1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer found malware and trojans

Discussion in 'Virus & Other Malware Removal' started by jbyrd117, Apr 2, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. jbyrd117

    jbyrd117 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    3
    So my computer was acting a little weird the other day and we had one of those stupid fake antivirus things keep coming up and I knew it was fake so I have been using malwarebytes anti-malware and avg antivirus free to remove malware and viruses. avg found 3 generic trojans also. originally our browsers would go to a google.de, which is a different language google and it was very frustrating. gmail also wouldn't load. when i ran hijackthis it wouldn't let me access the hosts file and when i followed it's instructions on how to access it, it wouldn't let me save the hosts file.

    here is my hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 12:56:04 PM, on 4/2/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\HDD Health\HDDHealth.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: 84.19.171.6 google.co.uk
    O1 - Hosts: 84.19.171.6 www.google.co.uk
    O1 - Hosts: 84.19.171.6 google.co.za
    O1 - Hosts: 84.19.171.6 www.google.co.za
    O1 - Hosts: 84.19.171.6 www.google-analytics.com
    O1 - Hosts: 84.19.171.6 www.bing.com
    O1 - Hosts: 84.19.171.6 search.yahoo.com
    O1 - Hosts: 84.19.171.6 www.search.yahoo.com
    O1 - Hosts: 84.19.171.6 uk.search.yahoo.com
    O1 - Hosts: 84.19.171.6 ca.search.yahoo.com
    O1 - Hosts: 84.19.171.6 de.search.yahoo.com
    O1 - Hosts: 84.19.171.6 fr.search.yahoo.com
    O1 - Hosts: 84.19.171.6 au.search.yahoo.com
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217804898662
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: mental ray 3.5 Satellite for Autodesk VIZ 2008 (mi-raysat_VIZ2008_32) - Unknown owner - C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 9065 bytes



    thanks for the help, i appreciate it!
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.



    • [*]Disable any script blocking protection

      [*] Double click dds.pif to run the tool.

      [*]When done, two DDS.txt's will open.

      [*]Save both reports to your desktop.

    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    [​IMG]
    Download GMER Rootkit Scanner from here or here.



    • [*] Extract the contents of the zipped file to desktop.

      [*] Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .

      [*] If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

      [​IMG]
      Click the image to enlarge it


      [*] In the right panel, you will see several boxes that have been checked. Uncheck the following ...


      • [*] Sections

        [*] IAT/EAT

        [*] Drives/Partition other than Systemdrive (typically C:\)

        [*] Show All (don't miss this one)



      [*] Then click the Scan button & wait for it to finish.

      [*] Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.


      [*]Save it where you can easily find it, such as your desktop, and post it in your next reply.



    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  3. jbyrd117

    jbyrd117 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    3
    DDS.txt contents:



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 15:58:47.67 on Mon 04/05/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1415 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\HDD Health\HDDHealth.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\dds.pif

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [HDDHealth] c:\program files\hdd health\HDDHealth.exe -wl
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
    mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217804898662
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 84.19.171.6 google.co.uk
    Hosts: 84.19.171.6 www.google.co.uk
    Hosts: 84.19.171.6 google.co.za
    Hosts: 84.19.171.6 www.google.co.za
    Hosts: 84.19.171.6 www.google-analytics.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\wtf6f75z.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\wtf6f75z.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-3 216200]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-3 29512]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-3 242696]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-28 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-28 308064]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-30 112592]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-20 303952]
    R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;c:\program files\autodesk\viz2008\mentalray\satellite\raysat_VIZ2008_32server.exe [2007-3-7 65536]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-20 20824]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-19 28672]
    S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2008-12-1 153760]
    S3 SASENUM;SASENUM;\??\c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\mom&da~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]

