1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AVG Warnings and internet Trouble

Discussion in 'Virus & Other Malware Removal' started by Romanduke, Feb 23, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
    Hi all. Couple days ago I got warnings from AVG that I had a virus. It did say it was taken care of but my internet is very slow, redirects me an sometimes wont load some pages giving the network reset screen. I also have "Ads not by this site" on sites like yahoo and I just cant get rid of the "TextEnhance" that seems to be anywhere, even here. I ran a Malwarebytes Scan an super anti spyware scan but neither seemed to help.

    Hijack This Log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:11:18 PM, on 2/23/2013
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\iWin Games\iWinTrusted.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (file missing)
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    O4 - HKCU\..\Run: [MediaGet2] C:\Documents and Settings\Main User\Local Settings\Application Data\MediaGet2\mediaget.exe --minimized
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [temp] rundll32 "C:\Documents and Settings\Main User\Local Settings\Application Data\Imprudence\temp\hrfow.dll",HrCreateProtoHandlerW
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin
    O4 - HKUS\S-1-5-18\..\Run: [temp] rundll32 "C:\Documents and Settings\Main User\Local Settings\Application Data\Imprudence\temp\hrfow.dll",HrCreateProtoHandlerW (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x089d -f video -m logitech -d 11.80.1048.0 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [temp] rundll32 "C:\Documents and Settings\Main User\Local Settings\Application Data\Imprudence\temp\hrfow.dll",HrCreateProtoHandlerW (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x089d -f video -m logitech -d 11.80.1048.0 (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Burger%20Shop/Images/stg_drm.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1355545238692
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Burger%20Shop/Images/armhelper.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: yuzuzaten - {3114e1cc-b7d0-4c2d-ad01-f7fe9fdc4c3c} - (no file)
    O21 - SSODL: sobahakek - {03e3229b-f98b-47cb-9432-80e4cdf63398} - (no file)
    O21 - SSODL: gavewebej - {d557ae7a-f8e0-47f1-bd41-cc534ad15c42} - (no file)
    O22 - SharedTaskScheduler: kupuhivus - {3114e1cc-b7d0-4c2d-ad01-f7fe9fdc4c3c} - (no file)
    O22 - SharedTaskScheduler: jugezatag - {03e3229b-f98b-47cb-9432-80e4cdf63398} - (no file)
    O22 - SharedTaskScheduler: tokatiluy - {d557ae7a-f8e0-47f1-bd41-cc534ad15c42} - (no file)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11095 bytes


    DDS Log:

    DDS:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Main User at 19:05:32 on 2013-02-23
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1173 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\iWin Games\iWinTrusted.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    uProxyOverride = <local>
    uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
    uRun: [MediaGet2] c:\documents and settings\main user\local settings\application data\mediaget2\mediaget.exe --minimized
    uRun: [AdobeBridge] <no file>
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [EfficientCalendarFree] <no file>
    dRun: [temp] rundll32 "c:\documents and settings\main user\local settings\application data\imprudence\temp\hrfow.dll",HrCreateProtoHandlerW
    dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x089d -f video -m logitech -d 11.80.1048.0
    dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\mainus~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\main user\start menu\programs\imvu\Run IMVU.lnk
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Burger%20Shop/Images/stg_drm.ocx
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351286742281
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355545238692
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Burger%20Shop/Images/armhelper.ocx
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.254.254
    TCP: Interfaces\{7121AD02-1B6F-41BE-8607-D0779B26C04F} : DHCPNameServer = 192.168.254.254
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: yuzuzaten - <orphaned>
    SSODL: sobahakek - <orphaned>
    SSODL: gavewebej - <orphaned>
    STS: {3114e1cc-b7d0-4c2d-ad01-f7fe9fdc4c3c} - <orphaned>
    STS: {03e3229b-f98b-47cb-9432-80e4cdf63398} - <orphaned>
    STS: {d557ae7a-f8e0-47f1-bd41-cc534ad15c42} - <orphaned>
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\main user\application data\mozilla\firefox\profiles\7wucojqp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\main user\application data\move networks\plugins\npqmp071706000001.dll
    FF - plugin: c:\documents and settings\main user\application data\mozilla\firefox\profiles\7wucojqp.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\main user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\documents and settings\main user\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\7\NP_wtapp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ---- FIREFOX POLICIES ----

