188.164.77,93.188.166.227

TCP: {EEB363D1-3B9F-4D03-8C6D-918399CD4235} = 93.188.164.77,93.188.166.227

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\suecru~1\applic~1\mozilla\firefox\profiles\468z4jpp.default\

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-16 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-28 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-28 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-5 692272]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-10-25 13696]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-28 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-28 116784]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-10-22 312152]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-28 126392]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-11 90112]

R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-4-18 14976]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-24 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20101020.001\IDSXpx86.sys [2010-10-19 341880]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20101021.049\NAVENG.SYS [2010-10-22 86064]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20101021.049\NAVEX15.SYS [2010-10-22 1371184]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-8-23 27632]

S2 CachemanService;Cacheman Service;c:\program files\cacheman\cachemanserv.exe --> c:\program files\cacheman\CachemanServ.exe [?]

S2 RapportMgmtService;Rapport Management Service;"c:\program files\trusteer\rapport\bin\rapportmgmtservice.exe" --> c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [?]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\lavalys\everest ultimate edition\kerneld.wnt --> c:\program files\lavalys\everest ultimate edition\kerneld.wnt [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-23 13224]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-1-29 25728]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-23 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-23 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-23 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-23 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-23 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-23 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-23 109736]

UnknownUnknown RkHit;RkHit; [x]

 

=============== Created Last 30 ================

 

2010-10-22 14:45:10 -------- d-----w- c:\program files\common files\Sage Shared

2010-10-22 14:31:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-10-22 14:31:35 -------- d-----w- c:\program files\McAfee Security Scan

2010-10-22 13:58:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2010-10-22 13:57:08 -------- d-----w- c:\program files\IObit

2010-10-22 13:57:08 -------- d-----w- c:\docume~1\suecru~1\applic~1\IObit

2010-10-22 13:52:05 -------- d-----w- c:\program files\RegCleaner

2010-10-22 13:38:50 -------- d-----w- c:\docume~1\suecru~1\locals~1\applic~1\Promosoft Corporation

2010-10-14 08:53:19 -------- d-----w- c:\program files\Microsoft

2010-09-28 12:36:44 361904 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdi.sys

2010-09-28 12:36:44 339504 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys

2010-09-28 12:36:44 173104 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symefa.sys

2010-09-28 12:36:43 501888 ----a-w- c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys

2010-09-28 12:36:43 43696 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtspx.sys

2010-09-28 12:36:43 328752 ----a-r- c:\windows\system32\drivers\nis\1108000.005\symds.sys

2010-09-28 12:36:43 325680 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtsp.sys

2010-09-28 12:36:43 116784 ----a-w- c:\windows\system32\drivers\nis\1108000.005\ironx86.sys

2010-09-28 12:36:28 -------- d-----w- c:\windows\system32\drivers\nis\1108000.005

2010-09-24 14:37:35 -------- d-----w- c:\program files\Trend Micro

2010-09-24 13:26:03 -------- d-----w- c:\program files\Free Window Registry Repair

2010-09-24 12:11:04 -------- d-----w- c:\program files\Combined Community Codec Pack

2010-09-24 12:02:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-09-24 12:02:15 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-09-24 12:02:15 -------- d-----w- c:\program files\Symantec

2010-09-24 12:02:15 -------- d-----w- c:\program files\common files\Symantec Shared

2010-09-24 12:00:44 -------- d-----w- c:\windows\system32\drivers\NIS

2010-09-24 12:00:27 -------- d-----w- c:\program files\Norton Internet Security

2010-09-24 12:00:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-09-24 11:52:42 -------- d-----w- c:\program files\NortonInstaller

2010-09-24 11:52:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

 

==================== Find3M ====================

 

2010-09-03 19:35:46 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2010-08-12 12:15:20 15880 ----a-w- c:\windows\system32\lsdelete.exe

 

============= FINISH: 17:01:58.87 ===============

 

**Attach - from DDS on next post**

[MentalPenguin]

Attach - from DDS

 

DDS (Ver_10-10-21.02)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 23/03/2009 02:52:36

System Uptime: 22/10/2010 16:18:24 (1 hours ago)

 

Motherboard: BIOSTAR Group | | TA790GX 128M

Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | CPU 1 | 2200/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 298 GiB total, 38.549 GiB free.

