Internet Security 2010... followed by computer slowdown?

**Yuki** · 23-01-2010

I recently got the Internet Security 2010 malware, but I'm fairly sure I removed it.

I ran rkill.com in safe mode, scanned with a fully-updated Anti-Malware, and it seems to have disappeared. I scanned with a fully updated AVG and it found three threats, and promptly got rid of them.

However, I am still experiencing major slowdown with my computer. Anti-Malware insists it can't find one of its files (which I am guessing is the cause of IS2010), but I am also being told my Wireless DLL is not registered despite having run the Dell driver updater that I got from their site. Explorer.exe does not load fully the majority of the time; I have to end the process and start it a good three times before it even begins to work properly, and it takes quite a while to load. I cannot access the internet from my computer, and I tried to make a HijackThis log in safe mode but was told that another program is interfering but I was unable to use the "switch to" button to fix the problem.

Additionally, I have no volume; the computer insists that my sound card drivers are outdated or not there at all.

I got Internet Security 2010 about four days ago, and managed to remove it about two or three days after I got it.

I tried to run Avast!, but the scan froze partway through the WINDOWS folder, and the Boot-Time Scan did not initiate when I restarted my computer after running Anti-Malware. I tried using SUPERAntiSpyware, but it either freezes or finds nothing.

I have a Dell Inspiron 1501, running Windows XP Service Pack 3.

**broni** · 24-01-2010

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Yuki** · 26-01-2010

Combofix somehow deleted the majority of my media. I still have the "My Pictures" folder intact, but my "My Music" folder is gone, and anything that was on the desktop or in other folders seems to be gone. I don't remember Combofix doing this last time I had an error with my computer; is there a way I can recover anything? I still cannot connect to the internet, and I still have no sound. My start menu only contains "startup", though I do have files and folders in the "Program Files" folder. The slowdown seems to have been alleviated (save for on startup), but any programs (specifically, Windows Explorer) that I open refuse to minimize into the taskbar and instead only appear when I ctrl+tab into them. The quicklaunch and system tray, however, do appear in my taskbar.

This is my HijackThis log. My Combofix log is around 809 pages long due to it deleting a CRAPLOAD of my files. Should I upload the .doc file to a site such as mediafire, or post it in segments here? I had no Combofix.txt in my C: directory that I saw.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:01 AM, on 1/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Laptops, Desktop Computers, Monitors, Printers & PC Accessories | Dell United Kingdom
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateI ON\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1292892305-2415605640-3664216660-1006\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1292892305-2415605640-3664216660-1006\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (User '?')
O4 - HKUS\S-1-5-21-1292892305-2415605640-3664216660-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} (MGXCore Class) - http://www.va-sa-ra.co.jp/mgx/win/MGXPlugin.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C14C061A-6C24-43AC-97C3-B9135B4AB332} (MGX2Core Class) - http://www.va-sa-ra.co.jp/mgx2/win/MGX2Plugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - E:\Program Files\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7986 bytes

**broni** · 26-01-2010

There was an issue with previous Combofix version and I'm sorry, I didn't catch your thread on time.
This: ComboFix problems and resolution for legitimate files being deleted should fix you up.
Keep me posted.

**Yuki** · 26-01-2010

Awesome. I'll run it as soon as I get back to my computer. Is there a newer, fixed version of Combofix to run as well?

**broni** · 26-01-2010

New version is out, but I want you to run the above fix first and let me know, if things are back to normal (your files are back).

**Yuki** · 26-01-2010

As far as I can tell, it recovered everything (albeit to a folder in my C: drive called Qoobox, in a folder in THAT folder labeled "Quarantine"). My computer still seems to run as fast as when the files were deleted, though I still have the taskbar, internet, and sound issues.

**broni** · 26-01-2010

Very good

We need to run fresh Combofix version.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Yuki** · 26-01-2010

I still cannot connect to the internet (still receiving the "wireless dll not registered" error); I also have no sound, and no programs are appearing in the taskbar though the system tray and quicklaunch icons are still there. Additionally, my desktop has my background image but is blank; it may be due to my computer being slow to start up recently, however. Starting up programs (specifically, Windows Explorer and then using it to explore the computer) is still as fast as it was after the first combofix, however.