    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
    S0 efeu;efeu;c:\windows\system32\drivers\dwjwhqxa.sys --> c:\windows\system32\drivers\dwjwhqxa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-01-25 19:44:26 918740 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2013-01-25 19:44:26 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2013-01-25 19:44:24 891960 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-09 04:02:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-12-09 04:02:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-12-09 04:02:00 746984 -c--a-w- c:\windows\system32\deployJava1.dll
    2012-12-09 04:02:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-12-01 16:21:30 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-01 16:21:30 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ============= FINISH: 19:06:28.99 ===============


    Attach:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/26/2012 5:02:02 PM
    System Uptime: 2/18/2013 4:03:28 PM (123 hours ago)
    .
    Motherboard: Dell Inc. | | 0J3492
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2993/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 178.485 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ROOT\PRINTER\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Symantec Network Security Miniport
    Device ID: ROOT\SYMC_SYMIMMP\0002
    Manufacturer: Symantec
    Name: Symantec Network Security Miniport #3
    PNP Device ID: ROOT\SYMC_SYMIMMP\0002
    Service: SymIMMP
    .
    ==== System Restore Points ===================
    .
    RP32: 11/25/2012 11:51:33 PM - System Checkpoint
    RP33: 11/27/2012 8:12:45 AM - System Checkpoint
    RP34: 11/28/2012 12:51:16 PM - System Checkpoint
    RP35: 11/28/2012 12:52:04 PM - Removed AVG 2013
    RP36: 11/29/2012 12:56:01 PM - System Checkpoint
    RP37: 11/30/2012 1:55:25 PM - System Checkpoint
    RP38: 12/1/2012 2:23:40 PM - System Checkpoint
    RP39: 12/2/2012 2:41:41 PM - System Checkpoint
    RP40: 12/3/2012 3:37:42 PM - System Checkpoint
    RP41: 12/4/2012 4:47:59 PM - System Checkpoint
    RP42: 12/6/2012 10:33:52 AM - System Checkpoint
    RP43: 12/7/2012 10:49:18 AM - System Checkpoint
    RP44: 12/8/2012 1:15:53 PM - System Checkpoint
    RP45: 12/8/2012 10:18:12 PM - Installed Windows Internet Explorer 8.
    RP46: 12/8/2012 11:01:54 PM - Installed Java 7 Update 9
    RP47: 12/9/2012 6:44:47 PM - Removed AVG 2013
    RP48: 12/10/2012 10:11:24 PM - System Checkpoint
    RP49: 12/12/2012 1:38:07 AM - System Checkpoint
    RP50: 12/13/2012 3:50:54 AM - System Checkpoint
    RP51: 12/14/2012 4:36:13 AM - System Checkpoint
    RP52: 12/14/2012 6:35:03 PM - Removed AVG 2013
    RP53: 12/16/2012 12:56:07 AM - System Checkpoint
    RP54: 12/17/2012 3:12:50 AM - System Checkpoint
    RP55: 12/18/2012 8:55:59 PM - Installed Microsoft Fix it 50403
    RP56: 12/19/2012 1:18:59 AM - Pre-Directx9.0c Install
    RP57: 12/19/2012 6:59:29 PM - Installed DirectX
    RP58: 12/21/2012 11:10:54 PM - System Checkpoint
    RP59: 12/24/2012 10:41:02 PM - Installed Windows XP -- Software Updates KB952011.
    RP60: 12/27/2012 9:40:39 PM - System Checkpoint
    RP61: 12/30/2012 5:08:59 PM - System Checkpoint
    RP62: 12/31/2012 12:25:39 AM - Installed Windows Installer KB893803v2.
    RP63: 12/31/2012 12:38:16 AM - Logitech QuickCam v11.80.1048
    RP64: 1/9/2013 10:07:19 PM - System Checkpoint
    RP65: 1/12/2013 12:27:04 PM - System Checkpoint
    RP66: 1/13/2013 2:11:05 PM - System Checkpoint
    RP67: 1/16/2013 12:45:17 PM - System Checkpoint
    RP68: 1/17/2013 10:31:51 PM - System Checkpoint
    RP69: 1/22/2013 9:27:33 PM - System Checkpoint
    RP70: 1/24/2013 6:48:13 PM - System Checkpoint
    RP71: 1/26/2013 12:29:34 AM - System Checkpoint
    RP72: 1/27/2013 3:53:29 AM - System Checkpoint
    RP73: 1/28/2013 3:50:49 PM - System Checkpoint
    RP74: 1/30/2013 3:22:02 PM - System Checkpoint
    RP75: 2/3/2013 11:50:51 PM - System Checkpoint
    RP76: 2/5/2013 1:21:05 PM - System Checkpoint
    RP77: 2/6/2013 1:23:15 PM - System Checkpoint
    RP78: 2/6/2013 5:25:05 PM - Removed AVG 2013
    RP79: 2/7/2013 9:56:43 AM - Removed AVG 2013
    RP80: 2/8/2013 10:23:20 AM - System Checkpoint
    RP81: 2/9/2013 10:51:20 PM - System Checkpoint
    RP82: 2/11/2013 12:09:14 AM - System Checkpoint