D: is Removable

F: is CDROM ()

G: is Removable

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP660: 24/07/2010 20:50:08 - System Checkpoint

RP661: 27/07/2010 09:48:52 - System Checkpoint

RP662: 28/07/2010 10:18:11 - System Checkpoint

RP663: 29/07/2010 10:39:01 - System Checkpoint

RP664: 30/07/2010 10:59:38 - System Checkpoint

RP665: 31/07/2010 12:42:54 - System Checkpoint

RP666: 01/08/2010 13:32:43 - System Checkpoint

RP667: 02/08/2010 18:19:22 - System Checkpoint

RP668: 02/08/2010 23:27:27 - Software Distribution Service 3.0

RP669: 04/08/2010 13:41:33 - System Checkpoint

RP670: 05/08/2010 14:18:58 - System Checkpoint

RP671: 06/08/2010 15:27:49 - System Checkpoint

RP672: 07/08/2010 18:12:29 - System Checkpoint

RP673: 09/08/2010 08:31:18 - System Checkpoint

RP674: 10/08/2010 08:56:18 - System Checkpoint

RP675: 11/08/2010 09:15:01 - System Checkpoint

RP676: 11/08/2010 23:39:10 - Software Distribution Service 3.0

RP677: 13/08/2010 09:49:23 - System Checkpoint

RP678: 14/08/2010 10:38:19 - System Checkpoint

RP679: 15/08/2010 11:51:11 - System Checkpoint

RP680: 16/08/2010 19:18:09 - System Checkpoint

RP681: 17/08/2010 08:52:57 - Avg8 Update

RP682: 18/08/2010 09:32:19 - System Checkpoint

RP683: 19/08/2010 09:34:59 - System Checkpoint

RP684: 20/08/2010 09:53:00 - System Checkpoint

RP685: 21/08/2010 18:07:39 - System Checkpoint

RP686: 22/08/2010 18:19:28 - System Checkpoint

RP687: 23/08/2010 18:52:24 - System Checkpoint

RP688: 24/08/2010 19:43:26 - System Checkpoint

RP689: 25/08/2010 19:54:54 - System Checkpoint

RP690: 26/08/2010 20:54:53 - System Checkpoint

RP691: 27/08/2010 21:16:46 - System Checkpoint

RP692: 28/08/2010 22:16:47 - System Checkpoint

RP693: 29/08/2010 23:16:47 - System Checkpoint

RP694: 31/08/2010 00:16:48 - System Checkpoint

RP695: 01/09/2010 13:07:21 - System Checkpoint

RP696: 02/09/2010 17:23:20 - System Checkpoint

RP697: 03/09/2010 11:19:56 - PC Health Advisor Backup

RP698: 03/09/2010 19:18:33 - Configured Camera RAW Plug-In for EPSON Creativity Suite

RP699: 03/09/2010 19:18:40 - Removed Camera RAW Plug-In for EPSON Creativity Suite

