3 logs....

[kjames]

these are logs from a friend's cpu, can someone please help when they have time...

as always thanks!!

SUPER:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/09/2008 at 12:29 PM

Application Version : 4.22.1014

Core Rules Database Version : 3640
Trace Rules Database Version: 1623

Scan type       : Complete Scan
Total Scan Time : 00:45:29

Memory items scanned      : 382
Memory threats detected   : 0
Registry items scanned    : 4706
Registry threats detected : 42
File items scanned        : 38669
File threats detected     : 23

Rogue.VirusResponseLab2009
   [avrlabs] C:\PROGRAM FILES\AVRLABS\AVRLABS.EXE
   C:\PROGRAM FILES\AVRLABS\AVRLABS.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP788\A0050873.EXE

Adware.Vundo Variant
   HKLM\Software\Classes\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}
   HKCR\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}
   HKCR\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}#www
   HKCR\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}\InprocServer32
   HKCR\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}\InprocServer32#ThreadingModel
   C:\PROGRAM FILES\WEBMEDIAVIEWER\HPMUN.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}
   HKU\S-1-5-21-295953469-2371378593-743486758-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}
   HKCR\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}

Adware.WhenU
   HKCR\WUSN.1
   HKCR\WUSN.1#WUSN_Id

Browser Hijacker.Favorites
   C:\Documents and Settings\bruno decaria\Favorites\Pharmacy\Copper Label - Prizes.url
   C:\Documents and Settings\bruno decaria\Favorites\Pharmacy\Pharmacy Board Home Page.url
   C:\Documents and Settings\bruno decaria\Favorites\Pharmacy\RxSchool - Pharmacy Continuing Education 05-7-07.url
   C:\Documents and Settings\bruno decaria\Favorites\Pharmacy\Therapeutic Research Center Therapeutic Research.url
   C:\Documents and Settings\bruno decaria\Favorites\Pharmacy

Trojan.Media-Codec
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#InstDate

Trojan.VideoCach/Gen
   HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
   HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
   HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0
   HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0\win32
   HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
   HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
   HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
   HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
   HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
   HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
   HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
   HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
   HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
   HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
   HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
   HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version

Adware.E404 Helper/Hij
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
   HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
   HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Trojan.FakeAlert/TinyProxy
   C:\Program Files\TINYPROXY\tinyproxy.exe
   C:\Program Files\TINYPROXY

Rogue.VirusTrigger
   C:\Program Files\WEBMEDIAVIEWER\browseu.exe
   C:\Program Files\WEBMEDIAVIEWER\hpmom.exe
   C:\Program Files\WEBMEDIAVIEWER\hpmon.exe
   C:\Program Files\WEBMEDIAVIEWER\hpmun.exe
   C:\Program Files\WEBMEDIAVIEWER\myc.ico
   C:\Program Files\WEBMEDIAVIEWER\myd.ico
   C:\Program Files\WEBMEDIAVIEWER\mym.ico
   C:\Program Files\WEBMEDIAVIEWER\myp.ico
   C:\Program Files\WEBMEDIAVIEWER\myv.ico
   C:\Program Files\WEBMEDIAVIEWER\ot.ico
   C:\Program Files\WEBMEDIAVIEWER\ts.ico
   C:\Program Files\WEBMEDIAVIEWER
   C:\WINDOWS\Prefetch\HPMON.EXE-0CCA98F5.pf

[kjames]

mbam:
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/9/2008 12:43:51 PM
mbam-log-2008-12-09 (12-43-51).txt

Scan type: Quick Scan
Objects scanned: 50773
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gtckad.dll (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{61d70260-527c-44e8-bb23-2243e93808d3} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\avrlabswarning.warningbho (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\avrlabswarning.warningbho.1 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\avrlabs (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{61d70260-527c-44e8-bb23-2243e93808d3} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\VMware hptray (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gtckad.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\bruno decaria\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\bruno decaria\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\bruno decaria\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\bruno decaria\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Online Spyware Test.url (Rogue.Link) -> Quarantined and deleted successfully.

[kjames]

hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:44 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=asst&client_id=6E08147001C91304363FAE37&install_time=10-09-2008:01:16&src_id=20001&camp_id=29&tb_version=2.2.0.297&url=http://m.www.yahoo.com/ (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: 351631 helper - {6A26574A-DD6D-4382-8C76-0DF06C478D3A} - C:\WINDOWS\system32\351631\351631.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: avrlabsWarningBHO Class - {D695B871-8020-4041-A6D2-59F922E1B2E2} - C:\Program Files\avrlabs\avrlabsWarning.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: betED.com Poker - {6df1a9a1-389a-41ac-a56d-e0d340098590} - C:\Documents and Settings\bruno decaria\Start Menu\Programs\betED.com Poker\betED.com Poker.lnk (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160410336484
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logical Disk Manager (dmserver)  - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8589 bytes

[kjames]

everytime we plug the internet in... the applications will not work, we cannot update java...

[kjames]

I'm not trying to bump my post... Sorry if I am... just another update... I tried to run combofix, it ran with many errors and no help.... the computer becomes unresponsive whenever we plug the internet in... should i post this log as well....

[evilfantasy]

should i post this log as well....

Yes.

[kjames]

ComboFix 08-08-04.09 - bruno decaria 2008-12-11  7:51:41.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.219 [GMT -5:00]
Running from: E:\cf2332.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((   Files Created from 2008-11-11 to 2008-12-11  )))))))))))))))))))))))))))))))
.

2008-12-09 13:10 . 2008-12-09 13:10   <DIR>   d--------   C:\Program Files\Trend Micro
2008-12-09 12:38 . 2008-12-09 12:38   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-12-09 12:38 . 2008-12-09 12:38   <DIR>   d--------   C:\Documents and Settings\bruno decaria\Application Data\Malwarebytes
2008-12-09 12:38 . 2008-12-09 12:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-09 12:38 . 2008-12-03 19:59   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-09 12:38 . 2008-12-03 19:59   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-12-09 11:30 . 2008-12-09 11:30   <DIR>   d--------   C:\Program Files\CCleaner
2008-12-08 20:19 . 2008-12-08 20:19   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-12-08 20:19 . 2008-12-08 20:19   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-12-08 20:19 . 2008-12-08 20:19   <DIR>   d--------   C:\Documents and Settings\bruno decaria\Application Data\SUPERAntiSpyware.com
2008-12-08 20:19 . 2008-12-08 20:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-08 20:09 . 2008-12-10 08:12   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-12-08 20:07 . 2008-12-08 20:07   97,928   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-12-08 20:07 . 2008-12-08 20:07   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-12-08 20:07 . 2008-12-08 20:07   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-12-08 20:06 . 2008-12-08 20:06   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-12-08 20:06 . 2008-12-08 20:06   <DIR>   d--------   C:\Program Files\AVG
2008-12-08 20:06 . 2008-12-08 20:09   <DIR>   d--------   C:\Documents and Settings\bruno decaria\Application Data\AVGTOOLBAR
2008-12-08 20:06 . 2008-12-08 20:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-12-08 20:00 . 2006-01-30 18:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Sonic
2008-12-08 20:00 . 2008-12-08 20:07   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-12-06 23:01 . 2006-01-30 18:47   <DIR>   d--------   C:\Documents and Settings\noel\Application Data\Sonic
2008-12-06 23:01 . 2008-12-06 23:01   <DIR>   d--------   C:\Documents and Settings\noel\Application Data\alot
2008-12-06 23:01 . 2008-12-08 20:07   <DIR>   d--------   C:\Documents and Settings\noel
2008-12-05 19:24 . 2008-12-09 12:31   <DIR>   d--------   C:\Program Files\avrlabs
2008-12-05 19:24 . 2008-12-05 19:24   <DIR>   d--hs----   C:\Documents and Settings\bruno decaria\DC48230827A3E4F8
2008-12-03 21:40 . 2008-12-08 20:09   <DIR>   d--------   C:\WINDOWS\system32\351631
2008-12-03 21:40 . 2008-12-04 20:18   478   ---h-----   C:\WINDOWS\f49f4d98.dat
2008-12-03 21:40 . 2008-12-05 19:23   1   ---h-----   C:\WINDOWS\f49f4daa.dat
2008-12-03 13:28 . 2008-12-03 13:28   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-12-03 13:28 . 2008-12-03 13:28   1,409   --a------   C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 13:05   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-09 18:25   ---------   d-----w   C:\Program Files\Google
2008-12-09 16:07   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-07 04:05   ---------   d-----w   C:\Program Files\Bodog Poker
2008-12-05 16:58   ---------   d-----w   C:\Documents and Settings\bruno decaria\Application Data\alot
2008-12-03 18:11   ---------   d-----w   C:\Program Files\Yahoo! Games
2008-12-03 18:11   ---------   d-----w   C:\Program Files\GameHouse
2008-12-03 18:10   ---------   d-----w   C:\Documents and Settings\bruno decaria\Application Data\PlayFirst
2008-12-03 18:08   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-12-03 18:08   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\HipSoft
2008-12-01 21:21   ---------   d--h--w   C:\Documents and Settings\bruno decaria\Application Data\Move Networks
2008-11-23 19:19   ---------   d-----w   C:\Program Files\betED.com
2008-10-24 11:10   453,632   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-24 11:10   453,632   ------w   C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-20 12:21   ---------   d-----w   C:\Documents and Settings\bruno decaria\Application Data\MSNInstaller
2008-10-16 19:13   202,776   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-10-16 19:13   202,776   ----a-w   C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 19:13   1,809,944   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-10-16 19:13   1,809,944   ----a-w   C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 19:12   561,688   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-10-16 19:12   561,688   ----a-w   C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 19:12   323,608   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-10-16 19:12   323,608   ----a-w   C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 19:09   92,696   ----a-w   C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 19:09   92,696   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-10-16 19:09   51,224   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-10-16 19:09   51,224   ----a-w   C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 19:09   43,544   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-10-16 19:08   34,328   ----a-w   C:\WINDOWS\system32\wups.dll
2008-10-16 19:08   34,328   ----a-w   C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 19:06   268,648   ----a-w   C:\WINDOWS\system32\mucltui.dll
2008-10-16 19:06   208,744   ----a-w   C:\WINDOWS\system32\muweb.dll
2008-10-15 16:57   332,800   ------w   C:\WINDOWS\system32\dllcache\netapi32.dll
2008-09-15 11:57   1,846,016   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57   1,846,016   ------w   C:\WINDOWS\system32\dllcache\win32k.sys
2006-05-13 14:28   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 21:55 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 04:33 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 16:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 16:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 16:36 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 18:24 684032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-01-30 18:46 168448]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-17 07:28 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 01:38 34672]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-12-08 20:06 1261336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50 217193]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-01-30 18:41:31 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PowerTerm WebConnect 5.1\\www.decariarx.com\\PtLpd.exe"=
"C:\\PowerTerm WebConnect 5.1\\www.decariarx.com\\ptermX.exe"=
"C:\\Program Files\\betED.com\\client.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-12-08 20:07]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-08 20:06]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 20:06]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-12-08 20:07]
R2 DC48230827A3E4F8;DC48230827A3E4F8;C:\Documents and Settings\bruno decaria\DC48230827A3E4F8\DC48230827A3E4F8 [2008-12-05 19:24]
S2 Logical Disk Manager (dmserver) ;Logical Disk Manager (dmserver) ;C:\Program Files\tinyproxy\tinyproxy.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{6A26574A-DD6D-4382-8C76-0DF06C478D3A} - C:\WINDOWS\system32\351631\351631.dll
BHO-{D695B871-8020-4041-A6D2-59F922E1B2E2} - C:\Program Files\avrlabs\avrlabsWarning.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://yahoo.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 -: HKCU-Internet Settings,ProxyOverride = *.local;<local>
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 07:52:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DC48230827A3E4F8]
"ImagePath"="\??\C:\Documents and Settings\bruno decaria\DC48230827A3E4F8\DC48230827A3E4F8"
.
Completion time: 2008-12-11  7:54:31
ComboFix-quarantined-files.txt  2008-12-11 12:54:19

