Completely Infected

[abogas]

Hi Dave, it took me some time to obtain the logs, particularly ComboFix as it even froze on me. Anyway, please find below the logs and thank you so much for your time :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/28/2009 at 01:20 PM

Application Version : 4.32.1000

Core Rules Database Version : 4416
Trace Rules Database Version: 2243

Scan type       : Complete Scan
Total Scan Time : 01:00:00

Memory items scanned      : 829
Memory threats detected   : 0
Registry items scanned    : 5680
Registry threats detected : 0
File items scanned        : 27007
File threats detected     : 8

Adware.Tracking Cookie
   C:\Documents and Settings\Graham Eshun\Cookies\graham_eshun@media6degrees[2].txt
   C:\Documents and Settings\Graham Eshun\Cookies\graham_eshun@adbrite[2].txt
   C:\Documents and Settings\Graham Eshun\Cookies\[email protected][1].txt
   C:\Documents and Settings\Graham Eshun\Cookies\[email protected][2].txt
   C:\Documents and Settings\Graham Eshun\Cookies\[email protected][1].txt
   C:\Documents and Settings\Graham Eshun\Cookies\graham_eshun@smartadserver[2].txt
   C:\Documents and Settings\Graham Eshun\Cookies\[email protected][1].txt
   C:\Documents and Settings\Graham Eshun\Cookies\graham_eshun@2o7[1].txt

Malwarebytes' Anti-Malware 1.42
Database version: 3406
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 2:29:13 PM
mbam-log-2009-12-28 (14-29-13).txt

Scan type: Quick Scan
Objects scanned: 117120
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 09-12-27.04 - Graham Eshun 12/28/2009  16:01:07.3.2 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.894.271 [GMT -5:00]
Running from: c:\documents and settings\Graham Eshun\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-28  )))))))))))))))))))))))))))))))
.