RP700: 03/09/2010 19:24:22 - Configured EPSON Attach To Email

RP701: 03/09/2010 19:24:50 - Configured EPSON Easy Photo Print

RP702: 03/09/2010 19:24:57 - Removed EPSON Easy Photo Print

RP703: 03/09/2010 19:25:19 - Configured EPSON File Manager

RP704: 03/09/2010 19:25:24 - Removed EPSON File Manager

RP705: 03/09/2010 19:32:33 - Removed EPSON Scan Assistant

RP706: 03/09/2010 19:34:47 - Removed EPSON Web-To-Page

RP707: 03/09/2010 20:15:03 - Installed Microsoft Bootvis

RP708: 04/09/2010 21:13:08 - System Checkpoint

RP709: 05/09/2010 21:50:14 - System Checkpoint

RP710: 06/09/2010 22:50:17 - System Checkpoint

RP711: 08/09/2010 07:36:30 - System Checkpoint

RP712: 08/09/2010 21:36:13 - Avg8 Update

RP713: 10/09/2010 00:05:35 - System Checkpoint

RP714: 11/09/2010 00:28:56 - System Checkpoint

RP715: 12/09/2010 00:39:50 - System Checkpoint

RP716: 13/09/2010 00:48:20 - System Checkpoint

RP717: 14/09/2010 01:39:51 - System Checkpoint

RP718: 15/09/2010 02:38:47 - System Checkpoint

RP719: 16/09/2010 02:56:23 - System Checkpoint

RP720: 17/09/2010 03:01:34 - System Checkpoint

RP721: 18/09/2010 03:03:54 - System Checkpoint

RP722: 19/09/2010 04:02:57 - System Checkpoint

RP723: 20/09/2010 05:02:56 - System Checkpoint

RP724: 21/09/2010 06:02:57 - System Checkpoint

RP725: 21/09/2010 08:32:47 - Restore Operation

RP726: 21/09/2010 08:44:52 - Restore Operation

RP727: 21/09/2010 08:46:13 - Restore Operation

RP728: 22/09/2010 09:29:10 - System Checkpoint

RP729: 23/09/2010 09:42:44 - System Checkpoint

RP730: 24/09/2010 12:05:33 - System Checkpoint

RP731: 24/09/2010 12:54:38 - Removed AVG Free 8.5

RP732: 24/09/2010 12:55:53 - Installed AVG Free 8.5

RP733: 24/09/2010 15:37:33 - Installed HiJackThis

RP734: 24/09/2010 15:56:37 - Removed Rapport

RP735: 25/09/2010 16:42:11 - System Checkpoint

RP736: 28/09/2010 13:59:34 - System Checkpoint

RP737: 29/09/2010 14:27:58 - System Checkpoint

RP738: 02/10/2010 14:48:50 - System Checkpoint

RP739: 03/10/2010 19:59:58 - System Checkpoint

RP740: 05/10/2010 11:53:52 - System Checkpoint

RP741: 06/10/2010 12:26:59 - System Checkpoint

RP742: 07/10/2010 13:27:00 - System Checkpoint

RP743: 08/10/2010 14:22:24 - System Checkpoint

RP744: 09/10/2010 15:17:07 - System Checkpoint

RP745: 10/10/2010 17:32:11 - System Checkpoint

RP746: 11/10/2010 18:12:06 - System Checkpoint

RP747: 12/10/2010 19:12:07 - System Checkpoint

RP748: 13/10/2010 19:28:57 - System Checkpoint

RP749: 14/10/2010 20:28:57 - System Checkpoint

RP750: 15/10/2010 21:10:22 - System Checkpoint

RP751: 16/10/2010 22:05:33 - System Checkpoint

RP752: 17/10/2010 22:50:41 - System Checkpoint

RP753: 18/10/2010 23:45:43 - System Checkpoint

RP754: 20/10/2010 00:01:11 - System Checkpoint

RP755: 21/10/2010 12:29:13 - System Checkpoint

RP756: 22/10/2010 12:48:27 - System Checkpoint

RP757: 22/10/2010 14:47:20 - Free Registry Fix restore point

RP758: 22/10/2010 14:58:12 - Advanced SystemCare RestorePoint

RP759: 22/10/2010 15:11:15 - Configured Accounts

 

==== Installed Programs ======================

 

ABBYY FineReader 6.0 Sprint

Accounts

Acrobat.com

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Advanced SystemCare 3

Alt.Binz 0.25.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVI Codec Pack

BitLord 1.1

Bonjour

Brother MFL-Pro Suite MFC-5890CN

Combined Community Codec Pack 2009-09-09

Critical Update for Windows Media Player 11 (KB959772)

EPSON Stylus SX200 Series Printer Uninstall

ffdshow [rev 1723] [2007-12-24]

GIMP 2.6.7

HiJackThis

hmv download manager 1.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HTC Driver

