IE redirects (hjt log)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
Hi ,I volenteered to fix my father inlaws pc . Initialy it didn't look to bad , I ran ccleaner and ran malwarebytes which picked up a couple of things . I first thought I got rid of the redirect problem so installd spyblaster changed IE setting and cleared system restore . I was just about to download firefox and relized that the redirect problem was still there . It gets redirected to what seem like genuin sites , alternate search engines and stuff and even got redirected to a you tube video . I could really use some help in getting to the bottom of this irittating problem , I have no idea how to read a HJT log so if someone could please take a look it would be appreiated .

Thanks .


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:32:58 PM, on 1/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: TranslatorBar 3.2 Toolbar - {c55f5517-246e-4426-b745-ee25b08eb8b4} - C:\Program Files\TranslatorBar_3.2\tbTra1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: TranslatorBar 3.2 Toolbar - {c55f5517-246e-4426-b745-ee25b08eb8b4} - C:\Program Files\TranslatorBar_3.2\tbTra1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: TranslatorBar 3.2 Toolbar - {c55f5517-246e-4426-b745-ee25b08eb8b4} - C:\Program Files\TranslatorBar_3.2\tbTra1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237899206890
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F66438EE-727D-48D1-9548-649A88879EFB}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: bw+0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: offline-8876480 - {424CB3B8-AFBA-49FB-BD8D-30C02F63A3FA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c9bec822f1d802) (gupdate1c9bec822f1d802) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://srx.uk.ebayrtm.com/rtm?RtmCm...1c0a0e204960b26ff9d98af&v=3&enc=UTF-8

--
End of file - 25316 bytes
 

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
Here is the DDS log. Thanks




DDS (Ver_10-12-12.02) - NTFSx86
Run by Andy at 14:45:03.46 on Fri 01/07/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.278 [GMT 0:00]

AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mshta.exe
C:\Documents and Settings\Andy\Desktop\DDS.SCR

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/webhp?hl=en
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: TranslatorBar 3.2 Toolbar: {c55f5517-246e-4426-b745-ee25b08eb8b4} - c:\program files\translatorbar_3.2\tbTra1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: TranslatorBar 3.2 Toolbar: {c55f5517-246e-4426-b745-ee25b08eb8b4} - c:\program files\translatorbar_3.2\tbTra1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: TranslatorBar 3.2 Toolbar: {c55f5517-246e-4426-b745-ee25b08eb8b4} - c:\program files\translatorbar_3.2\tbTra1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CORSAIR_PLUtil] c:\program files\corsair\corsair flash voyager utility\PLBkMon.exe
mRun: [PLFFAP] c:\windows\system32\HotfixQ0306270.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\andy\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f6d4050\v1\BelkinWCUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237899206890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {F66438EE-727D-48D1-9548-649A88879EFB} = 156.154.70.22,156.154.71.22
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-3-18 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-18 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-22 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-22 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-12-29 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-12-29 27576]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-12-29 1769216]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-22 54752]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-18 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-3-18 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-3-18 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-3-18 26192]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 gupdate1c9bec822f1d802;Google Update Service (gupdate1c9bec822f1d802);c:\program files\google\update\GoogleUpdate.exe [2009-4-16 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-18 30104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 jgameenp;jgameenp;\??\c:\docume~1\andy\locals~1\temp\jgameenp.sys --> c:\docume~1\andy\locals~1\temp\jgameenp.sys [?]
S3 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [2006-10-24 7424]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-12-5 637952]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

=============== Created Last 30 ================

2011-01-07 13:54:04 388096 ----a-r- c:\docume~1\andy\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-07 13:54:03 -------- d-----w- c:\program files\Trend Micro
2011-01-06 18:39:38 -------- d-----w- c:\program files\COMODO
2011-01-06 18:38:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2011-01-06 18:31:16 -------- d-----w- c:\windows\Internet Logs
2011-01-06 17:40:25 30720 ----a-w- C:\~GLHTTP1.TMP
2011-01-06 17:35:35 -------- d-----w- c:\docume~1\andy\locals~1\applic~1\Conduit
2011-01-06 17:35:32 -------- d-----w- c:\docume~1\andy\locals~1\applic~1\ZoneAlarm_Security
2011-01-06 17:35:29 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-01-06 17:34:07 -------- d-----w- c:\docume~1\andy\applic~1\CheckPoint
2011-01-06 17:28:14 -------- d-----w- c:\docume~1\andy\locals~1\applic~1\ConduitEngine
2011-01-06 17:27:52 -------- d-----w- c:\program files\CheckPoint
2011-01-06 17:02:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-06 16:01:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-06 16:01:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-06 15:14:56 -------- d-----w- c:\program files\SpywareBlaster
2011-01-06 15:08:35 -------- d-----w- c:\program files\CCleaner
2010-12-29 01:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-29 01:41:28 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-12-29 01:41:26 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-12-29 01:41:26 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys

==================== Find3M ====================

2011-01-06 17:02:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-19 16:57:41 6424 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-12-19 16:57:37 88 --sh--r- c:\windows\system32\1B7856A273.sys
2008-06-08 15:25:31 774144 ----a-w- c:\program files\RngInterstitial.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD160JJ/P rev.ZM100-34 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x83D4A446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x83d50504]; MOV EAX, [0x83d50580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x83DC9AB8]
3 CLASSPNP[0xF76BEFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x83CEA7F8]
\Driver\atapi[0x83D156A0] -> IRP_MJ_CREATE -> 0x83D4A446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskSAMSUNG_HD160JJ#P_______________________ZM100-34#5&375dcacc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x83D4A292
user != kernel MBR !!!
sectors 312499998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 14:48:09.18 ===============
 

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
It seems I can not post the log file for Gmer .IE looses connection when posting that log . Is it possible that the log file could be to big and that's why it wont let me post it .
 

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
See if this works . It was reported after scan that the system had been modified by rootkit activity.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-07 16:16:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 SAMSUNG_HD160JJ/P rev.ZM100-34
Running: kcv0bpfi.exe; Driver: C:\DOCUME~1\Andy\LOCALS~1\Temp\awrdrpod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAA626670]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAA626720]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAA6267C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAA626860]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0x9C510400, 0x7976C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9C5B2420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9C5B2420]
.protectÿÿÿÿhardlockunknown last code section [0x9C5B2200, 0x5149, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0x9C5B2200, 0x5149, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 83D4A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 83D4A292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 83D4A292

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskSAMSUNG_HD160JJ#P_______________________ZM100-34#5&375dcacc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 312499744 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\62eba27a-2dd0-4c4e-aa2b-da642f0592b3.tmp 0 bytes
File C:\WINDOWS\Temp\29aa2a8d-ebb0-48c9-8534-ad215967cdd9.tmp 0 bytes

---- EOF - GMER 1.0.15 ----
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

The tool I need to use is targeted by your AVG, so AVG will need to be uninstalled completely until this computer is clean, it has a nasty rootkit

Please use Appremover to remove AVG

Please download AppRemover and save it to your desktop.
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. (you want the failed uninstall)
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed programs, choose the one you want to remove and click on the Next button. (AVG)
  • Follow the last step and reboot if asked to do so.


NEXT




Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
Hey thanks for taking this , it's very good of you.

There was a problem when appremover was uninstalling AVG. It hung at 32 % , I left for 30mins just incase it was taking it's time . I had to close appremover via the task manager then I restarted pc . Upon restart I noticed AVG had not started in the tray . After looking through programmes I noticed that AVG is still installed so ran app remover again but it did not find anything for AVG. I've tried unstalling AVG from "add remove programmes" but it reports "uninstall failed" and produces a little log ... here it is .

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Access is denied.


I have not run combo fix yet as AVG is still on machine , do you have any advise ? Thnaks
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Open notepad and copy/paste the text inside the quotebox below into it:
Code:
REGISTRY::
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[-HKEY_CURRENT_USER\Software\Avg]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\.avgdx]
[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}]
[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95}]
[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
DRIVER::
Avg
AVGIDSAgent
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgldx86
Avgmfx86
Avgrkx86
Avgtdix
avgwd
FOLDER::
%SYSTEMDRIVE%\$AVG
%COMMONAPPDATA%\AVG10
%COMMONAPPDATA%\MFAData
%COMMONPROGRAMS%\AVG 2011
%APPDATA%\AVG10
%PROGRAMFILES%\AVG
%SYSTEM%\drivers\AVG
File::
%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
%COMMONDESKTOP%\AVG 2011.lnk
%SYSTEM%\drivers\AVGIDSDriver.sys
%SYSTEM%\drivers\AVGIDSEH.sys
%SYSTEM%\drivers\AVGIDSFilter.sys
%SYSTEM%\drivers\AVGIDSShim.sys
%SYSTEM%\drivers\avgldx86.sys
%SYSTEM%\drivers\avgmfx86.sys
%SYSTEM%\drivers\avgrkx86.sys
%SYSTEM%\drivers\avgtdix.sys

Save this as CFScript_AVG2011.txt


  • Referring to the screenshot above, drag CFScript_AVG2011.txt into ComboFix.exe.


    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
 

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
Hi, I did as you requested above and got to the point where it says " you have asked combofix to remove AVG using brute force" .I clicked yes to continue and waited . 15 minutes went by and there was no evidence that combo fix was runing at all. Evenutually I looked on the task manage and saw nothing that suggested combo fix was running or any programme was scanning. I left PC for another 30 minutes but nothing happened . So I'm afraid I don't have any log to post . AVG is still in programmes but not in tray and IE is still redirecting .

Should I run combo fix on it's own with out the text file?

Thanks
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Yes,

try running it in safemode

To enter safe mode:

Reboot: > tap F8 repeatedly on bootup till an advanced option menu appears > arrow up to safe mode with networking
 

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
Hi, I ran combofix in safe mode with networking and it started to work . After it installed recovery console it starting scanning . Then I got the message " master boot record is infected " I clicked OK . It carried on scanning then I got the message " combofix has detected root kit activity and needs to restart your machine" I clicked OK but then got the BSOD . I turned the machine off via power and started it up again in safe mode with networking . There is no log file , AVG is still in programmes . IE does'nt seem to redirect in safemode although I've only done limited testing .

Should I run combo fix again and hope I dont get the BSOD ?

Thanks for sticking with it .
 

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
Just letting you know I've ran the AVG uninstaller tool and that seems to have gotten rid of the remains of AVG . Also when restarting the PC in normal mode again I've had some microsoft updates come through , not sure if they were been blocked before. Just need to know if it's ok to run combo fix again . Thanks again .
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Yes, please run ComboFix again

If you still have trouble running it, delete the copy you have from your desktop, download a fresh copy but rename it to iexplore before saving it,

if it still wont run, try running it in safe mode.
 

meylan

Thread Starter
Joined
Jul 6, 2006
Messages
105
Hi ,I ran the version I had on my desktop and it updated it self before scanning . During stage 4 of scanning Comodo alerted me that "Nir.Cmd.cfxxe" was trying to acess the internet . Combo fix had already updated it self so I did not allow or block access.
So here is the Log .

Thanks

ComboFix 11-01-10.07 - Andy 01/11/2011 9:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.345 [GMT 0:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Andy\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Andy\Application Data\completescan
c:\documents and settings\Andy\Application Data\install
c:\documents and settings\Andy\Local Settings\Temp\IadHide5.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-10 15:26 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-10 15:25 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-01-10 13:22 . 2011-01-10 13:22 -------- d-----w- c:\documents and settings\Administrator
2011-01-08 17:01 . 2011-01-08 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2011-01-07 13:54 . 2011-01-07 13:54 388096 ----a-r- c:\documents and settings\Andy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-07 13:54 . 2011-01-07 13:54 -------- d-----w- c:\program files\Trend Micro
2011-01-06 18:39 . 2011-01-06 18:39 -------- d-----w- c:\program files\COMODO
2011-01-06 18:38 . 2011-01-06 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-01-06 18:31 . 2011-01-06 18:31 -------- d-----w- c:\windows\Internet Logs
2011-01-06 17:40 . 2011-01-06 17:40 30720 ----a-w- C:\~GLHTTP1.TMP
2011-01-06 17:35 . 2011-01-06 17:50 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\Conduit
2011-01-06 17:35 . 2011-01-06 17:50 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\ZoneAlarm_Security
2011-01-06 17:35 . 2011-01-06 17:53 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-01-06 17:34 . 2011-01-06 17:34 -------- d-----w- c:\documents and settings\Andy\Application Data\CheckPoint
2011-01-06 17:27 . 2011-01-06 17:27 -------- d-----w- c:\program files\CheckPoint
2011-01-06 17:02 . 2011-01-06 17:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-06 16:01 . 2011-01-06 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-06 16:01 . 2011-01-06 16:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-06 15:15 . 2011-01-06 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-06 15:14 . 2011-01-06 15:15 -------- d-----w- c:\program files\SpywareBlaster
2011-01-06 15:08 . 2011-01-06 15:08 -------- d-----w- c:\program files\CCleaner
2010-12-29 01:42 . 2010-12-29 01:42 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-29 01:41 . 2010-12-29 01:41 94656 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-12-29 01:41 . 2010-12-29 01:41 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-12-29 01:41 . 2010-12-29 01:41 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-12-29 01:41 . 2010-12-29 01:41 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 17:02 . 2010-11-22 19:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-20 18:09 . 2010-11-15 19:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-11-15 19:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 11:18 . 2010-12-05 11:18 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-18 18:12 . 2004-08-10 12:02 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 11:51 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 11:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 11:51 1853312 ----a-w- c:\windows\system32\win32k.sys
2008-06-08 15:25 . 2008-06-08 15:25 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c55f5517-246e-4426-b745-ee25b08eb8b4}"= "c:\program files\TranslatorBar_3.2\tbTra1.dll" [2010-11-03 3908192]

[HKEY_CLASSES_ROOT\clsid\{c55f5517-246e-4426-b745-ee25b08eb8b4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c55f5517-246e-4426-b745-ee25b08eb8b4}]
2010-11-03 17:32 3908192 ----a-w- c:\program files\TranslatorBar_3.2\tbTra1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c55f5517-246e-4426-b745-ee25b08eb8b4}"= "c:\program files\TranslatorBar_3.2\tbTra1.dll" [2010-11-03 3908192]

[HKEY_CLASSES_ROOT\clsid\{c55f5517-246e-4426-b745-ee25b08eb8b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C55F5517-246E-4426-B745-EE25B08EB8B4}"= "c:\program files\TranslatorBar_3.2\tbTra1.dll" [2010-11-03 3908192]

[HKEY_CLASSES_ROOT\clsid\{c55f5517-246e-4426-b745-ee25b08eb8b4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-10-15 36864]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"CORSAIR_PLUtil"="c:\program files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [2006-04-19 94208]
"PLFFAP"="c:\windows\system32\HotfixQ0306270.exe" [2003-08-05 45056]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 28160]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 110592]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-11 98304]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-12-29 2548040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2010-12-5 1077248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-11 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-10-15 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-9-24 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 22:34 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 06:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 02:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-10-15 08:42 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-05-10 15:04 11776 ----a-w- c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-05-10 15:04 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2006-11-07 14:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-07-11 21:32 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-07-11 21:31 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9bec822f1d802"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Age of Empire\\age2_x1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/29/2010 1:41 AM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/29/2010 1:41 AM 27576]
S3 jgameenp;jgameenp;\??\c:\docume~1\Andy\LOCALS~1\Temp\jgameenp.sys --> c:\docume~1\Andy\LOCALS~1\Temp\jgameenp.sys [?]
S3 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [10/24/2006 2:33 PM 7424]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S4 gupdate1c9bec822f1d802;Google Update Service (gupdate1c9bec822f1d802);c:\program files\Google\Update\GoogleUpdate.exe [4/16/2009 7:18 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 19:18]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 19:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/webhp?hl=en
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {F66438EE-727D-48D1-9548-649A88879EFB} = 156.154.70.22,156.154.71.22
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Notify-avgrsstarter - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 09:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3804)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ImgUtil.dll
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-01-11 10:04:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-11 10:04

Pre-Run: 138,596,052,992 bytes free
Post-Run: 138,929,213,440 bytes free

- - End Of File - - DE1151656CBCBF6B33202AA34FF9F699
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top