Combofix log and Hijackthis log:

ComboFix 10-01-26.01 - Brandon 01/26/2010 13:43:20.3.1 - x86
Running from: c:\documents and settings\Brandon\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-26 07:23 . 2010-01-26 07:23 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\Symantec
2010-01-26 07:23 . 2010-01-26 07:23 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\Gtek
2010-01-26 07:23 . 2010-01-26 07:23 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\AOL
2010-01-26 07:23 . 2010-01-26 07:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-26 07:13 . 2010-01-26 07:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\BitTorrent
2010-01-26 07:13 . 2010-01-26 07:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\Azureus
2010-01-26 07:02 . 2010-01-26 07:02 -------- d-----w- c:\documents and settings\Brandon\Application Data\AviDvdBurner
2010-01-26 07:02 . 2010-01-26 07:02 -------- d-----w- c:\documents and settings\Brandon\Application Data\Apple Computer
2010-01-26 07:02 . 2010-01-26 07:02 -------- d-----w- c:\documents and settings\Brandon\Application Data\Alien Skin
2010-01-26 07:02 . 2010-01-26 07:02 -------- d-----w- c:\documents and settings\Brandon\Application Data\AdobeUM
2010-01-26 07:02 . 2010-01-26 07:02 -------- d-----w- c:\documents and settings\Brandon\Application Data\acccore
2010-01-26 07:02 . 2010-01-26 07:02 -------- d-----w- c:\documents and settings\Brandon\Application Data\.minecraft
2010-01-26 06:56 . 2010-01-26 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-01-26 06:56 . 2010-01-26 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-26 06:56 . 2010-01-26 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-26 06:56 . 2010-01-26 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-26 06:55 . 2010-01-26 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2010-01-26 06:55 . 2010-01-26 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-26 06:55 . 2010-01-26 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-01-26 06:55 . 2010-01-26 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-01-26 06:55 . 2010-01-26 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2010-01-26 06:54 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-26 06:54 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-26 06:54 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2010-01-26 06:54 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-01-26 06:54 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-26 06:54 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2010-01-26 06:53 . 2010-01-26 06:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-01-26 06:53 . 2010-01-26 06:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-01-26 06:53 . 2010-01-26 06:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI
2010-01-26 06:53 . 2010-01-26 06:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-01-26 06:53 . 2010-01-26 06:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2010-01-26 06:53 . 2009-12-20 07:09 93688 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 06:53 . 2006-12-14 06:35 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-01-26 06:53 . 2010-01-26 06:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2010-01-25 22:19 . 2010-01-25 22:19 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Adobe
2010-01-25 20:59 . 2010-01-25 20:59 130 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\fusioncache.dat
2010-01-25 14:40 . 2010-01-25 07:46 -------- d-----w- c:\documents and settings\Brandon\Application Data\OpenOffice.org
2010-01-25 10:04 . 2010-01-25 10:04 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\ATI
2010-01-25 10:04 . 2010-01-25 10:04 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\ATI
2010-01-25 10:04 . 2010-01-25 10:04 -------- d-----w- c:\documents and settings\Brandon\Application Data\ATI
2010-01-25 08:44 . 2010-01-25 08:44 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Apple Computer
2010-01-25 08:44 . 2010-01-26 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-01-25 08:44 . 2010-01-26 20:58 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\ApplicationHistory
2010-01-25 08:38 . 2010-01-26 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-22 01:34 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-22 01:34 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 18:04 . 2010-01-21 18:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 21:09 . 2008-05-30 21:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-01-15 21:08 . 2007-01-24 22:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-01-12 22:17 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-26 06:57 . 2010-01-26 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2010-01-25 08:45 . 2010-01-26 06:54 242 ----a-w- c:\documents and settings\All Users\Application Data\_QSLLPSVCShare_.zip
2010-01-23 04:04 . 2009-06-19 02:44 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-01-22 01:47 . 2009-04-20 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 01:34 . 2010-01-22 01:34 696832 ----a-w- c:\windows\isRS-000.tmp
2010-01-20 02:25 . 2007-07-18 00:26 -------- d-----w- c:\program files\Alwil Software
2009-12-21 21:50 . 2009-03-11 04:12 -------- d-----w- c:\program files\optic
2009-12-20 07:05 . 2007-01-19 04:01 -------- d-----w- c:\program files\MSN Messenger
2009-12-20 07:05 . 2009-04-20 05:27 -------- d-----w- c:\program files\Microsoft
2009-12-20 07:05 . 2009-12-20 07:04 -------- d-----w- c:\program files\Windows Live
2009-12-20 07:05 . 2009-12-20 07:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-15 23:22 . 2007-05-04 00:43 -------- d-----w- c:\program files\DivX
2009-12-15 23:21 . 2009-12-15 23:21 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-15 10:41 . 2006-12-14 06:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 08:21 . 2009-12-11 08:21 -------- d-----w- c:\program files\Veoh Networks
2009-11-30 06:14 . 2009-11-30 06:11 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-11-30 06:11 . 2009-11-30 06:11 -------- d-----w- c:\program files\Common Files\Stardock
2009-11-30 06:11 . 2009-11-30 06:11 -------- d-----w- c:\program files\Stardock
2009-11-21 15:51 . 2004-08-11 23:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-11 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2006-05-03 10:06 . 2007-02-06 04:09 163328 --sh--r- c:\windows\system32\flvDX.dll
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-11-20 2590456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\Boot Skin.exe" [2004-04-26 270336]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 19:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-06-22 06:23 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Mozilla Firefox 3.5 Beta 4\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"14868:TCP"= 14868:TCP:BitComet 14868 TCP
"14868:UDP"= 14868:UDP:BitComet 14868 UDP
"27754:TCP"= 27754:TCP:*