Pre-Run: 69,572,632,576 bytes free
Post-Run: 69,640,871,936 bytes free

158   --- E O F ---   2008-12-10 13:19:09

[evilfantasy]

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
- O2 - BHO: 351631 helper - {6A26574A-DD6D-4382-8C76-0DF06C478D3A} - C:\WINDOWS\system32\351631\351631.dll (file missing)
- O2 - BHO: avrlabsWarningBHO Class - {D695B871-8020-4041-A6D2-59F922E1B2E2} - C:\Program Files\avrlabs\avrlabsWarning.dll (file missing)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

[kjames]

evil,

the files were not present on hijack... i downloaded the virus scan you requested b/c i cannot access the internet on the infected cpu... however the program will not install due to AVG being already installed... when i removed AVG i get the same error....

[evilfantasy]

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
• Check the box in section 2, Fix Windows Installer.
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
• Check all boxes in Section 5, labeled Registration Center.
• Click Go
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

.
How is the Internet now?

[evilfantasy]

Also I don't want you to install Kaspersky, just to use the Kaspersky Online Scanner.

[kjames]

dial/fix ran, no errors, still no internet... windows says limited or no connectivity & IE will not even open...

[evilfantasy]

Unplug your router or use the reset button to reset it.

Also go to Stsrt > Run and type ipconfig /flushdns (note the space between the ipconfig and /flushdns then click OK.

How about now?

[kjames]

evil,

after i ran ipconfig /flushdns a command prompt opened at that was all.... still no internet...

[evilfantasy]

And resetting the router didn't help either?