    RP83: 2/12/2013 3:11:15 AM - System Checkpoint
    RP84: 2/13/2013 1:06:31 PM - Removed AVG 2013
    RP85: 2/13/2013 7:37:19 PM - Removed Kaspersky Security Scan.
    RP86: 2/16/2013 1:28:55 AM - System Checkpoint
    RP87: 2/18/2013 4:27:02 PM - System Checkpoint
    RP88: 2/19/2013 6:48:27 PM - System Checkpoint
    RP89: 2/21/2013 12:36:07 AM - System Checkpoint
    RP90: 2/22/2013 1:42:26 AM - System Checkpoint
    RP91: 2/23/2013 2:49:59 AM - System Checkpoint
    RP92: 2/23/2013 9:04:31 AM - Removed AVG 2013
    .
    ==== Installed Programs ======================
    .
    Action Replay Code Manager
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe InDesign CS6
    Adobe Reader 9.5.1
    Adobe Shockwave Player 11.5
    Advanced WindowsCare 2.30 Personal
    Amazing Pyramids
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    Big City Adventure San Francisco (remove only)
    Blender (remove only)
    Blue's Kindergarten
    Bonjour
    Broadcom Gigabit Integrated Controller
    Burger Shop
    Burger Shop 2
    Cache Cleaner 4.3.3.3
    Canon iP2600 series
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    CCScore
    Conexant D850 56K V.9x DFVc Modem
    ConvertXtoDVD 3.3.4.106e
    Coupon Printer for Windows
    Crazy Machines - The Inventor's Workshop
    Cute Knight
    Dead Hungry Diner
    Dell Driver Download Manager
    Dell ResourceCD
    Dream Builder: Amusement Park
    Dream Day Wedding: Viva Las Vegas (remove only)
    Efficient Calendar Free 1.39
    ESET Online Scanner v3
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    Farm Frenzy 3
    FATE - The Traitor Soul
    fflink
    Free Sound Recorder v9.2.5
    Gimp 2.6.2
    Go-Go Gourmet (remove only)
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IMVU Avatar Chat Software
    IMVU Tools
    Island Defense
    iTunes
    iWin Games (remove only)
    Jass-2-pub (remove only)
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 15
    Java(TM) 6 Update 23
    Java(TM) 6 Update 31
    Jigsaw Boom
    Katy and Bob: Way Back Home
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kitchen Brigade (remove only)
    Kodak EasyShare software
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Malwarebytes Anti-Malware version 1.70.0.1100
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Monopoly Here & Now Edition
    Move Media Player
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSU Screen Capture Lossless Codec v1.2 (Remove Only)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    netbrdg
    Northern Tale
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OfotoXMI
    OpenOffice.org 3.0
    Pandora
    PDF Settings CS6
    PeerBlock 1.1 (r518)
    PeerGuardian 2.0
    Phoenix Viewer 1.6.0.1691
    PowerDVD
    PresentaVid
    PriceGong 2.1.0
    Prison Tycoon - Alcatraz
    PunkBuster Services
    Python 2.6.5
    QuickTime
    Restaurant Empire
    RollerCoaster Tycoon 3: Platinum
    SecondLifeViewer2 (remove only)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Windows XP (KB923789)
    SFR
    Shaman Odyssey - Tropic Adventure
    SHASTA
    skin0001
    SKINXSDK
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    staticcr
    Super Mario World
    SUPERAntiSpyware Free Edition
    Supermarket Mania (remove only)
    The Promised Land
    THE SETTLERS - Rise of an Empire
    tooltips
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update Installer for WildTangent Games App
    Vacation Mogul (remove only)
    Vanilla and Chocolate
    VLC media player 1.0.0
    VPRINTOL
    Way to Go! Bowling
    WebFldrs XP
    Where Angels Cry
    WildTangent Games
    WildTangent Games App
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    WIRELESS
    Wondershare DVD Slideshow Builder Deluxe(Build 6.1.11.66)
    World of Warcraft
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yontoo Layers Client 1.10.01
    Youda Farmer
    Youda Survivor 2
    Youda Sushi Chef
    Zelda Classic 2.10w
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/16/2013 4:48:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    2/16/2013 4:48:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    2/16/2013 4:48:23 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    .
    ==== End Of File ===========================