isabled:SolidNetworkManager
"27754:UDP"= 27754:UDP:*

isabled:SolidNetworkManager

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-07-15 3223416]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-26 722416]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-15 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-23 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752]
S3 Neo_Yukichin;SoftEther VPN Client 2.0 Device Driver - Yukichin;c:\windows\system32\DRIVERS\Neo_Yukichin. sys [2008-01-10 15232]

.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:04]

2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} - hxxp://www.va-sa-ra.co.jp/mgx/win/MGXPlugin.cab
DPF: {C14C061A-6C24-43AC-97C3-B9135B4AB332} - hxxp://www.va-sa-ra.co.jp/mgx2/win/MGX2Plugin.cab
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\7gp1154m.default\
FF - prefs.js: browser.startup.homepage - nanowrimo.org
FF - component: c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\7gp1154m.default\ext ensions\twitternotifier@naan.net\components\nsTwit terFoxSign.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-26 14:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spka.sys hal.dll >>UNKNOWN [0x8598F938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75c8f28
\Driver\ACPI -> ACPI.sys @ 0xf731acb8
\Driver\atapi -> atapi.sys @ 0xf72afb40
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Broadcom 440x 10/100 Integrated Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xf71a2bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7191a0d
SendHandler -> NDIS.sys @ 0xf71a5b40
user & kernel MBR OK

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292892305-2415605640-3664216660-1006\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{B4A6F92C-A0A8-64C4-ACFD-848776C61BD5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1292892305-2415605640-3664216660-1006\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{F21F3D1D-4058-7E55-3FBB-54A764DABB3A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\WgaTray.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Microsoft Xbox 360 Accessories\Checker.exe
.
************************************************** ************************
.
Completion time: 2010-01-26 14:11:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 21:11
ComboFix2.txt 2009-08-13 07:03

Pre-Run: 2,886,242,304 bytes free
Post-Run: 2,864,029,696 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B8935B78759B350D600C4DB0D9FBD73C

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:43 PM, on 1/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft Xbox 360 Accessories\Checker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Laptops, Desktop Computers, Monitors, Printers & PC Accessories | Dell United Kingdom
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateI ON\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-21-1292892305-2415605640-3664216660-1006\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1292892305-2415605640-3664216660-1006\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (User '?')
O4 - S-1-5-21-1292892305-2415605640-3664216660-1006 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {4DD988A3-8A9A-4CC1-A763-F822C09E4315} (MGXCore Class) - http://www.va-sa-ra.co.jp/mgx/win/MGXPlugin.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C14C061A-6C24-43AC-97C3-B9135B4AB332} (MGX2Core Class) - http://www.va-sa-ra.co.jp/mgx2/win/MGX2Plugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - Unknown owner - E:\Program Files\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8518 bytes

**broni** · 27-01-2010

We'll get to all those other issues, as soon as we're sure, your computer is clean.
Combofix also reports:
Cryptography Services Error
Right after you run below Combofix script, read here: Cryptographic Service Error and HOW to FIX It! and see, if you can get that service started.

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

KillAll::

File::

Folder::
c:\program files\Alwil Software
c:\windows\system32\config\systemprofile\Application Data\Symantec

Driver::

Registry::

RegLockDel::

MBR::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

Internet Security 2010... followed by computer slowdown?

Internet Security 2010... followed by computer slowdown?

Similar Threads

Win Defrag + Windows Security Alert, followed by computer slowdown

Internet Security 2010 Virus - Can't log in to Laptop now

Vista Internet Security 2010

xp 2010 internet security virus

Internet speed slowdown