Computer found malware and trojans

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
J

jbyrd117

Thread Starter
Joined
Apr 2, 2010
Messages
3
So my computer was acting a little weird the other day and we had one of those stupid fake antivirus things keep coming up and I knew it was fake so I have been using malwarebytes anti-malware and avg antivirus free to remove malware and viruses. avg found 3 generic trojans also. originally our browsers would go to a google.de, which is a different language google and it was very frustrating. gmail also wouldn't load. when i ran hijackthis it wouldn't let me access the hosts file and when i followed it's instructions on how to access it, it wouldn't let me save the hosts file.

here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:56:04 PM, on 4/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 84.19.171.6 google.co.uk
O1 - Hosts: 84.19.171.6 www.google.co.uk
O1 - Hosts: 84.19.171.6 google.co.za
O1 - Hosts: 84.19.171.6 www.google.co.za
O1 - Hosts: 84.19.171.6 www.google-analytics.com
O1 - Hosts: 84.19.171.6 www.bing.com
O1 - Hosts: 84.19.171.6 search.yahoo.com
O1 - Hosts: 84.19.171.6 www.search.yahoo.com
O1 - Hosts: 84.19.171.6 uk.search.yahoo.com
O1 - Hosts: 84.19.171.6 ca.search.yahoo.com
O1 - Hosts: 84.19.171.6 de.search.yahoo.com
O1 - Hosts: 84.19.171.6 fr.search.yahoo.com
O1 - Hosts: 84.19.171.6 au.search.yahoo.com
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217804898662
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite for Autodesk VIZ 2008 (mi-raysat_VIZ2008_32) - Unknown owner - C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9065 bytes



thanks for the help, i appreciate it!
 
CatByte

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.



  • [*]Disable any script blocking protection

    [*] Double click dds.pif to run the tool.

    [*]When done, two DDS.txt's will open.

    [*]Save both reports to your desktop.


---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT



Download GMER Rootkit Scanner from here or here.



  • [*] Extract the contents of the zipped file to desktop.

    [*] Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .

    [*] If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it


    [*] In the right panel, you will see several boxes that have been checked. Uncheck the following ...


    • [*] Sections

      [*] IAT/EAT

      [*] Drives/Partition other than Systemdrive (typically C:\)

      [*] Show All (don't miss this one)




    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.


    [*]Save it where you can easily find it, such as your desktop, and post it in your next reply.




**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 
J

jbyrd117

Thread Starter
Joined
Apr 2, 2010
Messages
3
DDS.txt contents:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 15:58:47.67 on Mon 04/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1415 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [HDDHealth] c:\program files\hdd health\HDDHealth.exe -wl
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217804898662
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 84.19.171.6 google.co.uk
Hosts: 84.19.171.6 www.google.co.uk
Hosts: 84.19.171.6 google.co.za
Hosts: 84.19.171.6 www.google.co.za
Hosts: 84.19.171.6 www.google-analytics.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\wtf6f75z.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\wtf6f75z.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-3 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-3 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-3 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-28 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-28 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-30 112592]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-20 303952]
R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;c:\program files\autodesk\viz2008\mentalray\satellite\raysat_VIZ2008_32server.exe [2007-3-7 65536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-20 20824]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-19 28672]
S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2008-12-1 153760]
S3 SASENUM;SASENUM;\??\c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-04-02 17:22:45 0 d-sha-r- C:\cmdcons
2010-04-02 17:21:06 98816 ----a-w- c:\windows\sed.exe
2010-04-02 17:21:06 77312 ----a-w- c:\windows\MBR.exe
2010-04-02 17:21:06 261632 ----a-w- c:\windows\PEV.exe
2010-04-02 17:21:06 161792 ----a-w- c:\windows\SWREG.exe
2010-04-02 16:40:15 900015 ----a-w- c:\windows\system32\TmpA78761765
2010-04-02 16:38:09 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-04-02 16:32:39 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-03-31 03:15:47 882 ----a-w- c:\windows\RegSDImport.xml
2010-03-31 03:15:47 880 ----a-w- c:\windows\RegISSImport.xml
2010-03-31 03:15:47 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-31 03:15:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-31 03:15:47 131 ----a-w- c:\windows\IDB.zip
2010-03-31 03:15:47 1152444 ----a-w- c:\windows\UDB.zip
2010-03-31 03:15:46 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-31 03:15:46 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-03-31 03:10:32 0 d-----w- c:\program files\Spyware Doctor
2010-03-30 12:35:18 0 d-----w- c:\program files\TrendMicro
2010-03-30 12:13:48 0 d-----w- c:\windows\pss
2010-03-29 16:04:08 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SGMDAD
2010-03-29 16:03:43 0 d-sh--w- c:\docume~1\alluse~1\applic~1\09ca7c8
2010-03-28 18:08:51 0 d-----w- C:\$AVG
2010-03-28 18:04:19 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-08 19:10:46 0 d-----w- c:\program files\MPC HomeCinema
2010-03-08 19:00:05 0 d-----w- c:\program files\Image Grabber II