HTC Sync

Image Resizer Powertoy for Windows XP

ImgBurn

IObit Security 360

iTunes

Java 6 Update 13

Java 6 Update 7

Linksys Wireless-G PCI Adapter

McAfee Security Scan Plus

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Bootvis

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Moneysoft Payroll Manager

Moneysoft Payroll Manager Update

Mozilla Firefox (3.6.11)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Norton Internet Security

NVIDIA Drivers

NVIDIA PhysX

OpenOffice.org 3.0

PaperPort Image Printer

QuickPar 0.9

QuickTime

Rapport

Realtek High Definition Audio Driver

Sage 50 Accounts 2009

ScanSoft PaperPort 11

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 8 (KB917734)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Sony Ericsson PC Suite 6.009.00

The Whispered World

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB969497)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Service

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

XBOX 360 Xploder Cheat Saves

Xbox360 Xploder Cheatsaves

XML Paper Specification Shared Components Pack 1.0

 

==== Event Viewer Messages From Past Week ========

 

22/10/2010 16:19:21, error: Dhcp [1002] - The IP address lease 192.168.1.73 for the Network Card with network address 0018391624E1 has been denied by the DHCP server 10.25.230.249 (The DHCP Server sent a DHCPNACK message).

22/10/2010 16:16:53, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).

22/10/2010 16:16:53, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

22/10/2010 16:16:52, error: Service Control Manager [7034] - The Sony Ericsson OMSI download service service terminated unexpectedly. It has done this 1 time(s).

22/10/2010 16:16:52, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

22/10/2010 16:16:52, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

22/10/2010 16:16:52, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

22/10/2010 15:34:44, error: Dhcp [1002] - The IP address lease 192.168.1.71 for the Network Card with network address 0018391624E1 has been denied by the DHCP server 10.25.230.249 (The DHCP Server sent a DHCPNACK message).

22/10/2010 10:09:42, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

21/10/2010 10:36:55, error: Dhcp [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 0018391624E1 has been denied by the DHCP server 10.25.230.249 (The DHCP Server sent a DHCPNACK message).

21/10/2010 00:38:46, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuweb.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.

21/10/2010 00:20:56, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 0018391624E1 has been denied by the DHCP server 10.25.230.249 (The DHCP Server sent a DHCPNACK message).

19/10/2010 17:46:41, error: Dhcp [1002] - The IP address lease 192.168.1.84 for the Network Card with network address 0018391624E1 has been denied by the DHCP server 10.25.230.249 (The DHCP Server sent a DHCPNACK message).

18/10/2010 18:35:59, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

18/10/2010 18:35:59, error: Service Control Manager [7000] - The Rapport Management Service service failed to start due to the following error: The system cannot find the path specified.

18/10/2010 18:35:59, error: Service Control Manager [7000] - The Cacheman Service service failed to start due to the following error: The system cannot find the file specified.

18/10/2010 18:35:20, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

18/10/2010 18:35:20, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

18/10/2010 07:47:46, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018391624E1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

15/10/2010 22:54:36, error: Dhcp [1002] - The IP address lease 192.168.1.81 for the Network Card with network address 0018391624E1 has been denied by the DHCP server 10.25.230.249 (The DHCP Server sent a DHCPNACK message).

15/10/2010 22:52:07, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5931.

15/10/2010 22:51:25, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4028.0.

15/10/2010 22:37:27, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5584.

15/10/2010 22:37:26, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.

15/10/2010 22:37:26, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.

15/10/2010 13:47:00, error: Dhcp [1002] - The IP address lease 192.168.1.78 for the Network Card with network address 0018391624E1 has been denied by the DHCP server 10.25.230.249 (The DHCP Server sent a DHCPNACK message).

 

==== End Of File ===========================

 

Thanks again you lovely people. Absolute lifesavers!!!!

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

 

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

 

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

 

Exit out of MessengerDisable then delete the two files that were put on the desktop.

****************************************

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

RegCleaner and Free Window Registry Repair

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

 

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

 

Further reading: XP Fixes Myth #1: Registry Cleaners

**********************************

P2P - I see you have P2P software installed on your machine (BitLord 1.1). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

******************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix