Your help would be very much appreciated

Hello

 

 

These are my logs as requested

 

AVG I had already installed and done a system scan, unfortunatly I dont have the log, i did however quarintine the following:

 

Virus Name                                         Path

Virus identified Worm/Spybot..AVN.         C:\WINDOWS\system32\ieservicesupd.exe

Trojan horse Downloader.Generic5.SOA    C:\345634635643.exe

Trojan horse Downloader.Generic5.SOA    C:\syst.exe

Trojan horse Downloader.Generic5.SOA    C:sysxaxm.exe

Trojan horse Generic6.MUL                    C:\WINDOWS\system32\dllh8jkd1q2.exe

Trojan horse Downloader.Generic5.SOA    C:\WINDOWS\system32\kernelwind32.exe

 

 

Hijack This

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:30, on 01/09/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Winsock6 MIC driver] IESERVICESUPD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?927f13840a4c459193c6fe0a240f6b85
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?927f13840a4c459193c6fe0a240f6b85
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24d8aefecac689326605/netzip/RdxIE601.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

--
End of file - 5879 bytes

 

Rootlog

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
01/09/2007 15:57:11.66

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 15:57:12
Windows 5.1.2600
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\xe6H\xf5w\17\xe6\1]
"DisplayName"="\t"
"DeviceDesc"="\t"
"ProviderName"=""
"MFG"="\xf78"
"ReinstallString"="2002, 6.13.10.6095"
"DeviceInstanceIds"=str(7):""

scanning hidden files ...

hidden processes: 0
hidden files: 0

Combo fix Log

 

ComboFix 07-08-30.3 - "mark" 2007-09-01 16:03:43.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.0.1252.1.1033.18.99 [GMT 1:00]
 * Created a new restore point

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\mark\APPLIC~1\install.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\00258A2F.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\vx.tll

(((((((((((((((((((((((((   Files Created from 2007-08-01 to 2007-09-01  )))))))))))))))))))))))))))))))

2007-09-01 16:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-01 15:48 <DIR> d-------- C:\Program Files\CCleaner
2007-08-25 13:30 26,920,408 --a------ C:\avg75free_484a1103.exe
2007-08-15 21:23 <DIR> d-------- C:\DOCUME~1\mark\APPLIC~1\Talkback
2007-08-15 21:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-15 19:50 <DIR> d-------- C:\bfu
2007-08-11 21:15 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-11 20:49 <DIR> d-------- C:\WINDOWS\WLTB Custom Button Feeds
2007-08-11 20:42 <DIR> d-------- C:\WINDOWS\system32\rtnfs.exe, C
2007-08-10 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
2007-08-10 19:45 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-08-10 19:45 <DIR> d-------- C:\DOCUME~1\mark\APPLIC~1\NCH Swift Sound
2007-08-10 18:38 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-08-10 18:31 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-08-10 18:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-08-10 18:23 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-08-10 18:21 <DIR> d-------- C:\Program Files\Windows Media Components
2007-08-05 22:39 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-05 22:32 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-08-03 20:58 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-02 19:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-08-02 19:57 <DIR> d-------- C:\DOCUME~1\mark\APPLIC~1\Azureus
2007-08-02 19:52 <DIR> d-------- C:\Program Files\Azureus

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 14:15 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 14:14 --------- d-------- C:\Program Files\Nokia
2007-08-25 14:08 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-11 20:58 --------- d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-10 18:39 --------- d-------- C:\Program Files\QuickTime
2007-08-10 18:08 --------- d-------- C:\Program Files\Google
2007-08-08 19:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-06 20:06 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-04 21:24 --------- d-------- C:\Program Files\MSN Messenger
2007-08-04 20:16 --------- d-------- C:\Program Files\Championship Manager 5
2007-08-04 19:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-08-02 19:05 --------- d-------- C:\DOCUME~1\mark\APPLIC~1\Google
2007-07-30 20:30 --------- d-------- C:\DOCUME~1\mark\APPLIC~1\AdobeAUM
2007-07-30 20:29 --------- d-------- C:\DOCUME~1\mark\APPLIC~1\Leadertech
2007-07-30 20:21 --------- d-------- C:\Program Files\HP
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 21:47 --------- d-------- C:\Program Files\MSXML 4.0
2007-07-24 16:22 --------- d-------- C:\DOCUME~1\mark\APPLIC~1\Roxio
2007-07-24 15:51 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-07-24 15:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-07-24 15:15 --------- d-------- C:\DOCUME~1\mark\APPLIC~1\Real
2007-07-24 15:09 --------- d-------- C:\Program Files\Common Files\xing shared
2007-07-24 15:09 --------- d-------- C:\Program Files\Common Files\Real
2007-07-24 15:08 --------- d-------- C:\Program Files\Real
2007-07-23 17:43 --------- d-------- C:\Program Files\NETGEAR
2007-07-14 07:22 --------- d-------- C:\Program Files\USB Disk Win98 Driver
2006-03-17 11:41 265984 --a------ C:\WINDOWS\inf\WG511v2\WG511v2XP.sys
2006-03-17 11:41 265856 --a------ C:\WINDOWS\inf\WG511v2\WG511v2.sys
2006-03-17 11:41 212992 --a------ C:\WINDOWS\inf\WG511v2\CopyWHQLDriver.exe

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-05-21 22:20 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2002-05-21 22:20 C:\WINDOWS\system32\atiptaxx.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe" [2007-06-26 22:01]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [2007-06-26 22:01]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-24 15:08]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"HPWUTOOLBOX"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 11:31]
"Winsock6 MIC driver"="IESERVICESUPD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-10 18:38]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-25 13:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-04 08:13]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=1 (0x1)
"Btn_Back"=1 (0x1)
"Btn_Forward"=1 (0x1)
"Btn_Stop"=1 (0x1)
"Btn_Refresh"=1 (0x1)
"Btn_Home"=1 (0x1)
"Btn_Search"=1 (0x1)
"Btn_Favorites"=1 (0x1)
"Btn_History"=1 (0x1)
"Btn_Media"=1 (0x1)
"Btn_Folders"=1 (0x1)
"Btn_Fullscreen"=1 (0x1)
"Btn_Tools"=1 (0x1)
"Btn_MailNews"=1 (0x1)
"Btn_Size"=1 (0x1)
"Btn_Print"=1 (0x1)
"Btn_Edit"=1 (0x1)
"Btn_Discussions"=1 (0x1)
"Btn_Cut"=1 (0x1)
"Btn_Copy"=1 (0x1)
"Btn_Paste"=1 (0x1)
"Btn_Encoding"=1 (0x1)

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\System32\DRIVERS\tffsport.sys
R3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335);C:\WINDOWS\System32\DRIVERS\WG511v2XP.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-09-01 14:24:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-01 16:06:00
Windows 5.1.2600  NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [1688] 0xFF4ED020

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Winsock6 MIC driver = IESERVICESUPD.EXE?test?#?????rK-?#?enternot?????Winsock6 MIC driver?????Internetservices?Internetservices???????????mIRC v6.03 

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-01 16:06:46
C:\ComboFix-quarantined-files.txt ... 2007-09-01 16:06

 --- E O F ---

 

I have noticed by doing this so far my computer seems to be quicker already or is this just my imagination ?

 

Thanks for your help so far.

 

 

 

 

 

 

 

However You need to update XP

 

---