==================== Find3M ====================

2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 18:08:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-28 18:08:26 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-28 18:08:22 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-28 22:35:10 117520 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll
2010-01-07 19:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 19:38:10 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2009-03-02 22:41:24 56 --sh--r- c:\windows\system32\4585B20F6B.sys
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-03-05 00:27:58 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

============= FINISH: 15:59:39.01 ===============


attach.txt contents:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2008 6:43:24 PM
System Uptime: 4/4/2010 11:27:36 AM (28 hours ago)

Motherboard: Dell Computer Corp. | | 0DH513
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 35.522 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP671: 1/6/2010 7:16:31 PM - System Checkpoint
RP672: 1/7/2010 7:34:33 PM - System Checkpoint
RP673: 1/8/2010 8:33:26 PM - System Checkpoint
RP674: 1/9/2010 8:33:57 PM - System Checkpoint
RP675: 1/10/2010 9:05:23 PM - System Checkpoint
RP676: 1/11/2010 9:48:32 PM - System Checkpoint
RP677: 1/12/2010 10:48:20 PM - System Checkpoint
RP678: 1/13/2010 11:00:17 AM - Software Distribution Service 3.0
RP679: 1/14/2010 11:24:24 AM - System Checkpoint
RP680: 1/15/2010 11:25:27 AM - System Checkpoint
RP681: 1/16/2010 12:25:35 PM - System Checkpoint
RP682: 1/17/2010 1:48:33 PM - System Checkpoint
RP683: 1/18/2010 2:25:26 PM - System Checkpoint
RP684: 1/19/2010 3:24:15 PM - System Checkpoint
RP685: 1/20/2010 11:00:19 AM - Software Distribution Service 3.0
RP686: 1/21/2010 11:28:12 AM - System Checkpoint
RP687: 1/22/2010 11:00:17 AM - Software Distribution Service 3.0
RP688: 1/23/2010 1:23:12 PM - System Checkpoint
RP689: 1/24/2010 2:57:26 PM - System Checkpoint
RP690: 1/25/2010 3:21:48 PM - System Checkpoint
RP691: 1/26/2010 4:45:01 PM - System Checkpoint
RP692: 1/27/2010 5:02:41 PM - System Checkpoint
RP693: 1/28/2010 5:17:14 PM - System Checkpoint
RP694: 1/29/2010 5:26:56 PM - System Checkpoint
RP695: 1/30/2010 6:24:24 PM - System Checkpoint
RP696: 1/31/2010 7:25:35 PM - System Checkpoint
RP697: 2/1/2010 8:24:28 PM - System Checkpoint
RP698: 2/2/2010 9:35:29 PM - System Checkpoint
RP699: 2/3/2010 8:37:57 AM - Avg8 Update
RP700: 2/4/2010 12:49:11 PM - System Checkpoint
RP701: 2/5/2010 1:32:13 PM - System Checkpoint
RP702: 2/6/2010 2:33:15 PM - System Checkpoint
RP703: 2/7/2010 4:44:45 PM - System Checkpoint
RP704: 2/8/2010 5:33:15 PM - System Checkpoint
RP705: 2/9/2010 6:55:36 PM - System Checkpoint
RP706: 2/10/2010 11:00:17 AM - Software Distribution Service 3.0
RP707: 2/11/2010 11:27:01 AM - System Checkpoint
RP708: 2/12/2010 12:27:01 PM - System Checkpoint
RP709: 2/12/2010 6:10:10 PM - Installed LG USB Modem driver
RP710: 2/13/2010 6:26:57 PM - System Checkpoint
RP711: 2/14/2010 7:08:20 PM - System Checkpoint
RP712: 2/15/2010 7:26:56 PM - System Checkpoint
RP713: 2/16/2010 7:28:00 PM - System Checkpoint
RP714: 2/17/2010 8:11:14 PM - System Checkpoint
RP715: 2/18/2010 9:11:19 PM - System Checkpoint
RP716: 2/19/2010 9:57:41 PM - System Checkpoint
RP717: 2/20/2010 10:11:17 PM - System Checkpoint
RP718: 2/22/2010 9:36:49 AM - System Checkpoint
RP719: 2/23/2010 10:33:33 AM - System Checkpoint
RP720: 2/24/2010 11:00:17 AM - Software Distribution Service 3.0
RP721: 2/25/2010 11:22:49 AM - System Checkpoint
RP722: 2/26/2010 11:39:27 AM - System Checkpoint
RP723: 2/27/2010 11:10:21 AM - Software Distribution Service 3.0
RP724: 2/28/2010 11:22:52 AM - System Checkpoint
RP725: 3/1/2010 11:27:23 AM - System Checkpoint
RP726: 3/2/2010 12:27:22 PM - System Checkpoint
RP727: 3/2/2010 11:13:34 PM - Software Distribution Service 3.0
RP728: 3/4/2010 12:07:55 AM - System Checkpoint
RP729: 3/5/2010 10:18:05 AM - TrueCrypt uninstallation
RP730: 3/6/2010 10:28:34 AM - System Checkpoint
RP731: 3/7/2010 11:28:28 AM - System Checkpoint
RP732: 3/8/2010 12:28:30 PM - System Checkpoint
RP733: 3/9/2010 9:39:45 AM - Avg8 Update
RP734: 3/10/2010 11:41:17 AM - System Checkpoint
RP735: 3/10/2010 11:16:23 PM - Software Distribution Service 3.0
RP736: 3/11/2010 11:38:02 PM - System Checkpoint
RP737: 3/13/2010 12:23:45 AM - System Checkpoint
RP738: 3/14/2010 2:23:40 AM - System Checkpoint
RP739: 3/15/2010 3:23:41 AM - System Checkpoint
RP740: 3/16/2010 4:23:40 AM - System Checkpoint
RP741: 3/17/2010 5:23:41 AM - System Checkpoint
RP742: 3/18/2010 6:23:45 AM - System Checkpoint
RP743: 3/19/2010 7:23:41 AM - System Checkpoint
RP744: 3/19/2010 8:34:12 AM - Avg8 Update
RP745: 3/19/2010 8:35:09 AM - Avg8 Update
RP746: 3/20/2010 11:02:34 AM - System Checkpoint
RP747: 3/21/2010 11:52:46 AM - System Checkpoint
RP748: 3/22/2010 11:55:24 AM - System Checkpoint
RP749: 3/23/2010 12:55:32 PM - System Checkpoint
RP750: 3/24/2010 12:56:32 PM - System Checkpoint
RP751: 3/25/2010 1:13:49 PM - System Checkpoint
RP752: 3/26/2010 1:26:52 PM - System Checkpoint
RP753: 3/27/2010 1:38:17 PM - System Checkpoint
RP754: 3/28/2010 1:09:46 PM - Removed Opera 10.10.
RP755: 3/28/2010 1:10:01 PM - Installed Opera 10.51.
RP756: 3/28/2010 2:03:55 PM - Installed AVG Free 9.0
RP757: 3/29/2010 2:21:11 PM - System Checkpoint
RP758: 3/30/2010 8:35:10 AM - Installed HiJackThis
RP759: 3/30/2010 11:26:51 PM - Spyware Doctor: Cleaning Threats
RP760: 4/1/2010 12:26:54 AM - System Checkpoint
RP761: 4/2/2010 1:17:31 AM - System Checkpoint
RP762: 4/2/2010 12:37:39 PM - Software Distribution Service 3.0
RP763: 4/3/2010 12:59:43 PM - System Checkpoint
RP764: 4/4/2010 1:11:23 PM - System Checkpoint
RP765: 4/5/2010 1:13:53 PM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 84.19.171.6 google.co.uk
Hosts: 84.19.171.6 www.google.co.uk
Hosts: 84.19.171.6 google.co.za
Hosts: 84.19.171.6 www.google.co.za
Hosts: 84.19.171.6 www.google-analytics.com
Hosts: 84.19.171.6 www.bing.com
Hosts: 84.19.171.6 search.yahoo.com
Hosts: 84.19.171.6 www.search.yahoo.com
Hosts: 84.19.171.6 uk.search.yahoo.com
Hosts: 84.19.171.6 ca.search.yahoo.com
Hosts: 84.19.171.6 de.search.yahoo.com
Hosts: 84.19.171.6 fr.search.yahoo.com
Hosts: 84.19.171.6 au.search.yahoo.com

==== Installed Programs ======================

2G Themer
7-Zip 4.65
ACID Pro 7.0
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.2 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 6
All in One v2
AoA MP4 Patch 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Autodesk DWF Viewer 7
Autodesk VIZ 2008
AVG Free 9.0
AviSynth 2.5
Backburner
BitPim 1.0.7
Bonjour
BookSmart&#8482; 1.9.9 1.9.9
Broadcom 440x 10/100 Integrated Controller
Browser Defender 2.0.6.11
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Dell AIO Printer A920
DiscJuggler
DiskAid 2.56
DVC80
Dynex mini card reader
Easy Video Joiner 5.21
Exact Audio Copy 0.99pb4
FBX Plugin 2006.11.1 for Viz 2008
FLAC 1.2.1b (remove only)
Font Xplorer 1.2.2
foobar2000 v0.9.5.5
Freez 3GP Video Converter 2.0
Google SketchUp 7
HDD Health v3.3 Beta
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
IDX Renditioner Express Free
Image Grabber II
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections Drivers
ISO Recorder
iTunes
iZotope iDrum
iZotope iDrum Factory Content
Java(TM) 6 Update 14
Java(TM) 6 Update 4
Java(TM) 6 Update 7
LG USB Modem driver
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft VC9 runtime libraries
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WinUsb 1.0
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Game Studio 3.0
Microsoft XNA Game Studio 3.0 (ARP entry)
Microsoft XNA Game Studio 3.0 (Platformer)
Microsoft XNA Game Studio 3.0 (Redists)
Microsoft XNA Game Studio 3.0 (Shared Components)
Microsoft XNA Game Studio 3.0 (VCSExpress)
Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
Microsoft XNA Game Studio 3.0 Documentation
Microsoft XNA Game Studio Platform Tools
mIRC
Mozilla Firefox (3.6.3)
Mp3tag v2.45a
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nintendo Wi-Fi USB Connector Registration Tool
OpenOffice.org 2.4
Opera 10.51
Opera 9.64
PDF Settings
QuickFreedom 1.2.0
QuickTime
Revo Uninstaller 1.83
RGSS-RTP Standard
RPGXP
Seagate Manager Installer
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SoundMAX
SQL Server System CLR Types
SUPER © Version 2007.bld.22 (Mar 14, 2007)
Switch Sound File Converter
Tweak UI
UnrealEngine2 Runtime
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Vault 2008 Plug-In for Autodesk VIZ 2008
Vault 5 Plug-In for Autodesk VIZ 2008
Vertus Fluid Mask 3 3.0.10
VideoLAN VLC media player 0.8.6i
Videora iPod touch Converter 4.07
Vuze
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.2.1 beta
ZBrush3
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== Event Viewer Messages From Past Week ========

4/2/2010 1:38:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
4/2/2010 1:35:57 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
4/2/2010 1:28:16 PM, error: Service Control Manager [7034] - The mental ray 3.5 Satellite for Autodesk VIZ 2008 service terminated unexpectedly. It has done this 1 time(s).
4/2/2010 1:28:16 PM, error: Service Control Manager [7034] - The Autodesk Licensing Service service terminated unexpectedly. It has done this 1 time(s).
4/2/2010 1:22:27 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
4/2/2010 1:21:49 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/2/2010 1:20:22 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).
4/2/2010 1:20:07 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/2/2010 1:20:04 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
3/30/2010 8:35:52 AM, error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: The system cannot find the file specified.
3/30/2010 8:04:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
3/30/2010 3:05:18 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
3/29/2010 6:23:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free WatchDog service to connect.
3/29/2010 6:23:11 PM, error: Service Control Manager [7001] - The AVG Free E-mail Scanner service depends on the AVG Free WatchDog service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/29/2010 6:23:11 PM, error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================




Gmer.txt contents:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-06 15:56:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgwyqkoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
 
CatByte

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

I see ComboFix has been run on your system, could you please post the log(s)

It can be found at C:\ComboFix.txt

Older logs (if run more than once)

can be found at

c:\qoobox\comboFix2.txt,
c:\qoobox\comboFix3.txt, etc.
 
CatByte

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Your machine still shows signs of infection, however you have not replied to this topic in over 6 days, therefore I am unsubscribing from this topic, If you still require my assistance then please sent me a PM or start a new topic

thank-you
 
J

jbyrd117

Thread Starter
Joined
Apr 2, 2010
Messages
3
combofix:


ComboFix 10-03-29.04 - Owner 04/02/2010 13:28:30.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1454 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\3gpcore.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 16:38 . 2010-04-02 16:38 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-04-02 16:32 . 2010-04-02 16:32 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2010-03-31 03:15 . 2009-11-10 14:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-31 03:15 . 2009-11-10 14:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-31 03:15 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-31 03:15 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-31 03:15 . 2009-11-10 14:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-31 03:15 . 2009-11-10 14:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-03-31 03:10 . 2010-03-31 15:22 -------- d-----w- c:\program files\Spyware Doctor
2010-03-30 23:20 . 2010-03-30 23:20 -------- d-sh--w- c:\documents and settings\Magellan\PrivacIE
2010-03-30 12:35 . 2010-03-30 12:35 -------- d-----w- c:\program files\TrendMicro
2010-03-29 20:55 . 2010-03-29 20:55 -------- d-----w- c:\documents and settings\iTunes\Application Data\Malwarebytes
2010-03-29 16:04 . 2010-03-29 16:04 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGMDAD
2010-03-29 16:03 . 2010-03-30 13:05 -------- d-sh--w- c:\documents and settings\All Users\Application Data\09ca7c8
2010-03-28 18:08 . 2010-03-28 18:08 -------- d-----w- C:\$AVG
2010-03-28 18:04 . 2010-03-28 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-08 19:10 . 2010-03-08 19:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-03-08 19:10 . 2010-03-08 19:10 -------- d-----w- c:\program files\MPC HomeCinema
2010-03-08 19:00 . 2010-03-08 19:00 -------- d-----w- c:\program files\Image Grabber II

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 17:39 . 2008-08-04 04:44 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2010-04-02 17:37 . 2009-02-24 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-02 16:41 . 2009-11-04 19:47 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-04-02 15:53 . 2008-08-22 23:57 -------- d-----w- c:\documents and settings\Magellan\Application Data\OpenOffice.org2
2010-04-01 19:56 . 2009-02-10 18:22 -------- d-----w- c:\documents and settings\iTunes\Application Data\OpenOffice.org2
2010-04-01 10:14 . 2008-08-21 19:59 -------- d-----w- c:\documents and settings\Mom & Dad\Application Data\OpenOffice.org2
2010-03-31 14:50 . 2008-08-04 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-03-31 03:07 . 2008-08-06 02:32 -------- d-----w- c:\documents and settings\Magellan\Application Data\Azureus
2010-03-30 12:29 . 2009-06-20 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 04:46 . 2009-06-20 04:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-06-20 04:10 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 03:06 . 2009-08-12 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
2010-03-29 03:06 . 2009-08-12 01:24 -------- d-----w- c:\program files\mIRC
2010-03-28 18:08 . 2008-08-04 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-28 18:08 . 2008-08-04 01:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-28 18:08 . 2008-08-04 01:42 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-28 18:08 . 2008-08-04 01:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-28 18:08 . 2008-08-04 01:42 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-28 18:04 . 2008-08-04 01:42 -------- d-----w- c:\program files\AVG
2010-03-28 17:10 . 2008-08-04 02:30 -------- d-----w- c:\program files\Opera
2010-03-20 00:08 . 2009-05-24 21:02 -------- d-----w- c:\program files\LIVEUPDATE
2010-03-08 20:12 . 2008-08-27 06:43 195112 ----a-w- c:\documents and settings\iTunes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-05 15:18 . 2008-08-10 20:20 -------- d-----w- c:\program files\Mp3tag
2010-03-04 19:50 . 2008-08-06 02:32 195112 ----a-w- c:\documents and settings\Magellan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-28 22:35 . 2009-12-19 01:49 117520 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-28 22:34 . 2008-08-26 20:05 195112 ----a-w- c:\documents and settings\Mom & Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-27 17:23 . 2008-08-05 01:51 195576 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-27 16:24 . 2009-09-22 19:28 -------- d-----w- c:\program files\Zune
2010-02-26 18:10 . 2010-02-26 17:49 -------- d-----w- c:\program files\Font Xplorer
2010-02-25 06:24 . 2007-08-22 12:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 22:50 . 2008-08-27 02:04 -------- d-----w- c:\documents and settings\iTunes\Application Data\Apple Computer
2010-02-24 04:00 . 2010-02-24 04:00 -------- d-----w- c:\documents and settings\iTunes\Application Data\NCH Swift Sound
2010-02-21 04:32 . 2008-08-04 21:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-18 22:37 . 2008-08-05 14:49 -------- d-----w- c:\documents and settings\Magellan\Application Data\Apple Computer
2010-02-12 23:10 . 2009-12-24 20:51 -------- d-----w- c:\program files\BitPim
2010-02-12 23:10 . 2010-02-12 23:10 -------- d-----w- c:\program files\LG Electronics
2010-02-12 23:10 . 2008-08-03 23:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-03 22:12 . 2010-02-03 22:12 -------- d-----w- c:\program files\Smallvideosoft
2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 19:38 . 2010-01-07 19:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-01-07 19:22 . 2009-09-02 04:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
2009-03-02 22:41 . 2009-03-02 22:41 56 --sh--r- c:\windows\system32\4585B20F6B.sys
2006-05-03 09:06 . 2008-08-11 04:30 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-03-05 00:27 . 2009-03-02 22:41 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2008-08-11 04:30 31232 --sh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]

c:\documents and settings\iTunes\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\Magellan\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-28 18:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 16:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\VIZ2008\\3dsviz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/3/2008 9:42 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/3/2008 9:42 PM 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/28/2010 2:06 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/28/2010 2:06 PM 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/30/2010 11:15 PM 112592]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 3:35 PM 181544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/20/2009 12:10 AM 303952]
R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;c:\program files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [3/7/2007 4:32 PM 65536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/20/2009 12:10 AM 20824]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [6/19/2009 3:27 PM 28672]
S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [12/1/2008 3:22 PM 153760]
S3 SASENUM;SASENUM;\??\c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf6f75z.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf6f75z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 13:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h&#8211;&#8364;|ÿÿÿÿ¤&#8226;&#8364;|ù&#8226;A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-02 13:50:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 17:50

Pre-Run: 35,291,054,080 bytes free
Post-Run: 36,529,516,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 40561D185F8B3C3904B1D843A4345059
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 348 (members: 4, guests: 344)
Top