    GMER Log:
    GMER 2.1.19081 - http://www.gmer.net
    Rootkit scan 2013-02-23 19:41:03
    Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.01.0 298.09GB
    Running: jd0fnlvc.exe; Driver: C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\kfecikob.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB87ED14A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB87ED21A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB87ECD7C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xB87ECF6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xB87ED000]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9AFF0B0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB87ECECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB87ED09C]

    ---- Kernel code sections - GMER 2.1 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5A5A3A0, 0x59FFE5, 0xE8000020]
    ? C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

    ---- User code sections - GMER 2.1 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[1464] kernel32.dll!WriteFile 7C810F9F 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

    ---- EOF - GMER 2.1 ----
     
  2. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
  3. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
    *Bump*
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,339
    Please post screenshots directly in the thread so we don't have to go to third party sites to view them and for easier reference.

    Why have you never updated the operating system to SP3?

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  5. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
    I was actually trying to do those updates but got an error in IE8 (The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.) that I thought might be related to whatever I have going on with the AVG warnings. Their fix didnt work for me so hoping this may do the trick.



    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
    Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
    Windows Product ID: 76477-OEM-2111907-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    ID: {48D02D45-AF50-44DD-998D-069CDCA20023}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{48D02D45-AF50-44DD-998D-069CDCA20023}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1060284298-1767777339-839522115</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dimension 8400 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="3"/><Date>20060707000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>B07E39970184E073</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1AD7F:Dell Inc|1AD7F:Microsoft Corporation
    Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

    OEM Activation 2.0 Data-->
    N/A
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,339
    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  7. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
    I already have Combofix on here. When trying to delete it for a clean download it does tell me that what I am deleting is a read only file. I dont see Combofix in my Add/Remove Programs List. Is tossing the shortcut sufficient enough for a whole new clean download of Combofix?
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,339
    Yes, it should be.
     
  9. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
    I ran Combofix everything went fine except the last part, the part for the log, I let it run for over an hour, but the screen never changed. I think it froze up on me. I disabled AVG till restart. Should I have did a temporary uninstall?
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,339
    If AVG didn't interfere then it should have been fine. I assume there was no log created at C:\combofix.txt?

    If not try running ComboFix in safe mode please.
     
  11. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
    No log where you described.
    I did have to uninstall AVG to run Combofix in safe mode. After uninstalling everything seemed to run fine until stage 50 was completed. I got this error:

    grep.3XE has encountered a problem and needs to close. We are sorry for the inconvenience.

    if you were in the middle of something, the information you were working on might be lost.

    For more information about this error, click here



    grep.3XE
    Error signature
    AppName: grep.3xe AppVer: 0.0.0.0 ModName: grep.3xe
    ModVer: 0.0.0.0 Offset: 00009216
    To view techinical information about the error report, click here.

    Error Report Contents

    A very very long txt that would take me forever to type up since it wouldnt let me copy it in any way.

    The following files will be included in this report:
    C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\4415_appcompat.txt


    Combofix still ran after that error. It finished the scan then the screen cleared and showed the window asking if I wanted to continue in safe mode. I clicked yes an Combofix was still running showing the creating log screen. I let it run all morning but still no log came up. I checked where you suggested earlier an no log file there either.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,339
    AVG may have damaged ComboFix so please drag it to the Recycle Bin and grab a new copy. Then try running it again in safe mode please.
     
  13. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
    ComboFix 13-03-05.01 - Main User 03/06/2013 22:00:11.9.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1743 [GMT -5:00]
    Running from: c:\documents and settings\Main User\Desktop\puppy.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Main User\Recent\Thumbs.db
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NVSVC
    -------\Service_NVSvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-07 02:21 . 2013-03-07 02:21 -------- d-----w- c:\windows\LastGood.Tmp
    2013-03-05 17:07 . 2013-03-05 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2013-03-03 15:06 . 2013-03-03 15:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2013-03-03 15:06 . 2013-03-03 15:06 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2013-03-03 15:06 . 2013-03-03 15:06 -------- d--h--w- c:\program files\CanonBJ
    2013-02-27 02:42 . 2013-02-27 02:42 -------- d-----w- c:\documents and settings\Main User\Local Settings\Application Data\Aeria Games
    2013-02-27 02:42 . 2013-02-27 02:42 -------- d-----w- C:\ProgramData
    2013-02-27 02:29 . 2013-02-27 02:29 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2013-02-27 02:29 . 2013-02-27 02:29 -------- d-----w- c:\program files\Aeria Games
    2013-02-27 00:28 . 2013-02-27 00:29 -------- d-----w- c:\documents and settings\Main User\Local Settings\Application Data\Akamai
    2013-02-27 00:28 . 2013-02-27 02:29 -------- d-----w- C:\AeriaGames
    2013-02-23 14:47 . 2013-02-23 14:47 -------- d-----w- c:\program files\Common Files\CANON
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-14 21:49 . 2010-01-31 07:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-09 04:02 . 2012-12-09 04:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-12-09 04:02 . 2012-12-09 04:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-12-09 04:02 . 2010-05-12 16:59 746984 -c--a-w- c:\windows\system32\deployJava1.dll
    2012-12-09 04:02 . 2009-09-03 21:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-12 17:57 . 2011-05-31 01:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [BU]
    "MediaGet2"="c:\documents and settings\Main User\Local Settings\Application Data\MediaGet2\mediaget.exe" [BU]
    "AdobeBridge"="" [BU]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "Akamai NetSession Interface"="c:\documents and settings\Main User\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
    "EfficientCalendarFree"="" [BU]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "nwiz"="nwiz.exe" [BU]
    "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2013-01-08 1794224]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544]
    .
    c:\documents and settings\Guest\Start Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
    .
    c:\documents and settings\Main User\Start Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Main User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Main User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Main User^Start Menu^Programs^Startup^NHC Media Plugin.lnk]
    path=c:\documents and settings\Main User\Start Menu\Programs\Startup\NHC Media Plugin.lnk
    backup=c:\windows\pss\NHC Media Plugin.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    c:\program files\Windows Live\Messenger\msnmsgr.exe [BU]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\iWin Games\\iWinGames.exe"=
    "c:\\Program Files\\iWin Games\\WebUpdater.exe"=
    "c:\\Documents and Settings\\Main User\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
    "c:\\Program Files\\NHC\\nhcMediaPlugin.exe"=
    "c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
    "c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=
    "c:\\Documents and Settings\\Main User\\Application Data\\IMVUClient\\IMVUClient.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\WildTangent Games\\App\\GameLauncher.exe"=
    "c:\\Program Files\\WildTangent Games\\App\\GameConsole.exe"=
    "c:\\Program Files\\WildTangent Games\\App\\GameConsole-wt.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1544\\Agent.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Documents and Settings\\Main User\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
    "2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    S0 efeu;efeu;c:\windows\system32\drivers\dwjwhqxa.sys --> c:\windows\system32\drivers\dwjwhqxa.sys [?]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
    S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 10:17 AM 176848]
    S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/11/2009 2:53 PM 47360]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = <local>
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
    TCP: DhcpNameServer = 192.168.254.254
    FF - ProfilePath - c:\documents and settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 0

    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SharedTaskScheduler-{3114e1cc-b7d0-4c2d-ad01-f7fe9fdc4c3c} - (no file)
    SharedTaskScheduler-{03e3229b-f98b-47cb-9432-80e4cdf63398} - (no file)
    SharedTaskScheduler-{d557ae7a-f8e0-47f1-bd41-cc534ad15c42} - (no file)
    SSODL-yuzuzaten-{3114e1cc-b7d0-4c2d-ad01-f7fe9fdc4c3c} - (no file)
    SSODL-sobahakek-{03e3229b-f98b-47cb-9432-80e4cdf63398} - (no file)
    SSODL-gavewebej-{d557ae7a-f8e0-47f1-bd41-cc534ad15c42} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-06 22:14
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(596)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    - - - - - - - > 'explorer.exe'(468)
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2013-03-07 05:57:37
    ComboFix-quarantined-files.txt 2013-03-07 10:57
    ComboFix2.txt 2009-08-30 19:22
    .
    Pre-Run: 187,161,722,880 bytes free
    Post-Run: 187,146,362,880 bytes free
    .
    - - End Of File - - 8862A5DB79681E098E0F491E88FD426C
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,339
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    c:\windows\system32\drivers\dwjwhqxa.sys
    
    Folder::
    c:\windows\system32\AI_RecycleBin
    
    Driver::
    efeu
    
    DirLook::
    C:\ProgramData
    
    Firefox::
    FF - ProfilePath - c:\documents and settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
     
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe (or the renamed puppy.exe if you were asked to rename it).

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  15. Romanduke

    Romanduke Thread Starter

    Joined:
    Aug 22, 2009
    Messages:
    132
    Took over 8 hours for the log but I finally got it :)