    =============== Created Last 30 ================

    2010-04-02 17:22:45 0 d-sha-r- C:\cmdcons
    2010-04-02 17:21:06 98816 ----a-w- c:\windows\sed.exe
    2010-04-02 17:21:06 77312 ----a-w- c:\windows\MBR.exe
    2010-04-02 17:21:06 261632 ----a-w- c:\windows\PEV.exe
    2010-04-02 17:21:06 161792 ----a-w- c:\windows\SWREG.exe
    2010-04-02 16:40:15 900015 ----a-w- c:\windows\system32\TmpA78761765
    2010-04-02 16:38:09 0 d-sh--w- c:\documents and settings\owner\IECompatCache
    2010-04-02 16:32:39 0 d-sh--w- c:\documents and settings\owner\PrivacIE
    2010-03-31 03:15:47 882 ----a-w- c:\windows\RegSDImport.xml
    2010-03-31 03:15:47 880 ----a-w- c:\windows\RegISSImport.xml
    2010-03-31 03:15:47 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-03-31 03:15:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-03-31 03:15:47 131 ----a-w- c:\windows\IDB.zip
    2010-03-31 03:15:47 1152444 ----a-w- c:\windows\UDB.zip
    2010-03-31 03:15:46 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-03-31 03:15:46 1640400 ----a-w- c:\windows\PCTBDCore.dll
    2010-03-31 03:10:32 0 d-----w- c:\program files\Spyware Doctor
    2010-03-30 12:35:18 0 d-----w- c:\program files\TrendMicro
    2010-03-30 12:13:48 0 d-----w- c:\windows\pss
    2010-03-29 16:04:08 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SGMDAD
    2010-03-29 16:03:43 0 d-sh--w- c:\docume~1\alluse~1\applic~1\09ca7c8
    2010-03-28 18:08:51 0 d-----w- C:\$AVG
    2010-03-28 18:04:19 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-03-08 19:10:46 0 d-----w- c:\program files\MPC HomeCinema
    2010-03-08 19:00:05 0 d-----w- c:\program files\Image Grabber II

    ==================== Find3M ====================

    2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-28 18:08:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-28 18:08:26 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-28 18:08:22 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-02-28 22:35:10 117520 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll
    2010-01-07 19:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-01-07 19:38:10 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2009-03-02 22:41:24 56 --sh--r- c:\windows\system32\4585B20F6B.sys
    2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2009-03-05 00:27:58 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

    ============= FINISH: 15:59:39.01 ===============


    attach.txt contents:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/3/2008 6:43:24 PM
    System Uptime: 4/4/2010 11:27:36 AM (28 hours ago)

    Motherboard: Dell Computer Corp. | | 0DH513
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 186 GiB total, 35.522 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP671: 1/6/2010 7:16:31 PM - System Checkpoint
    RP672: 1/7/2010 7:34:33 PM - System Checkpoint
    RP673: 1/8/2010 8:33:26 PM - System Checkpoint
    RP674: 1/9/2010 8:33:57 PM - System Checkpoint
    RP675: 1/10/2010 9:05:23 PM - System Checkpoint
    RP676: 1/11/2010 9:48:32 PM - System Checkpoint
    RP677: 1/12/2010 10:48:20 PM - System Checkpoint
    RP678: 1/13/2010 11:00:17 AM - Software Distribution Service 3.0
    RP679: 1/14/2010 11:24:24 AM - System Checkpoint
    RP680: 1/15/2010 11:25:27 AM - System Checkpoint
    RP681: 1/16/2010 12:25:35 PM - System Checkpoint
    RP682: 1/17/2010 1:48:33 PM - System Checkpoint
    RP683: 1/18/2010 2:25:26 PM - System Checkpoint
    RP684: 1/19/2010 3:24:15 PM - System Checkpoint
    RP685: 1/20/2010 11:00:19 AM - Software Distribution Service 3.0
    RP686: 1/21/2010 11:28:12 AM - System Checkpoint
    RP687: 1/22/2010 11:00:17 AM - Software Distribution Service 3.0
    RP688: 1/23/2010 1:23:12 PM - System Checkpoint
    RP689: 1/24/2010 2:57:26 PM - System Checkpoint
    RP690: 1/25/2010 3:21:48 PM - System Checkpoint
    RP691: 1/26/2010 4:45:01 PM - System Checkpoint
    RP692: 1/27/2010 5:02:41 PM - System Checkpoint
    RP693: 1/28/2010 5:17:14 PM - System Checkpoint
    RP694: 1/29/2010 5:26:56 PM - System Checkpoint
    RP695: 1/30/2010 6:24:24 PM - System Checkpoint
    RP696: 1/31/2010 7:25:35 PM - System Checkpoint
    RP697: 2/1/2010 8:24:28 PM - System Checkpoint
    RP698: 2/2/2010 9:35:29 PM - System Checkpoint
    RP699: 2/3/2010 8:37:57 AM - Avg8 Update
    RP700: 2/4/2010 12:49:11 PM - System Checkpoint
    RP701: 2/5/2010 1:32:13 PM - System Checkpoint
    RP702: 2/6/2010 2:33:15 PM - System Checkpoint
    RP703: 2/7/2010 4:44:45 PM - System Checkpoint
    RP704: 2/8/2010 5:33:15 PM - System Checkpoint
    RP705: 2/9/2010 6:55:36 PM - System Checkpoint
    RP706: 2/10/2010 11:00:17 AM - Software Distribution Service 3.0
    RP707: 2/11/2010 11:27:01 AM - System Checkpoint
    RP708: 2/12/2010 12:27:01 PM - System Checkpoint
    RP709: 2/12/2010 6:10:10 PM - Installed LG USB Modem driver
    RP710: 2/13/2010 6:26:57 PM - System Checkpoint
    RP711: 2/14/2010 7:08:20 PM - System Checkpoint
    RP712: 2/15/2010 7:26:56 PM - System Checkpoint
    RP713: 2/16/2010 7:28:00 PM - System Checkpoint
    RP714: 2/17/2010 8:11:14 PM - System Checkpoint
    RP715: 2/18/2010 9:11:19 PM - System Checkpoint
    RP716: 2/19/2010 9:57:41 PM - System Checkpoint
    RP717: 2/20/2010 10:11:17 PM - System Checkpoint
    RP718: 2/22/2010 9:36:49 AM - System Checkpoint
    RP719: 2/23/2010 10:33:33 AM - System Checkpoint
    RP720: 2/24/2010 11:00:17 AM - Software Distribution Service 3.0
    RP721: 2/25/2010 11:22:49 AM - System Checkpoint
    RP722: 2/26/2010 11:39:27 AM - System Checkpoint
    RP723: 2/27/2010 11:10:21 AM - Software Distribution Service 3.0
    RP724: 2/28/2010 11:22:52 AM - System Checkpoint
    RP725: 3/1/2010 11:27:23 AM - System Checkpoint
    RP726: 3/2/2010 12:27:22 PM - System Checkpoint
    RP727: 3/2/2010 11:13:34 PM - Software Distribution Service 3.0
    RP728: 3/4/2010 12:07:55 AM - System Checkpoint
    RP729: 3/5/2010 10:18:05 AM - TrueCrypt uninstallation
    RP730: 3/6/2010 10:28:34 AM - System Checkpoint
    RP731: 3/7/2010 11:28:28 AM - System Checkpoint
    RP732: 3/8/2010 12:28:30 PM - System Checkpoint
    RP733: 3/9/2010 9:39:45 AM - Avg8 Update
    RP734: 3/10/2010 11:41:17 AM - System Checkpoint
    RP735: 3/10/2010 11:16:23 PM - Software Distribution Service 3.0
    RP736: 3/11/2010 11:38:02 PM - System Checkpoint
    RP737: 3/13/2010 12:23:45 AM - System Checkpoint
    RP738: 3/14/2010 2:23:40 AM - System Checkpoint
    RP739: 3/15/2010 3:23:41 AM - System Checkpoint
    RP740: 3/16/2010 4:23:40 AM - System Checkpoint
    RP741: 3/17/2010 5:23:41 AM - System Checkpoint
    RP742: 3/18/2010 6:23:45 AM - System Checkpoint
    RP743: 3/19/2010 7:23:41 AM - System Checkpoint
    RP744: 3/19/2010 8:34:12 AM - Avg8 Update
    RP745: 3/19/2010 8:35:09 AM - Avg8 Update
    RP746: 3/20/2010 11:02:34 AM - System Checkpoint
    RP747: 3/21/2010 11:52:46 AM - System Checkpoint
    RP748: 3/22/2010 11:55:24 AM - System Checkpoint
    RP749: 3/23/2010 12:55:32 PM - System Checkpoint
    RP750: 3/24/2010 12:56:32 PM - System Checkpoint
    RP751: 3/25/2010 1:13:49 PM - System Checkpoint
    RP752: 3/26/2010 1:26:52 PM - System Checkpoint
    RP753: 3/27/2010 1:38:17 PM - System Checkpoint
    RP754: 3/28/2010 1:09:46 PM - Removed Opera 10.10.
    RP755: 3/28/2010 1:10:01 PM - Installed Opera 10.51.
    RP756: 3/28/2010 2:03:55 PM - Installed AVG Free 9.0
    RP757: 3/29/2010 2:21:11 PM - System Checkpoint
    RP758: 3/30/2010 8:35:10 AM - Installed HiJackThis
    RP759: 3/30/2010 11:26:51 PM - Spyware Doctor: Cleaning Threats
    RP760: 4/1/2010 12:26:54 AM - System Checkpoint
    RP761: 4/2/2010 1:17:31 AM - System Checkpoint
    RP762: 4/2/2010 12:37:39 PM - Software Distribution Service 3.0
    RP763: 4/3/2010 12:59:43 PM - System Checkpoint
    RP764: 4/4/2010 1:11:23 PM - System Checkpoint
    RP765: 4/5/2010 1:13:53 PM - System Checkpoint

    ==== Hosts File Hijack ======================

    Hosts: 84.19.171.6 google.co.uk
    Hosts: 84.19.171.6 www.google.co.uk
    Hosts: 84.19.171.6 google.co.za
    Hosts: 84.19.171.6 www.google.co.za
    Hosts: 84.19.171.6 www.google-analytics.com
    Hosts: 84.19.171.6 www.bing.com
    Hosts: 84.19.171.6 search.yahoo.com
    Hosts: 84.19.171.6 www.search.yahoo.com
    Hosts: 84.19.171.6 uk.search.yahoo.com
    Hosts: 84.19.171.6 ca.search.yahoo.com
    Hosts: 84.19.171.6 de.search.yahoo.com
    Hosts: 84.19.171.6 fr.search.yahoo.com
    Hosts: 84.19.171.6 au.search.yahoo.com

    ==== Installed Programs ======================

    2G Themer
    7-Zip 4.65
    ACID Pro 7.0
    Acrobat.com
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.2 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe After Effects CS3 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Audition 3.0
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Download Manager
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 9
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AIM 6
    All in One v2
    AoA MP4 Patch 1.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    Autodesk DWF Viewer 7
    Autodesk VIZ 2008
    AVG Free 9.0
    AviSynth 2.5
    Backburner
    BitPim 1.0.7
    Bonjour
    BookSmart&#8482; 1.9.9 1.9.9
    Broadcom 440x 10/100 Integrated Controller
    Browser Defender 2.0.6.11
    CCleaner (remove only)
    Critical Update for Windows Media Player 11 (KB959772)
    Dell AIO Printer A920
    DiscJuggler
    DiskAid 2.56
    DVC80
    Dynex mini card reader
    Easy Video Joiner 5.21
    Exact Audio Copy 0.99pb4
    FBX Plugin 2006.11.1 for Viz 2008
    FLAC 1.2.1b (remove only)
    Font Xplorer 1.2.2
    foobar2000 v0.9.5.5
    Freez 3GP Video Converter 2.0
    Google SketchUp 7
    HDD Health v3.3 Beta
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    IDX Renditioner Express Free
    Image Grabber II
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) Network Connections Drivers
    ISO Recorder
    iTunes
    iZotope iDrum
    iZotope iDrum Factory Content
    Java(TM) 6 Update 14
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    LG USB Modem driver
    Malwarebytes' Anti-Malware
    Media Player Classic - Home Cinema v. 1.3.1249.0
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Silverlight
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft VC9 runtime libraries
    Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft WinUsb 1.0
    Microsoft XNA Framework Redistributable 3.0
    Microsoft XNA Game Studio 3.0
    Microsoft XNA Game Studio 3.0 (ARP entry)
    Microsoft XNA Game Studio 3.0 (Platformer)
    Microsoft XNA Game Studio 3.0 (Redists)
    Microsoft XNA Game Studio 3.0 (Shared Components)
    Microsoft XNA Game Studio 3.0 (VCSExpress)
    Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
    Microsoft XNA Game Studio 3.0 Documentation
    Microsoft XNA Game Studio Platform Tools
    mIRC
    Mozilla Firefox (3.6.3)
    Mp3tag v2.45a
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Nintendo Wi-Fi USB Connector Registration Tool
    OpenOffice.org 2.4
    Opera 10.51
    Opera 9.64
    PDF Settings
    QuickFreedom 1.2.0
    QuickTime
    Revo Uninstaller 1.83
    RGSS-RTP Standard
    RPGXP
    Seagate Manager Installer
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    SoundMAX
    SQL Server System CLR Types
    SUPER © Version 2007.bld.22 (Mar 14, 2007)
    Switch Sound File Converter
    Tweak UI
    UnrealEngine2 Runtime
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Vault 2008 Plug-In for Autodesk VIZ 2008
    Vault 5 Plug-In for Autodesk VIZ 2008
    Vertus Fluid Mask 3 3.0.10
    VideoLAN VLC media player 0.8.6i
    Videora iPod touch Converter 4.07
    Vuze
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live installer
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Movie Maker 2.0
    Windows XP Service Pack 3
    WinRAR archiver
    WinSCP 4.2.1 beta
    ZBrush3
    Zune
    Zune Language Pack (DE)
    Zune Language Pack (ES)
    Zune Language Pack (FR)
    Zune Language Pack (IT)

    ==== Event Viewer Messages From Past Week ========

    4/2/2010 1:38:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    4/2/2010 1:35:57 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
    4/2/2010 1:28:16 PM, error: Service Control Manager [7034] - The mental ray 3.5 Satellite for Autodesk VIZ 2008 service terminated unexpectedly. It has done this 1 time(s).
    4/2/2010 1:28:16 PM, error: Service Control Manager [7034] - The Autodesk Licensing Service service terminated unexpectedly. It has done this 1 time(s).
    4/2/2010 1:22:27 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    4/2/2010 1:21:49 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    4/2/2010 1:20:22 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).
    4/2/2010 1:20:07 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    4/2/2010 1:20:04 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
    3/30/2010 8:35:52 AM, error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: The system cannot find the file specified.
    3/30/2010 8:04:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    3/30/2010 3:05:18 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
    3/29/2010 6:23:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free WatchDog service to connect.
    3/29/2010 6:23:11 PM, error: Service Control Manager [7001] - The AVG Free E-mail Scanner service depends on the AVG Free WatchDog service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    3/29/2010 6:23:11 PM, error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================




    Gmer.txt contents:


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-04-06 15:56:31
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgwyqkoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    I see ComboFix has been run on your system, could you please post the log(s)

    It can be found at C:\ComboFix.txt

    Older logs (if run more than once)

    can be found at

    c:\qoobox\comboFix2.txt,
    c:\qoobox\comboFix3.txt, etc.
     