2009-12-28 16:04 . 2009-12-28 16:04   --------   d-----w-   c:\program files\SopCast
2009-12-25 03:31 . 2009-11-25 18:01   1230080   ----a-w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-12-22 15:10 . 2009-12-22 15:10   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ApplicationHistory
2009-12-22 14:04 . 2009-12-22 03:32   3776280   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-22 14:04 . 2009-12-22 03:32   4043032   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-22 14:04 . 2009-12-22 03:32   916248   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-22 14:04 . 2009-12-22 03:32   3967256   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-22 14:04 . 2009-12-22 03:32   2352920   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-22 05:26 . 2009-12-22 05:26   --------   d-----w-   c:\documents and settings\Graham Eshun\Local Settings\Application Data\AVG Security Toolbar
2009-12-22 04:14 . 2009-12-22 04:14   --------   d-----w-   C:\$AVG
2009-12-22 03:32 . 2009-12-22 03:32   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-12-22 03:32 . 2009-12-22 03:32   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-12-22 03:32 . 2009-12-22 03:32   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-12-22 03:32 . 2009-12-22 03:32   28424   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-12-22 03:32 . 2009-12-22 03:32   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-12-22 03:32 . 2009-12-22 03:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-22 03:31 . 2009-12-22 03:32   --------   d-----w-   c:\program files\AVG
2009-12-22 03:31 . 2009-12-22 03:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2009-12-22 02:52 . 2009-12-28 17:19   52224   ----a-w-   c:\documents and settings\Graham Eshun\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 02:52 . 2009-12-28 17:19   117760   ----a-w-   c:\documents and settings\Graham Eshun\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-22 02:52 . 2009-12-22 02:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-22 02:52 . 2009-12-22 02:52   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-12-22 02:52 . 2009-12-22 02:52   --------   d-----w-   c:\documents and settings\Graham Eshun\Application Data\SUPERAntiSpyware.com
2009-12-22 02:28 . 2009-12-22 02:28   --------   d-----w-   c:\program files\Trend Micro
2009-12-22 02:13 . 2009-12-22 02:13   --------   d-----w-   c:\program files\CCleaner
2009-12-22 02:01 . 2009-12-22 02:01   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-22 02:01 . 2009-12-22 02:01   --------   d-----w-   c:\program files\Java
2009-12-22 02:01 . 2009-12-22 02:01   152576   ----a-w-   c:\documents and settings\Graham Eshun\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-22 02:00 . 2009-12-22 02:00   79488   ----a-w-   c:\documents and settings\Graham Eshun\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-22 01:54 . 2009-12-22 01:54   --------   d-----w-   c:\documents and settings\Graham Eshun\Application Data\Malwarebytes
2009-12-22 01:25 . 2009-12-22 01:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-22 01:25 . 2009-12-03 21:14   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 01:25 . 2009-12-22 01:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-22 01:25 . 2009-12-22 01:25   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-12-22 01:25 . 2009-12-03 21:13   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-21 20:57 . 2009-12-21 20:57   --------   d-----w-   C:\log
2009-12-21 16:59 . 2009-12-21 16:59   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-21 16:59 . 2009-12-21 16:59   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2009-12-21 16:12 . 2009-12-21 16:12   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-12-20 21:07 . 2009-12-20 21:07   --------   d-----w-   c:\documents and settings\Graham Eshun\Local Settings\Application Data\Downloaded Installations
2009-12-20 20:35 . 2009-12-20 20:35   --------   d-----w-   c:\documents and settings\Graham Eshun\Application Data\PC Tools
2009-12-20 20:35 . 2009-12-20 20:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2009-12-20 14:26 . 2009-12-28 20:13   12   ----a-w-   c:\windows\bthservsdp.dat
2009-12-20 08:07 . 2009-12-20 08:07   --------   d-----w-   c:\documents and settings\Graham Eshun\Local Settings\Application Data\nikjsg
2009-12-01 12:40 . 2009-11-19 16:48   43008   ----a-w-   c:\documents and settings\Graham Eshun\Application Data\Mozilla\Firefox\Profiles\7f6sj5rk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 12:40 . 2009-11-19 16:48   340480   ----a-w-   c:\documents and settings\Graham Eshun\Application Data\Mozilla\Firefox\Profiles\7f6sj5rk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 12:40 . 2009-11-19 16:48   346624   ----a-w-   c:\documents and settings\Graham Eshun\Application Data\Mozilla\Firefox\Profiles\7f6sj5rk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-01 12:40 . 2009-11-19 16:48   872960   ----a-w-   c:\documents and settings\Graham Eshun\Application Data\Mozilla\Firefox\Profiles\7f6sj5rk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-30 12:35 . 2009-11-30 12:35   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-11-29 20:32 . 2009-11-29 20:32   --------   d-----w-   c:\windows\system32\nagasoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 14:41 . 2006-09-22 22:48   41944   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 20:09 . 2009-10-28 22:43   32   --sha-w-   c:\windows\system32\drivers\fidbox2.idx
2009-12-21 20:09 . 2009-10-28 22:43   32   --sha-w-   c:\windows\system32\drivers\fidbox2.dat
2009-12-21 20:09 . 2009-10-28 22:43   32   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2009-12-21 20:09 . 2009-10-28 22:43   32   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2009-11-17 03:13 . 2009-11-17 03:13   --------   d-----w-   c:\documents and settings\Graham Eshun\Application Data\Apple Computer
2009-11-17 03:10 . 2009-11-17 03:10   --------   d-----w-   c:\program files\iPod
2009-11-17 03:10 . 2009-11-17 03:10   --------   d-----w-   c:\program files\iTunes
2009-11-17 03:10 . 2009-11-17 03:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-17 03:09 . 2009-11-17 03:09   --------   d-----w-   c:\program files\Bonjour
2009-11-17 03:07 . 2009-11-17 03:07   --------   d-----w-   c:\program files\QuickTime
2009-11-17 03:07 . 2009-11-17 03:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-17 03:06 . 2009-11-17 03:06   --------   d-----w-   c:\program files\Apple Software Update
2009-11-17 03:04 . 2009-11-17 03:04   --------   d-----w-   c:\program files\Common Files\Apple
2009-11-17 03:04 . 2009-11-17 03:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2009-11-11 02:53 . 2006-09-22 21:42   86811   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-04 18:47 . 2009-11-04 18:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 18:37 . 2009-11-04 18:37   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-11-04 17:28 . 2009-11-04 17:28   --------   d-----w-   c:\program files\Common Files\PC Tools
2009-11-04 17:27 . 2009-11-04 17:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\TEMP
2009-10-29 07:45 . 2006-01-09 16:02   916480   ------w-   c:\windows\system32\wininet.dll
2009-10-29 01:58 . 2009-10-29 01:58   79144   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-21 05:38 . 2004-08-11 01:00   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 01:00   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-11 01:00   265728   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-14 15:42 . 2009-10-14 15:37   163142   ----a-w-   c:\windows\hpoins28.dat
2009-10-13 10:30 . 2004-08-11 01:00   270336   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-11 01:00   149504   ----a-w-   c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-11 01:00   79872   ----a-w-   c:\windows\system32\raschap.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-12-24_05.49.54   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-28 20:58 . 2009-12-28 20:58   16384              c:\windows\Temp\Perflib_Perfdata_b00.dat
+ 2009-12-28 20:58 . 2009-12-28 20:58   16384              c:\windows\Temp\Perflib_Perfdata_5c8.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01   1230080   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-01 346112]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 442368]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-16 766041]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-08 479232]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-28 198160]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-22 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-22 2033432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-8-3 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 03:32   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/21/2009 10:32 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/21/2009 10:32 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/21/2009 10:32 PM 285392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
vvdsvc   REG_MULTI_SZ      vvdsvc
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://en.ca.acer.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {4899C882-1627-4ADD-8112-6EDC8F951216} - hxxp://www.visualwebtools.com/v4Image.cab
DPF: {4C0A00A6-056B-4314-9928-A705EB97A9AE} - hxxp://www.visualwebtools.com/VWT4.cab
FF - ProfilePath - c:\documents and settings\Graham Eshun\Application Data\Mozilla\Firefox\Profiles\7f6sj5rk.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Graham Eshun\Application Data\Mozilla\Firefox\Profiles\7f6sj5rk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Graham Eshun\Application Data\Mozilla\Firefox\Profiles\7f6sj5rk.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 16:05
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-28  16:07:09
ComboFix-quarantined-files.txt  2009-12-28 21:07
ComboFix2.txt  2009-12-28 20:33
ComboFix3.txt  2009-12-24 05:51

Pre-Run: 26,052,558,848 bytes free
Post-Run: 26,010,746,880 bytes free

- - End Of File - - 0281DEFB6F60EE070A9D23DE9C969FFC

[SuperDave]

Hello abogas. Let's try one more scan. BTW, how's your computer running
ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[abogas]

Hello Dave, I have performed the online scan and there were no infected files, thus it did not give me any logs to post. Also, my computer is performing very well. All thanks to you and your crew. My question: I use MyP2P and other programs to watch sports; which ones do you advise to avoid?

[SuperDave]

Hello abogas. Things look good. P2P programs are for filesharing. Althought the programs themselves are quite safe, the files you download with them are a major source of infections and I strongly urge you not to use them. As for watching sports on your computer, it is probably safe if you have the proper protections. Now we should do some clean up. You can delete HJT but you can keep SAS and MBAM. Update them and run them once a week to keep your computer clean.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Safe surfing. 

[abogas]

Hi Dave, happy New Year. I could not get back to you due to the holidays. I have followed all the instructions that you gave me. The only problem is the computer freezes often when I restart. Presently, I do have AVG, JavaRa, SAS, Malwarebytes, CCleaner, WOT all installed. Which ones should I delete? Thanks

[SuperDave]

Hello abogas. I don't think that the computer freezing is caused by malware. You might try starting a thread in this forum. It could be caused by any number of other problems.
http://www.computerhope.com/forum/index.php/board,50.0.html
You definitely need AVG as your AV program. All the rest can stay and, as I mentioned before, update them and run them on a regular basis to keep the bugs out. Happy New Year.