    ComboFix 13-03-07.02 - Main User 03/07/2013 13:23:43.10.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1744 [GMT -5:00]
    Running from: c:\documents and settings\Main User\Desktop\puppy.exe
    Command switches used :: c:\documents and settings\Main User\Desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\system32\drivers\dwjwhqxa.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\AI_RecycleBin
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_efeu
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-05 17:07 . 2013-03-05 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2013-03-03 15:06 . 2013-03-03 15:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2013-03-03 15:06 . 2013-03-03 15:06 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2013-03-03 15:06 . 2013-03-03 15:06 -------- d--h--w- c:\program files\CanonBJ
    2013-02-27 02:42 . 2013-02-27 02:42 -------- d-----w- c:\documents and settings\Main User\Local Settings\Application Data\Aeria Games
    2013-02-27 02:42 . 2013-02-27 02:42 -------- d-----w- C:\ProgramData
    2013-02-27 02:29 . 2013-02-27 02:29 -------- d-----w- c:\program files\Aeria Games
    2013-02-27 00:28 . 2013-02-27 00:29 -------- d-----w- c:\documents and settings\Main User\Local Settings\Application Data\Akamai
    2013-02-27 00:28 . 2013-02-27 02:29 -------- d-----w- C:\AeriaGames
    2013-02-23 14:47 . 2013-02-23 14:47 -------- d-----w- c:\program files\Common Files\CANON
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-14 21:49 . 2010-01-31 07:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-09 04:02 . 2012-12-09 04:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-12-09 04:02 . 2012-12-09 04:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-12-09 04:02 . 2010-05-12 16:59 746984 -c--a-w- c:\windows\system32\deployJava1.dll
    2012-12-09 04:02 . 2009-09-03 21:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-12 17:57 . 2011-05-31 01:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\ProgramData ----
    .
    2013-03-03 23:25 . 2013-03-07 18:42 12462 ----a-w- c:\programdata\Aeria Games\Ignite\Data\aeriaignite_201303.log
    2013-02-27 02:44 . 2013-02-27 02:44 39 ----a-w- c:\programdata\Aeria Games\Ignite\Data\AGConnect_201302.log
    2013-02-27 02:42 . 2013-03-07 18:41 98304 ----a-w- c:\programdata\Aeria Games\Ignite\Data\db.dat
    2013-02-27 02:42 . 2013-03-03 21:28 7760 ----a-w- c:\programdata\Aeria Games\Ignite\Data\aeriaignite_201302.log
    2013-02-27 02:42 . 2013-03-07 18:41 2178 ----a-w- c:\programdata\Aeria Games\Ignite\Data\cache.dat
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [BU]
    "MediaGet2"="c:\documents and settings\Main User\Local Settings\Application Data\MediaGet2\mediaget.exe" [BU]
    "AdobeBridge"="" [BU]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "Akamai NetSession Interface"="c:\documents and settings\Main User\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
    "EfficientCalendarFree"="" [BU]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "nwiz"="nwiz.exe" [BU]
    "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2013-01-08 1794224]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544]
    .
    c:\documents and settings\Guest\Start Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
    .
    c:\documents and settings\Main User\Start Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Main User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Main User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Main User^Start Menu^Programs^Startup^NHC Media Plugin.lnk]
    path=c:\documents and settings\Main User\Start Menu\Programs\Startup\NHC Media Plugin.lnk
    backup=c:\windows\pss\NHC Media Plugin.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    c:\program files\Windows Live\Messenger\msnmsgr.exe [BU]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\iWin Games\\iWinGames.exe"=
    "c:\\Program Files\\iWin Games\\WebUpdater.exe"=
    "c:\\Documents and Settings\\Main User\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
    "c:\\Program Files\\NHC\\nhcMediaPlugin.exe"=
    "c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
    "c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=
    "c:\\Documents and Settings\\Main User\\Application Data\\IMVUClient\\IMVUClient.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\WildTangent Games\\App\\GameLauncher.exe"=
    "c:\\Program Files\\WildTangent Games\\App\\GameConsole.exe"=
    "c:\\Program Files\\WildTangent Games\\App\\GameConsole-wt.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1544\\Agent.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Documents and Settings\\Main User\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
    "2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "1058:TCP"= 1058:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
    R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 10:17 AM 176848]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/11/2009 2:53 PM 47360]
    S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = <local>
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
    TCP: DhcpNameServer = 192.168.254.254
    FF - ProfilePath - c:\documents and settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 0

    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-07 13:41
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(652)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    - - - - - - - > 'explorer.exe'(6324)
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Analog Devices\SoundMAX\spkrmon.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    .
    **************************************************************************
    .
    Completion time: 2013-03-07 21:09:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-03-08 02:09
    ComboFix2.txt 2013-03-07 10:57
    ComboFix3.txt 2009-08-30 19:22
    .
    Pre-Run: 186,992,336,896 bytes free
    Post-Run: 186,972,319,744 bytes free
    .
    - - End Of File - - 8D1B5071EAD337BB571E3A824088D6C0
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090752

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice