1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Blocked Yahoo, Bing and Google Search Engine

Discussion in 'Virus & Other Malware Removal' started by Newport11, Mar 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Newport11

    Newport11 Thread Starter

    Joined:
    Mar 4, 2012
    Messages:
    1
    Hello,

    While reading my morning news, I subbled upon one of the local site visits, that apparently was hacked.

    It redirected me to a youtube video, and asked me to install various stoftware, at which point I immediatly closed IE.

    Apparently not soon enough, as now I can not use either Yahoo, Bing or Google search engines. It simply times out. However, I can brouse Yahoo, but not the others.

    Here are the results of the scans;

    ______________________________________________________________________________________________________________________________
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz, x86 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 1013 Mb
    Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 256 Mb
    Hard Drives: C: Total - 76285 MB, Free - 9978 MB;
    Motherboard: Dell Inc., 0KU184
    Antivirus: AVG Anti-Virus Free Edition 2012, Updated: Yes, On-Demand Scanner: Enabled

    _____________________________________________________________________________________________________________________________________

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:08:51 PM, on 3/4/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: AuGen - http://alchemyweb.city.newport-beach.ca.us/alchemyweb/Components/AuGen.cab
    O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241977485406
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1263229849185
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {6F83F815-49D0-46BB-A81C-A9D18C33A0E7} (D8_Loader.Class) - http://172.60.0.12/cab/Dibos80.CAB
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://archimedes.iqbackoffice.com/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{829ADF34-C6FE-4699-9E7C-AD193670D50E}: NameServer = 4.2.2.2,4.2.2.3
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
    O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
    --
    End of file - 10317 bytes
    ___________________________________________________________________________________________________________________________________
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 12:10:10 on 2012-03-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.370 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    svchost.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files\internet explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mURLSearchHooks: H - No File
    BHO: AutorunsDisabled - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [KADxMain] c:\windows\system32\KADxMain.exe
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: adp.com
    DPF: AuGen - hxxp://alchemyweb.city.newport-beach.ca.us/alchemyweb/Components/AuGen.cab
    DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241977485406
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263229849185
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {6F83F815-49D0-46BB-A81C-A9D18C33A0E7} - hxxp://172.60.0.12/cab/Dibos80.CAB
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxps://archimedes.iqbackoffice.com/viewer/activeXViewer/activexviewer.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{28A3F7B0-4E1E-40FD-B777-9866CBC8FBD3} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{829ADF34-C6FE-4699-9E7C-AD193670D50E} : NameServer = 4.2.2.2,4.2.2.3
    TCP: Interfaces\{CA4CE1AC-691F-4916-AE5B-5A095DD53557} : DhcpNameServer = 172.60.1.1 4.2.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2010-5-2 14416]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [2010-5-2 44344]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
    S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\ptdcwwan.sys --> c:\windows\system32\drivers\PTDCWWAN.sys [?]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-04 19:23:58 -------- d-sha-r- C:\cmdcons
    2012-03-04 19:21:28 98816 ----a-w- c:\windows\sed.exe
    2012-03-04 19:21:28 518144 ----a-w- c:\windows\SWREG.exe
    2012-03-04 19:21:28 256000 ----a-w- c:\windows\PEV.exe
    2012-03-04 19:21:28 208896 ----a-w- c:\windows\MBR.exe
    2012-03-04 14:35:05 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search
    2012-03-03 19:26:08 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2012-03-03 19:25:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-03 19:25:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-03-03 19:25:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-16 04:37:01 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-16 04:37:01 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    .
    ==================== Find3M ====================
    .
    2012-02-23 04:12:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 12:11:35.59 ===============
    __________________________________________________________________________________________________________________________________

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-04 14:25:00
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e TOSHIBA_MK8046GSX rev.LB312D
    Running: 5t3y4prv.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtdrpog.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA1581F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA1581FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA1582080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA158211C]
    ---- Kernel code sections - GMER 1.0.15 ----
    .text atapi.sys F72FB852 1 Byte [CC] {INT 3 }
    ? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device A0147D20
    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Threads - GMER 1.0.15 ----
    Thread System [4:120] 86E5039F
    Thread System [4:308] 86EC50F4
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SOFTWARE\Classes\CLSID\{E56B6967-B543-B43F-744A-AFC934B96C5D}\InProcServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E56B6967-B543-B43F-744A-AFC934B96C5D}\InProcServer32@kaogboccbdlhjplomolajj 0x62 0x61 0x6F 0x6E ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E56B6967-B543-B43F-744A-AFC934B96C5D}\InProcServer32@jaogmncidjgijoffhelk 0x63 0x61 0x68 0x6E ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E56B6967-B543-B43F-744A-AFC934B96C5D}\InProcServer32@iaogkcmmogijejpief 0x69 0x61 0x61 0x6D ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E56B6967-B543-B43F-744A-AFC934B96C5D}\InProcServer32@kaognnbihelaokaccfinkc 0x63 0x61 0x6B 0x6E ...
    ---- EOF - GMER 1.0.15 ----


    Any help would be very much appreciated.
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1043865