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Your machine still shows signs of infection, however you have not replied to this topic in over 6 days, therefore I am unsubscribing from this topic, If you still require my assistance then please sent me a PM or start a new topic

    thank-you
     
  6. jbyrd117

    jbyrd117 Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    3
    combofix:


    ComboFix 10-03-29.04 - Owner 04/02/2010 13:28:30.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1454 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\searchplugins\search.xml
    c:\program files\WinPCap
    c:\program files\WinPCap\daemon_mgm.exe
    c:\program files\WinPCap\INSTALL.LOG
    c:\program files\WinPCap\npf_mgm.exe
    c:\program files\WinPCap\rpcapd.exe
    c:\program files\WinPCap\Uninstall.exe
    c:\windows\system32\3gpcore.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
    .

    2010-04-02 16:38 . 2010-04-02 16:38 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
    2010-04-02 16:32 . 2010-04-02 16:32 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
    2010-03-31 03:15 . 2009-11-10 14:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-03-31 03:15 . 2009-11-10 14:26 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-03-31 03:15 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
    2010-03-31 03:15 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
    2010-03-31 03:15 . 2009-11-10 14:28 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-03-31 03:15 . 2009-11-10 14:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
    2010-03-31 03:10 . 2010-03-31 15:22 -------- d-----w- c:\program files\Spyware Doctor
    2010-03-30 23:20 . 2010-03-30 23:20 -------- d-sh--w- c:\documents and settings\Magellan\PrivacIE
    2010-03-30 12:35 . 2010-03-30 12:35 -------- d-----w- c:\program files\TrendMicro
    2010-03-29 20:55 . 2010-03-29 20:55 -------- d-----w- c:\documents and settings\iTunes\Application Data\Malwarebytes
    2010-03-29 16:04 . 2010-03-29 16:04 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGMDAD
    2010-03-29 16:03 . 2010-03-30 13:05 -------- d-sh--w- c:\documents and settings\All Users\Application Data\09ca7c8
    2010-03-28 18:08 . 2010-03-28 18:08 -------- d-----w- C:\$AVG
    2010-03-28 18:04 . 2010-03-28 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-03-08 19:10 . 2010-03-08 19:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
    2010-03-08 19:10 . 2010-03-08 19:10 -------- d-----w- c:\program files\MPC HomeCinema
    2010-03-08 19:00 . 2010-03-08 19:00 -------- d-----w- c:\program files\Image Grabber II

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-02 17:39 . 2008-08-04 04:44 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
    2010-04-02 17:37 . 2009-02-24 00:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-02 16:41 . 2009-11-04 19:47 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
    2010-04-02 15:53 . 2008-08-22 23:57 -------- d-----w- c:\documents and settings\Magellan\Application Data\OpenOffice.org2
    2010-04-01 19:56 . 2009-02-10 18:22 -------- d-----w- c:\documents and settings\iTunes\Application Data\OpenOffice.org2
    2010-04-01 10:14 . 2008-08-21 19:59 -------- d-----w- c:\documents and settings\Mom & Dad\Application Data\OpenOffice.org2
    2010-03-31 14:50 . 2008-08-04 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2010-03-31 03:07 . 2008-08-06 02:32 -------- d-----w- c:\documents and settings\Magellan\Application Data\Azureus
    2010-03-30 12:29 . 2009-06-20 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-30 04:46 . 2009-06-20 04:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-30 04:45 . 2009-06-20 04:10 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-29 03:06 . 2009-08-12 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
    2010-03-29 03:06 . 2009-08-12 01:24 -------- d-----w- c:\program files\mIRC
    2010-03-28 18:08 . 2008-08-04 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2010-03-28 18:08 . 2008-08-04 01:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-28 18:08 . 2008-08-04 01:42 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-28 18:08 . 2008-08-04 01:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-28 18:08 . 2008-08-04 01:42 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-28 18:04 . 2008-08-04 01:42 -------- d-----w- c:\program files\AVG
    2010-03-28 17:10 . 2008-08-04 02:30 -------- d-----w- c:\program files\Opera
    2010-03-20 00:08 . 2009-05-24 21:02 -------- d-----w- c:\program files\LIVEUPDATE
    2010-03-08 20:12 . 2008-08-27 06:43 195112 ----a-w- c:\documents and settings\iTunes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-05 15:18 . 2008-08-10 20:20 -------- d-----w- c:\program files\Mp3tag
    2010-03-04 19:50 . 2008-08-06 02:32 195112 ----a-w- c:\documents and settings\Magellan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-28 22:35 . 2009-12-19 01:49 117520 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-28 22:34 . 2008-08-26 20:05 195112 ----a-w- c:\documents and settings\Mom & Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-27 17:23 . 2008-08-05 01:51 195576 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-27 16:24 . 2009-09-22 19:28 -------- d-----w- c:\program files\Zune
    2010-02-26 18:10 . 2010-02-26 17:49 -------- d-----w- c:\program files\Font Xplorer
    2010-02-25 06:24 . 2007-08-22 12:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 22:50 . 2008-08-27 02:04 -------- d-----w- c:\documents and settings\iTunes\Application Data\Apple Computer
    2010-02-24 04:00 . 2010-02-24 04:00 -------- d-----w- c:\documents and settings\iTunes\Application Data\NCH Swift Sound
    2010-02-21 04:32 . 2008-08-04 21:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-18 22:37 . 2008-08-05 14:49 -------- d-----w- c:\documents and settings\Magellan\Application Data\Apple Computer
    2010-02-12 23:10 . 2009-12-24 20:51 -------- d-----w- c:\program files\BitPim
    2010-02-12 23:10 . 2010-02-12 23:10 -------- d-----w- c:\program files\LG Electronics
    2010-02-12 23:10 . 2008-08-03 23:06 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-03 22:12 . 2010-02-03 22:12 -------- d-----w- c:\program files\Smallvideosoft
    2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-01-07 19:38 . 2010-01-07 19:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-01-07 19:22 . 2009-09-02 04:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
    2009-03-02 22:41 . 2009-03-02 22:41 56 --sh--r- c:\windows\system32\4585B20F6B.sys
    2006-05-03 09:06 . 2008-08-11 04:30 163328 --sh--r- c:\windows\system32\flvDX.dll
    2009-03-05 00:27 . 2009-03-02 22:41 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2007-02-21 10:47 . 2008-08-11 04:30 31232 --sh--r- c:\windows\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]

    c:\documents and settings\iTunes\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    c:\documents and settings\Magellan\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    c:\documents and settings\Mom & Dad\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-28 18:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2007-01-19 16:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Autodesk\\VIZ2008\\3dsviz.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/3/2008 9:42 PM 216200]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/3/2008 9:42 PM 242696]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/28/2010 2:06 PM 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/28/2010 2:06 PM 308064]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/30/2010 11:15 PM 112592]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 3:35 PM 181544]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/20/2009 12:10 AM 303952]
    R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;c:\program files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [3/7/2007 4:32 PM 65536]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/20/2009 12:10 AM 20824]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [6/19/2009 3:27 PM 28672]
    S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [12/1/2008 3:22 PM 153760]
    S3 SASENUM;SASENUM;\??\c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\MOM&DA~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf6f75z.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf6f75z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-WudfPf
    SafeBoot-WudfRd
    AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-02 13:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h&#8211;&#8364;|ÿÿÿÿ¤&#8226;&#8364;|ù&#8226;A~*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(632)
    c:\windows\system32\igfxdev.dll

    - - - - - - - > 'explorer.exe'(2384)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\windows\system32\ZuneBusEnum.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Dell AIO Printer A920\dlbkbmon.exe
    c:\program files\OpenOffice.org 2.4\program\soffice.exe
    c:\program files\OpenOffice.org 2.4\program\soffice.BIN
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-02 13:50:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-02 17:50

    Pre-Run: 35,291,054,080 bytes free
    Post-Run: 36,529,516,544 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 40561D185F8B3C3904B1D843A4345059
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914290

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice