Tech Support Forum - HijackThis Log Help (Inactive)

Trojan.Win32.32.exe

dulcima — Wed, 18 Nov 2009 16:00:48 GMT

Hi.

I have a Trojan worm that from time to time pops up from my Kaspersky Security window.

It can be deleted but reappears sporadically even when PC is unattended but connected to the internet.

The file shows: C:\System Volume Information\_restore{EDC08634-9242-46EC-A8A0-9CA8F7A81F52}\RP205\A0114997.exe

Any help on removing this would be appreciated.

I believe it may have come from this. is this a virus carrying mail? Received: from virus_17.livemail.co.uk (virus-cluster.livemail

Thanks

Hacking problem

sorakusanagi — Wed, 18 Nov 2009 14:25:12 GMT

A few hours ago, someone changed my email's password. I thought it was an error at first, but when I checked my blog, I couldn't open it too. I knew right away someone hacked my accounts. I managed to recover my accounts and then replaced my passwords...I thought everything was OK until my email got hacked again.

I changed my passwords again using my desktop, so I;ve realized it's my laptop that's probably being hacked. I don't know how though?

Can I get some help right away pls! I use my laptop for university too, so it's really a big burden that I can't use it...

Browser Hijack

LourensMS — Wed, 18 Nov 2009 09:58:27 GMT

Recently, to my own shame, after visiting some porn sites my browser keeps reverting to unwanted sites. At first only to random sites that sell stuff but later to obscene sites.

I've ran Spybot numerous times but it didn't work, I also switched from IE to Opera but it's the same story.

I have Avira Antivir as virus protection.

How can i stop it?

Please help!

Virus, maybe spyware problems

saken5676 — Wed, 18 Nov 2009 05:44:30 GMT

Ok heres the thing, i believe im infected with a virus or maybe spyware. Im not sure because i dont know a whole lot about computers. but heres whats happened. Some ad like things started popping up a few days ago and i knew that it was spyware or something so i went and bought some anti-Virus protection. When i restarted my computer to install it, beforing loading the desktop a fake anti virus type thing popped up syaing i was unprotected and what not. If i try to cancel it out it tells me it isnt allowed, if i press ctrl+alt+delete the task manager button isnt there, and if i press ctrl+shift+esc the task manager wont appear. So i have no desktop and no way to make this program install on my computer. I tried installing it while in safe mode but it fails. What should i do exactly? I would like to try to just get rid of it with the program if possible because i have pictures and such that i would like to keep. Anyone, please let me know what to do. Currently i am accessing the net from Safe mode with Networking support. Please help ASAP. thanks

TROJAN Horse Generic15.AVLU - Infected my XP! HELP to FIX!?!

JChimlife — Wed, 18 Nov 2009 05:33:41 GMT

Thanks in advance for your help, it is very appreciated. I accidentally accessed a video file that had a trojan in it. I've tried combofix and sdfix.exe and neither have worked. I've tried avg spyware and virus, Malwares, spybot, adaware, and none of them detect or allow me to remove the infection. Please Help!

I receive a popup every 2 minutes from AVG web shield alert stating "threat detected"

File Name: 91.212.226.178/1inst.exe
Threat Name: Trojan Horse Generic15.AVLU

Process Name: C:\Windows\system32\svchost.exe
Process ID: 940

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\Updates\advcheck165.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\is-UB5KS.tmp\advcheck165.tmp
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (file missing)
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140286330640
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://bestbuy.kodakgallery.com/down...2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://bestbuy.kodakgallery.com/down...2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Access Utility Service - SprintNextel - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93597f679cda2) (gupdate1c93597f679cda2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 15151 bytes

Any assistance is greatly appreciated. I have exams coming up online and I can't afford to have a this trojan mess everything up

James

College student in need of assistance

AKaveman — Wed, 18 Nov 2009 02:53:55 GMT

Hello, i am a Virtual Technology and Design student, so my laptop is my life and my career. Recently while browsing the internet, the moment a page loaded i get a popup from AVG saying that there is a infected file detected, but offers no solution. I assume this means it is fixed, and continue on with my day. But my browser started to randomly open up new tabs or redirect me to when i click on a link. It will send me to some no-name search engine for about a second, and then re-redirect me to a completely random site, however on some occasions it has to do with what i was looking at. Ran Malwarebytes, got one item, took it off, and the problem persists. AVG picks nothing up, and i honestly dont feel like using the trial and error method for every AV out there until hopefully one works. When i try to run the GMER program in your tutorial, my laptop instantly resets the moment i click the scan button, so i dont have that information for you sadly. However, in the event viewer, i found this under the system log which i think may have been the event giving me the virus:

The master browser has received a server announcement from the computer WHITEBABY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6700717A-220B-4D92-83C2-213E1C58. The master browser is stopping or an election is being forced.

Any help is greatly appreciated, and i will attach the DDS file if that helps at all. Running Vista 32 bit service pack 1. THANK YOU

DDS (Ver_09-10-26.01) - NTFSx86
Run by Joe at 18:24:49.82 on Tue 11/17/2009
Internet Explorer: 7.0.6001.18000
Microsoft� Windows Vista� Home Premium 6.0.6001.1.1252.1.1033.18.1982.1011 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Joe\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\9p5ymek4.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: browser.windows.loadOnNewWindow - 2
FF - user.js: layout.spellcheckDefault - 2

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-4 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-4 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-4 297752]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

=============== Created Last 30 ================

2009-11-17 23:30:06 0 d-----w- C:\.jagex_cache_32
2009-11-17 20:24:31 0 d-----w- c:\users\joe\appdata\roaming\Malwarebytes
2009-11-17 20:24:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-17 20:24:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-17 20:24:23 0 d-----w- c:\programdata\Malwarebytes
2009-11-17 20:24:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-17 07:23:01 63 ----a-w- c:\users\joe\jagex_runescape_preferences2.dat
2009-11-17 07:22:06 38 ----a-w- c:\users\joe\jagex_runescape_preferences.dat
2009-11-12 01:00:16 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 01:00:12 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-05 21:33:41 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-05 21:33:13 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-05 21:33:01 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-05 21:33:01 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-04 01:53:27 0 d-----w- c:\program files\Pokemon World Online
2009-10-29 06:26:42 132880 ----a-w- c:\windows\system32\MSINET.OCX
2009-10-29 06:26:42 1227264 ----a-w- c:\windows\system32\dx8vb.dll
2009-10-29 06:26:42 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX

==================== Find3M ====================

2009-11-18 00:51:12 113593 ----a-w- c:\programdata\nvModes.dat
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 02:47:27 19497 ----a-w- c:\windows\hpqins13.dat
2009-10-09 00:10:24 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-09 00:10:23 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-09 00:10:21 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-06 23:15:31 57366 ----a-w- c:\windows\system32\mausling_Joe_Midterm.zip
2009-10-05 00:07:15 34745 ----a-w- c:\windows\system32\Mausling_Joe_Ex5.zip
2009-09-29 01:54:46 1606 ----a-w- c:\users\joe\appdata\roaming\wklnhst.dat
2009-09-20 08:47:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:17:00 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 07:29:12 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2009-09-02 07:29:10 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2009-09-02 07:29:10 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2009-09-02 07:29:10 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-09-02 07:29:02 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2009-09-02 07:29:00 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2009-08-28 15:47:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-11 05:02:27 174 --sha-w- c:\program files\desktop.ini
2009-05-11 04:38:34 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:26:42.25 ===============

eh... BUMP?? I kinda need this fixed soon. New info up to date Malwarebytes finds nothing, but avg has found 30 so far all named Trojan horse Agent_r.PC.

Only problem is that it is mostly system 32 files, AVG files such as avgscanx.exe, java, microsoft office, zune, hp, and other stuff. Ill update more as scan finishes, but any imput so far would be lovely

Attached Files

DDS.txt (12.2 KB)

Annoying virus

sck — Sat, 14 Nov 2009 02:36:17 GMT

Hey, I had posted a thread a while earlier, but due to complications I could not follow through. That is not the case anymore and would greatly appreciate further help. The link to the original topic is:
http://www.techsupportforum.com/secu...ing-virus.html

I was instructed to provide a log of combo fix as follows:

ComboFix 09-11-13.04 - LOUIS 13/11/2009 18:07.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.694 [GMT 11:00]
Running from: c:\documents and settings\LOUIS\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\sFX
c:\program files\sFX\sfX.sYs
c:\windows\010112010146118114.dat
c:\windows\0101120101465752.dat
c:\windows\934fdfg34fgjf23
c:\windows\bf23567.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFX
-------\Legacy_SFXDRV
-------\Service_sfx
-------\Service_sFxdrv

((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-10 11:41 . 2009-11-11 19:52 79488 ----a-w- c:\documents and settings\LOUIS\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 11:41 . 2009-11-10 11:41 -------- d-----w- c:\program files\Common Files\Skype
2009-11-10 11:31 . 2009-11-10 11:31 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-10 11:26 . 2009-11-10 11:26 -------- d-----w- c:\program files\Common Files\Intel
2009-11-10 11:16 . 2009-11-10 11:16 -------- d-----w- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 07:25 . 2009-05-18 01:34 -------- d-----w- c:\documents and settings\LOUIS\Application Data\skypePM
2009-11-13 07:25 . 2009-05-18 01:29 -------- d-----w- c:\documents and settings\LOUIS\Application Data\Skype
2009-11-13 07:25 . 2009-06-26 09:25 -------- d-----w- c:\program files\Steam
2009-11-10 11:42 . 2009-05-18 01:26 -------- d-----r- c:\program files\Skype
2009-11-10 11:41 . 2009-05-18 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-10 11:39 . 2009-04-28 10:25 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-10 11:26 . 2009-04-28 06:23 -------- d-----w- c:\program files\Intel
2009-11-10 11:16 . 2009-04-28 06:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 12:38 . 2009-06-15 09:51 -------- d-----w- c:\documents and settings\LOUIS\Application Data\dvdcss
2009-10-25 11:24 . 2009-05-28 07:01 -------- d-----w- c:\program files\Counter-Strike 1.6
2009-10-15 06:05 . 2009-04-29 10:12 -------- d-----w- c:\documents and settings\LOUIS\Application Data\Apple Computer
2009-10-14 10:06 . 2009-04-30 04:41 -------- d-----w- c:\documents and settings\LOUIS\Application Data\Audacity
2009-09-30 09:36 . 2009-09-30 09:33 -------- d-----w- c:\program files\Optus Wireless Broadband
2009-09-27 23:45 . 2009-09-16 11:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-25 05:37 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-16 11:37 . 2009-04-28 10:24 54008 ----a-w- c:\documents and settings\LOUIS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 11:32 . 2009-09-16 11:29 -------- d-----w- c:\program files\Microsoft
2009-09-16 11:31 . 2009-04-28 10:25 -------- d-----w- c:\program files\Windows Live
2009-09-16 11:29 . 2009-09-16 11:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 11:25 . 2009-09-16 11:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-11 14:18 . 2004-08-12 13:23 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-12 13:22 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-12 13:30 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-05-18 1312256]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-30 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-15 127037]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-17 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi4"=KORGUMDD.DRV
"midi6"=KORGUMDD.DRV

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [27/03/2009 2:11 AM 21720]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=3081
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LOUIS\Application Data\Mozilla\Firefox\Profiles\1ukdzh2z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 18:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-13 18:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 07:29
ComboFix2.txt 2009-05-14 06:24

Pre-Run: 54,065,717,248 bytes free
Post-Run: 54,118,064,128 bytes free

- - End Of File - - 56BF462198F0144816CEE008CDF945CD

AVG won't install

GrTech2009 — Thu, 12 Nov 2009 18:10:03 GMT

Ok so I have a PC that is infected when I try to install AVG Antivirus it tells me that it could not find internet connectivity and it cannot install. the computer can go on the internet.

This is the only PC I have had this problem with. I have downloaded the file why does it need the internet to install?

AntiVirus Pro 2010

LooRoll — Thu, 12 Nov 2009 09:17:50 GMT

Hi,

Antivirus_Pro 2010 Infection
Sys Information:

HP Compaq dc5100 -
Pentium 2.80GHz -
1.49GB Ram -

Windows XP Pro SP3

AVG Free Anti Virus.

I recently had help removing an infection from my machine. I belive it may still be infected.. It is still showing in the startup tab of MSCONFIG & whenever I remove it and restart the computer it comes back.

There are no longer any pop ups or redirects being caused by the virus, but i think some part of it remains.

Any help is appreciated

Liam

This is the listing in "msconfig - start up tab" :-
"c:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide"

(here is a link to the originall thread)
http://www.techsupportforum.com/secu...infection.html

My Dell XPS M1330 SP2 keeps on freezing

Bob_Binky — Wed, 11 Nov 2009 14:49:01 GMT

My Dell XPS M1330 SP2 keeps on freezing and the only way to make it run again is to pullout the battery...Im afraid a virus causes this
It freezes in about 20 mins after startup

In this post i have attach a dds.txt and hijackthis log both were used during Safe Mode

I will attach the GMER later...in case my laptop freezes again

This post contains ark.txt

how do i get the attach.txt?

DDS (Ver_09-10-26.01) - NTFSx86 MINIMAL
Run by Karlo at 22:22:28.38 on Wed 11/11/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_16
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.3069.2677 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Karlo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=13920&l=dis
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTunerWrapper.exe" /S
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\karlo\appdata\roaming\mozilla\firefox\profiles\4d4hyc5j.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-9 333192]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-9 360584]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-9 128888]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-9 29520]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-5-20 73728]
S2 Apache2.2;Apache2.2;"c:\program files\xampp\apache\bin\apache.exe" -k runservice --> c:\program files\xampp\apache\bin\apache.exe [?]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-9 906520]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-9 285392]
S2 hcefbty;fxnuhiw;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 typzb;System Update;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2009-5-20 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2009-5-20 7424]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-11-11 14:17:44 0 d-----w- c:\program files\Trend Micro
2009-11-09 23:09:28 0 d-----w- c:\programdata\WindowsSearch
2009-11-09 12:03:55 0 d--h--w- C:\$AVG
2009-11-09 12:03:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 12:03:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 12:03:38 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 12:03:33 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-09 12:03:25 0 d-----w- c:\programdata\avg9
2009-11-09 11:26:50 0 d-----w- c:\programdata\Comodo
2009-11-09 11:26:44 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-09 11:26:44 179792 ----a-w- c:\windows\system32\guard32.dll
2009-11-09 11:26:44 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-08 15:47:30 0 d-----w- c:\programdata\Media Center Programs
2009-11-08 15:47:28 0 d-----w- c:\program files\common files\BioWare
2009-11-06 14:34:18 0 d-----w- c:\programdata\MySQL
2009-11-06 14:34:18 0 d-----w- c:\program files\MySQL
2009-11-06 13:04:17 862 ----a-w- c:\windows\system32\termcap
2009-11-06 12:36:12 0 d-----w- C:\MySQL Datafiles
2009-11-06 10:38:15 172 ----a-w- c:\windows\ODBC.INI
2009-11-06 10:36:53 0 d-----w- c:\program files\Business Objects
2009-11-06 10:29:10 0 d-----w- c:\program files\Microsoft SQL Server
2009-11-06 10:27:15 0 d-----w- c:\program files\Microsoft Device Emulator
2009-11-06 10:24:16 0 d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-11-06 10:22:58 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-06 10:09:52 0 d-----w- c:\programdata\PreEmptive Solutions
2009-11-06 09:57:47 0 d-----w- c:\windows\system32\1033
2009-11-06 09:55:16 0 d-----w- c:\program files\HTML Help Workshop
2009-11-06 09:55:16 0 d-----w- c:\program files\common files\Merge Modules
2009-11-06 09:55:15 0 d-----w- c:\program files\CE Remote Tools
2009-11-06 09:51:49 0 d-----w- c:\program files\Microsoft Web Designer Tools
2009-11-06 05:20:09 0 d-----w- c:\users\karlo\appdata\roaming\MySQL
2009-11-06 05:18:08 232 ----a-w- c:\windows\ODBCINST.INI
2009-11-06 03:50:48 0 d-----w- c:\users\karlo\.netbeans
2009-11-06 03:50:46 0 d-----w- c:\users\karlo\.netbeans-registration
2009-11-06 03:50:01 0 d-----w- c:\program files\sges-v3-prelude
2009-11-06 03:49:56 120 ----a-w- c:\users\karlo\.asadminpass
2009-11-06 03:49:34 793 ----a-w- c:\users\karlo\.asadmintruststore
2009-11-06 03:46:38 0 d-----w- C:\Sun
2009-11-06 03:34:08 0 ----a-w- c:\users\karlo\.javafx_eula_accepted
2009-11-06 03:27:16 0 d-----w- c:\program files\NetBeans 6.7.1
2009-11-06 03:25:24 0 d-----w- c:\program files\Sun
2009-11-06 03:16:49 0 d-----w- c:\users\karlo\.nbi
2009-11-03 10:43:09 0 d-----w- c:\program files\Folder Icon Changer
2009-11-01 12:35:03 0 d-----w- c:\program files\SystemRequirementsLab
2009-11-01 07:11:16 0 d-----w- c:\program files\common files\Futuremark Shared
2009-11-01 06:58:05 0 d-----w- c:\program files\Windows Portable Devices
2009-11-01 06:57:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-01 06:56:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-01 06:19:34 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-01 06:19:34 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-01 06:19:34 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-01 06:17:42 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-01 06:16:16 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-01 06:16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-01 06:16:15 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-31 16:03:49 0 d-----w- c:\users\karlo\appdata\roaming\uTorrent
2009-10-29 22:33:35 0 d-----w- c:\windows\system32\eu-ES
2009-10-29 22:33:35 0 d-----w- c:\windows\system32\ca-ES
2009-10-29 22:33:24 0 d-----w- c:\windows\system32\vi-VN
2009-10-29 22:23:01 0 d-----w- c:\windows\system32\SPReview
2009-10-29 22:10:37 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-10-29 22:10:26 57856 ----a-w- c:\windows\system32\compcln.exe
2009-10-29 22:07:57 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-10-29 22:06:59 1645568 ----a-w- c:\windows\system32\connect.dll
2009-10-29 22:05:38 208896 ----a-w- c:\windows\system32\mfplat.dll
2009-10-29 22:02:38 0 d-----w- c:\windows\system32\EventProviders
2009-10-29 15:15:49 0 d-----w- c:\users\karlo\appdata\roaming\Uniblue
2009-10-29 14:48:57 647168 ----a-w- c:\windows\system32\aestecap.dll
2009-10-29 14:48:57 53248 ----a-w- c:\windows\system32\aestaren.dll
2009-10-29 14:48:57 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2009-10-29 14:48:57 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-10-29 14:48:57 131072 ----a-w- c:\windows\system32\aestacap.dll
2009-10-29 14:48:57 102400 ----a-w- c:\windows\system32\stacsv.exe
2009-10-29 14:46:53 595456 ----a-w- c:\windows\system32\stapo.dll
2009-10-29 14:46:53 328704 ----a-w- c:\windows\system32\stcplx.dll
2009-10-29 14:46:53 299520 ----a-w- c:\windows\system32\stapi32.dll
2009-10-29 12:03:43 0 d-----w- c:\program files\Free Fire Screensaver
2009-10-29 12:03:35 0 d-----w- c:\users\karlo\appdata\roaming\Laconic Software
2009-10-28 15:43:26 48 ----a-w- c:\windows\iltwain.ini
2009-10-28 15:28:28 0 d-----w- c:\program files\AveIconifier2
2009-10-28 13:37:18 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-28 13:37:17 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-28 13:35:21 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-28 13:34:54 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-28 13:34:35 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 13:34:34 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-28 13:34:25 0 d-----w- c:\users\karlo\appdata\roaming\OtakuSoftware
2009-10-28 13:34:02 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-28 12:08:25 0 d-----w- c:\program files\CodeGazer
2009-10-28 12:04:13 0 d-----w- c:\program files\DeskSpace
2009-10-21 10:48:22 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 10:48:14 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 10:48:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 10:48:09 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-16 12:42:13 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 12:39:52 0 d-----w- c:\windows\system32\AGEIA
2009-10-16 12:39:28 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-14 12:54:19 8457 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-10-14 12:54:19 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2009-10-14 12:54:13 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-10-14 12:54:13 13281 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-10-14 12:54:09 0 d-----w- c:\program files\Illustrate
2009-10-14 08:50:14 327680 ----a-w- c:\windows\system32\vp6dec.ax

==================== Find3M ====================

2009-11-11 13:20:13 131587 ----a-w- c:\users\karlo\appdata\roaming\nvModes.dat
2009-11-09 11:27:47 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-09 11:27:47 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-09 11:27:45 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-01 06:57:24 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 23:02:21 615424 ----a-w- c:\windows\system32\themeui.dll
2009-10-29 22:19:40 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-28 12:10:03 240128 ----a-w- c:\windows\system32\uxtheme.dll
2009-10-08 01:02:10 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-03 01:43:01 28672 ----a-w- c:\windows\system32\death.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-04 09:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 09:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 09:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 09:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 09:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 09:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 09:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 09:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 09:07:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-29 09:07:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-18 23:10:48 165153 ----a-w- c:\windows\hphins30.dat
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 05:36:18 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-20 05:25:53 74 --sh--r- c:\windows\CT4CET.bin
2009-07-23 10:03:25 30 --sha-r- c:\windows\pc-off.bat

============= FINISH: 22:25:16.72 ===============

Attached Files

	DDS.txt (19.7 KB)
	hijackthis.txt (5.5 KB)
	ark.txt (18.8 KB)

Slow as heck computer getting slower.

cdabrnes — Wed, 11 Nov 2009 04:11:29 GMT

DDS (Ver_09-10-26.01) - NTFSx86
Run by Barnes Daphne at 20:50:57.00 on Tue 11/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.28 [GMT -7:00]

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
c:\SafetyCenter\new.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Linksys\LinksysDiag\LinksysDiag.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Documents and Settings\barnes daphne\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = https://remoteaccess.newworldsystems...lt/welcome.cgi
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: c:\windows\system32\l5j65syo8.dll: {a45a4b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\l5j65syo8.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [calc] rundll32.exe c:\windows\system32\config\system~1\ntuser.dll,_IWMPEvents@0
uRun: [A00FD1BD189.exe] c:\docume~1\barnes~1\locals~1\temp\_A00FD1BD189.exe
uRun: [BackUp Windows 2009] c:\docume~1\barnes~1\locals~1\temp\q7o6ky.exe
uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\docume~1\barnes~1\locals~1\temp\csrss.exe
uRun: [fontatmgfx] rundll32.exe "c:\documents and settings\barnes daphne\local settings\application data\fontatmgfx\fontatmgfx.dll", DllInit
uRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\barnes daphne\application data\antivirus plus\AntiVirus Plus.70367.dll", start 70367
mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s
mRun: []
mRun: [LinksysDiag] c:\program files\linksys\linksysdiag\LinksysDiag /hw
mRun: [VerizonServicepoint.exe] c:\program files\verizon\servicepoint\VerizonServicepoint.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Verizon Custom Uninstall Tracking] c:\docume~1\barnes~1\locals~1\temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [Tlohukowomaqude] rundll32.exe "c:\windows\orezakoboxa.dll",Startup
mRun: [bowihaveg] Rundll32.exe "c:\windows\system32\zokumuyi.dll",a
mRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\barnes daphne\application data\antivirus plus\AntiVirus Plus.70367.dll", start 70367
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRunOnce: [SafetyCenter] c:\safetycenter\start.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: newworldsystems.com\remoteaccess
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_2_06-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remoteaccess.newworldsystems.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: {4EB3E8F2-627B-496E-9309-9F260945AE48} = 77.74.48.113
TCP: {68F56C44-7E92-43B7-AFCA-9FDD4007C93A} = 77.74.48.113
TCP: {B09D5833-AC6E-4729-98B3-7077E0E5606C} = 77.74.48.113
Filter: text/html - {2ee1b2e9-4530-4982-8345-8466216982b3} - c:\windows\mark_32.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: __c00EF6A9 - c:\windows\system32\__c00EF6A9.dat
AppInit_DLLs: bedikupo.dll c:\windows\system32\zokumuyi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: wuzowubij - {0e6096bd-9bd4-4c81-8d89-168c6a7f5b78} - c:\windows\system32\zokumuyi.dll
STS: c:\windows\system32\l5j65syo8.dll: {a45a4b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\l5j65syo8.dll
STS: kupuhivus: {0e6096bd-9bd4-4c81-8d89-168c6a7f5b78} - c:\windows\system32\zokumuyi.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli jifusawo.dll mngseli.dll

============= SERVICES / DRIVERS ===============

R? BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem
R? hamachi_oem;PlayLinc Adapter
R? NC100;Network Everywhere Fast Ethernet Adapter(NC100 v2)
R? ncvcp;Network Connect Virtual Com Port
R? Radialpoint Security Services;Radialpoint Security Services
R? RTLVLANMP;Linksys Virtual Adapter
R? RTLVLANXP;Linksys VLAN Intermediate Driver
S? Cinemsup;Cinemsup
S? Diag69xp;Diag69xp
S? LANPkt;Linksys LANPkt Protocol Driver
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd
S? Maxtor Sync Service;Maxtor Service

=============== Created Last 30 ================

2009-11-10 05:58:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-09 07:52:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-09 07:50:56 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 04:02:18 27413 ----a-w- c:\windows\system32\Config.MPF
2009-11-09 02:04:04 0 d-----w- c:\docume~1\barnes~1\applic~1\AntiVirus Plus
2009-11-09 02:02:04 0 ----a-w- c:\windows\Qsubo.bin
2009-11-09 02:02:03 120 ----a-w- c:\windows\Lgeturu.dat
2009-11-09 02:00:57 2198 ----a-w- C:\aLySy.bat
2009-11-09 02:00:09 0 d-----w- C:\SafetyCenter
2009-11-09 01:56:59 27648 ----a-w- c:\windows\system32\__c00EF6A9.dat
2009-11-09 01:56:57 15000 ----a-w- c:\windows\system32\l5j65syo8.dll
2009-11-09 01:56:44 37376 ----a-w- C:\oqbkddrr.exe
2009-11-09 01:56:43 52224 ----a-w- C:\ydlcgx.exe
2009-11-09 01:56:41 52736 ----a-w- C:\luobk.exe
2009-11-09 01:55:24 0 --sha-w- C:\12104718

==================== Find3M ====================

2009-11-06 19:16:04 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-03 20:08:09 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 05:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-09 01:56:52 52736 --sha-w- c:\windows\system32\bedikupo.dll
2009-03-21 14:18:57 24064 --sha-w- c:\windows\system32\calc.dll
2009-08-09 01:56:52 52736 --sha-w- c:\windows\system32\hipehuko.dll
2009-08-09 01:56:52 52736 --sha-w- c:\windows\system32\jifusawo.dll
2009-08-09 02:02:53 107008 --sha-w- c:\windows\system32\kihebopa.exe
2009-08-09 02:02:53 45056 --sha-w- c:\windows\system32\kivobimo.dll
2009-08-09 02:02:54 39424 --sha-w- c:\windows\system32\vozasela.dll
2009-08-09 02:02:53 92672 --sha-w- c:\windows\system32\zokumuyi.dll
2009-03-21 14:18:57 24064 --sha-w- c:\windows\system32\config\systemprofile\start menu\programs\startup\scandisk.dll

============= FINISH: 20:55:01.76 ===============

We could not get the Attach.zip, it only showed up with 1 log file. The program is called Antivirus Plus that is attacking us. This is a repost from An already slow computer getting slower. Here is the contents. My computer is Windows XP, a few years old. And we have a problem. There is a virus scan, well, virus. It is a fake program called Antivirus Plus. It just pops up with tons of little things saying something is wrong. We can't even access the internet on it. It already was slow, now, it is dying.

Help - issue with trojan/cannot get rid

Janeyd — Tue, 10 Nov 2009 19:36:03 GMT

trojan SC/Win32.Agent.fbx and PUPSC following download of Live Player, only picked up by running Spybot, and not by McAfee, worryingly!

Now runing slow and cannot get on many websites I use daily.

I've tried a system restore to before I downloaded live player and also tried to unistall it, but it won't let me.

Please help.

Many thanks

Jane Downs

PS I've also attached everything you asked for, I think :o)

DDS (Ver_09-10-26.01) - NTFSx86
Run by Jane at 19:13:26.34 on 10/11/2009
Internet Explorer: 8.0.6001.18828
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.44.1033.18.3034.1572 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jane\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jane\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jane\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jane\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jane\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\jane\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-GB ee://aol/imApp
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-10-20 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-10-20 334440]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-10-22 81920]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-22 210216]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-10-20 972008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-22 1153368]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-10-22 598856]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]

=============== Created Last 30 ================

2009-11-10 17:37:11 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-09 22:12:22 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-09 22:11:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-09 22:11:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-09 22:11:25 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-25 13:29:05 0 d-----w- c:\program files\Live-Player
2009-10-24 19:10:07 9728 ----a-w- c:\users\jane\Letter template.wps
2009-10-24 19:06:13 82 ----a-w- c:\users\jane\appdata\roaming\wklnhst.dat
2009-10-24 09:03:56 0 d-----w- c:\windows\system32\eu-ES
2009-10-24 09:03:56 0 d-----w- c:\windows\system32\ca-ES
2009-10-24 09:03:55 0 d-----w- c:\windows\system32\vi-VN
2009-10-24 08:46:40 0 d-----w- c:\windows\system32\EventProviders
2009-10-23 18:27:54 0 d-----w- c:\programdata\Adobe
2009-10-23 12:07:40 0 d-----w- c:\program files\MSXML 4.0
2009-10-23 12:06:12 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-23 12:06:07 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-10-23 12:06:07 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-10-23 12:06:05 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-10-23 12:06:05 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-10-23 12:06:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-10-23 12:06:01 1480704 ----a-w- c:\windows\system32\mssrch.dll
2009-10-23 12:04:59 97792 ----a-w- c:\windows\system32\mprapi.dll
2009-10-23 08:13:49 0 d-----w- c:\programdata\McAfee Anti-Theft
2009-10-22 23:10:25 0 d-----w- c:\users\jane\appdata\roaming\Spotify
2009-10-22 23:10:23 0 d-----w- c:\program files\Spotify
2009-10-22 21:38:17 0 d-----w- c:\programdata\AOL OCP
2009-10-22 21:38:14 0 d-----w- c:\programdata\AOL
2009-10-22 21:38:06 0 d-----w- c:\programdata\Viewpoint
2009-10-22 21:38:05 0 d-----w- c:\program files\Viewpoint
2009-10-22 21:37:37 0 d-----w- c:\program files\common files\AOL
2009-10-22 21:37:31 0 d-----w- c:\program files\AIM6
2009-10-22 21:34:30 0 d-----w- c:\programdata\AOL Downloads
2009-10-22 21:34:25 989 ---ha-w- C:\IPH.PH
2009-10-22 20:02:36 0 d-----w- c:\windows\Panther
2009-10-22 20:02:31 8192 --s-a-r- C:\BOOTSECT.BAK
2009-10-22 20:02:30 333257 --sha-r- C:\bootmgr
2009-10-22 20:02:30 0 d-sh--w- C:\Boot
2009-10-22 20:02:11 24 ---ha-r- c:\windows\dell_version
2009-10-22 20:02:11 0 d-----w- c:\windows\system32\OEM
2009-10-22 17:29:32 0 d-----w- c:\users\jane\appdata\roaming\Trusteer
2009-10-22 17:29:26 0 d-----w- c:\program files\Trusteer
2009-10-22 17:28:44 0 d-----w- c:\programdata\Trusteer
2009-10-22 14:30:08 99176 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-10-22 14:30:08 51768 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-10-22 14:30:07 92920 ----a-w- c:\windows\DLA.EXE
2009-10-22 14:30:07 56056 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-10-22 14:30:07 28120 ----a-w- c:\windows\system32\drivers\DLARTL_M.SYS
2009-10-22 14:30:07 12856 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-10-22 14:30:07 120 ----a-w- c:\windows\wininit.ini
2009-10-22 14:30:07 0 d-----w- c:\windows\system32\DLA
2009-10-22 14:27:07 0 d-----w- c:\programdata\Roxio
2009-10-22 14:25:24 0 d-----w- c:\program files\common files\SureThing Shared
2009-10-22 14:22:25 0 d-----w- c:\programdata\Sonic
2009-10-22 14:22:15 0 d-----w- c:\program files\common files\Sonic Shared
2009-10-22 14:19:30 0 d-----w- c:\programdata\InstallShield
2009-10-22 14:18:59 0 d-----w- c:\program files\Roxio
2009-10-22 13:40:41 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-22 13:40:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-22 13:20:13 0 d-----w- c:\users\jane\Tracing
2009-10-22 13:18:55 0 d-----w- c:\program files\Microsoft
2009-10-22 13:18:37 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-22 13:18:01 0 d-----w- c:\windows\PCHEALTH
2009-10-22 13:15:57 0 d-----w- c:\program files\common files\Windows Live
2009-10-22 12:52:08 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-22 12:51:30 75 --sh--r- c:\windows\CT4CET.bin
2009-10-22 12:51:09 0 d-----w- c:\program files\common files\Reallusion
2009-10-22 12:50:15 5627904 ----a-w- c:\windows\system32\LiveCamVirtual.ocx
2009-10-22 12:49:53 348160 ------w- c:\windows\system32\msvcr71.dll
2009-10-22 12:49:52 499712 ------w- c:\windows\system32\msvcp71.dll
2009-10-22 12:49:52 1060864 ------w- c:\windows\system32\MFC71.DLL
2009-10-22 12:49:47 0 d-----w- c:\program files\Creative Live! Cam
2009-10-22 12:49:20 0 d-----w- c:\program files\Creative
2009-10-22 12:45:34 0 d-----w- c:\users\jane\appdata\roaming\Webroot
2009-10-22 12:45:33 0 d-----w- c:\programdata\Webroot
2009-10-22 12:45:33 0 d-----w- c:\program files\Webroot
2009-10-22 12:45:33 0 d-----w- c:\program files\common files\Webroot Shared
2009-10-22 12:45:22 194888 ----a-w- c:\windows\Unwash6.exe
2009-10-22 12:31:51 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-10-22 12:31:46 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2009-10-22 12:05:30 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-22 12:01:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-10-22 11:58:20 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-10-22 11:56:19 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-22 11:56:19 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-22 11:56:19 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-22 11:56:18 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-22 11:56:18 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-22 11:56:18 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-22 11:56:18 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-22 11:56:01 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-22 11:54:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-10-22 11:54:42 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-10-22 11:54:42 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-10-22 11:53:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-10-22 11:53:00 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-22 11:51:56 623616 ----a-w- c:\windows\system32\localspl.dll
2009-10-22 11:51:51 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-22 11:51:38 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-22 11:47:36 11887 ----a-w- c:\windows\system32\Config.MPF
2009-10-22 11:47:19 0 d-----w- c:\programdata\SiteAdvisor
2009-10-22 11:47:09 0 d-----w- c:\program files\SiteAdvisor
2009-10-22 11:44:39 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-22 11:44:09 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-22 11:44:09 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-22 11:44:09 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-22 11:44:04 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-22 11:43:40 0 d-----w- c:\program files\common files\McAfee
2009-10-22 11:43:38 0 d-----w- c:\program files\McAfee.com
2009-10-22 11:43:36 0 d-----w- c:\program files\McAfee
2009-10-22 11:42:37 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-22 11:28:17 0 d-----w- c:\programdata\McAfee
2009-10-22 11:24:50 16086 ----a-w- c:\windows\system32\results.xml
2009-10-22 11:20:18 0 d-----w- c:\programdata\Dell
2009-10-22 11:18:56 60416 ----a-w- c:\windows\system32\aestaren.dll
2009-10-22 11:18:29 0 d-----w- c:\program files\IDT
2009-10-22 11:18:01 0 d-----w- c:\program files\Marvell
2009-10-22 11:17:34 0 d-----w- c:\users\jane\appdata\roaming\TMP
2009-10-22 11:17:01 0 d-----w- c:\program files\Cisco
2009-10-22 11:15:33 772384 ----a-w- c:\windows\system32\oem8.inf
2009-10-22 11:15:09 1044992 ----a-w- c:\windows\system32\BCMLogon.dll
2009-10-22 11:14:24 0 d-----w- c:\program files\DellTPad
2009-10-22 11:13:39 170032 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-10-22 11:13:39 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2009-10-22 11:13:39 100546 ----a-w- c:\windows\system32\Vxdif.dll
2009-10-22 11:13:32 6416928 ----a-w- c:\windows\system\DriveIcon.dll
2009-10-22 11:13:32 62976 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2009-10-22 11:13:32 5430 ----a-w- c:\windows\system\MyMulti.ico
2009-10-22 11:11:53 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-10-22 11:11:46 0 d-----w- C:\Intel
2009-10-22 11:11:43 0 d-----w- C:\dell
2009-10-22 11:11:14 0 d-----w- c:\windows\system32\vmm32
2009-10-22 11:11:14 0 d-----w- c:\program files\Dell
2009-10-22 11:11:02 0 d-sh--w- c:\windows\Installer
2009-10-22 11:06:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

==================== Find3M ====================

2009-10-24 09:09:30 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-10-24 09:09:30 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-24 09:09:30 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-24 09:03:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-24 08:55:40 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-22 11:14:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-09-16 09:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:13:54.24 ===============

Sorry - here is the attach file.

Many thanks.

Attached Files

	ark.zip (894 Bytes)
	DDS.zip (5.4 KB)
	Attach.zip (1.2 KB)

Web opens new windows and redirects

amser666 — Tue, 10 Nov 2009 14:27:23 GMT

Hi,

A couple of days ago when browsing the web, some additional browser windows started opening up without me requesting them. Random sites, and a lot of broken URLs etc. Also when searching in Google, I would click on a link in the SERPS and I would be taken to somewhere else. Once it was to a AskJeeves!?!?

I am running Norton 360 and it has always been kept up to date. I have tried Spyware Doctor, Adaware, S&D, but none of them find anything other than a couple of tracking cookies.

Here is the log file (hope you can help?), many thanks :pray: ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:00, on 10/11/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Users\Gareth\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gareth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 11075 bytes

3 month old computer WITH A NICE NEW VIRUS

tinytink — Tue, 10 Nov 2009 01:38:35 GMT

Hi!
Description of what is wrong:
Ocassional blue screen of death "file corrupt" message followed by a restart, ill try to get a picture of it but it autorestarts in about 5 seconds. THis is the most annoying part of the virus.
Also:
Desktop becomes hidden by a black window, a fake task manager has been seen at one point, Certain applications suddenly stop working, folder locations seem different for instance sometimes when you double click my computer it opens my documents instead.

I can still scan with AVG anti virus and Malwarebyes and neither of those programs are any help.

DDT:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Jessica at 20:35:08.18 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18828
Microsoft� Windows Vista� Home Basic 6.0.6002.2.1252.1.1033.18.3062.1939 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jessica\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-6661766519-1619243805-433085554-7426\rundll32.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\qpqvpzdq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1&_trksid=m37
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60342&qkw=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-3 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-3 360584]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-2-6 73728]
R2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2009-2-10 10240]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-3 285392]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-2-6 27648]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-23 24652]
R3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\drivers\DLACPI.sys [2009-2-6 14392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-2-16 84832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-3 38224]

=============== Created Last 30 ================

2009-11-09 23:48:07 0 d-----w- c:\windows\pss
2009-11-08 20:28:17 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-08 20:28:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-08 19:55:40 0 d-----w- c:\programdata\96377638
2009-11-04 09:27:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-03 22:11:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 22:11:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 22:11:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 21:44:26 0 d--h--w- C:\$AVG
2009-11-03 21:44:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 21:44:21 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-03 21:44:15 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-03 21:44:13 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-03 21:44:05 0 d-----w- c:\programdata\AVG Security Toolbar
2009-11-03 21:43:54 0 d-----w- c:\programdata\avg9
2009-11-03 21:43:54 0 d-----w- c:\program files\AVG
2009-11-03 21:37:47 0 d-sh--w- c:\programdata\e797b15
2009-11-02 02:11:53 0 d-----w- c:\program files\Easy Video Joiner
2009-11-01 03:29:00 0 d-----w- c:\programdata\Macrovision
2009-11-01 03:28:53 0 d-----w- c:\program files\common files\Adobe Systems Shared
2009-10-31 00:36:35 376 ----a-w- c:\windows\ODBC.INI
2009-10-30 19:03:13 0 d-----w- C:\teamojcms
2009-10-30 18:45:32 0 d-----w- c:\program files\SmartFTP Client
2009-10-30 18:44:38 0 d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2009-10-23 19:16:38 0 d-----w- C:\EPSONREG
2009-10-23 18:49:26 0 d-----w- c:\programdata\ArcSoft
2009-10-23 18:48:12 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-10-23 18:48:08 258352 ----a-w- c:\windows\system32\unicows.dll
2009-10-23 18:48:07 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-10-23 18:48:03 126976 ----a-w- c:\windows\system32\PhotoImpression Slideshow.scr
2009-10-23 18:47:32 0 d-----w- c:\windows\system32\PhotoImpression Slideshow
2009-10-23 18:44:11 0 d-----w- c:\program files\EPSON Print CD
2009-10-23 18:43:42 0 d-----w- c:\programdata\EPSON
2009-10-23 18:41:36 0 d-----w- c:\program files\EPSON
2009-10-23 18:40:58 44 ----a-w- c:\windows\EPSPR280.ini
2009-10-17 22:01:29 0 d-----w- c:\programdata\NCH Software
2009-10-17 18:45:04 0 d-----w- c:\program files\Ask.com
2009-10-17 18:44:44 0 d-----w- c:\program files\Free RAR Extract Frog
2009-10-17 00:47:55 0 d-----w- c:\program files\MasterSplitter
2009-10-14 18:42:36 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 06:08:30 0 d-----w- c:\windows\system32\eu-ES
2009-10-14 06:08:30 0 d-----w- c:\windows\system32\ca-ES
2009-10-14 06:08:29 0 d-----w- c:\windows\system32\vi-VN
2009-10-14 05:46:43 0 d-----w- c:\windows\system32\EventProviders
2009-10-13 23:10:02 317651838 ----a-w- c:\windows\MEMORY.DMP
2009-10-11 17:21:49 0 d-----w- c:\users\jessica\appdata\roaming\W Photo Studio Viewer

==================== Find3M ====================

2009-10-23 18:42:33 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-23 18:42:33 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-23 18:42:32 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-14 06:08:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-14 05:54:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-01 14:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-14 09:29:50 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 18:06:04 87608 ----a-w- c:\users\jessica\appdata\roaming\inst.exe
2009-08-18 18:06:04 47360 ----a-w- c:\users\jessica\appdata\roaming\pcouffin.sys
2009-08-18 03:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-18 00:41:07 81920 ----a-w- c:\users\jessica\appdata\roaming\ezpinst.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-05 12:05:58 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-05 12:05:58 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-05 12:05:58 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-05 12:05:58 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-02-06 23:21:10 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:36:13.06 ===============

Here is Attach.txt from DDS

GMER is not done scanning, the computer seems to blue-screen and crash before the GMER application can finish.
Ill try to get it up asap

gmer here

not sure if i did it right, its very short

Attached Files

	Attach.txt (8.1 KB)
	gmer.txt (721 Bytes)

Windows is getting worse

cbell3186 — Mon, 09 Nov 2009 21:03:11 GMT

Thank you in advance for taking the time to review this and offer any help ....

a few of the problems windows has been having include

start menu stalling out
computer running really slow with every program
rtclick-->send to freezing up the system
cannot "save as" when downloading a file with mozilla
along with svchost.exe pop ups from McAfee

DDS (Ver_09-10-26.01) - NTFSx86
Run by cbellson at 12:05:45.25 on Mon 11/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.838 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\notes\ntmulti.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\TIREMOTE\wuser32.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecureAgent\uatc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\RightFax\Client\FaxCtrl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Documents and Settings\cbellson\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\cbellson\LOCALS~1\Temp\Rar$EX00.875\gmer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Documents and Settings\cbellson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.health-fitnesscenters.com/Lindenhurst/employee.html
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [UATC] "c:\program files\checkpoint\secureagent\uatc.exe" /debug
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [WinVNC] "c:\program files\realvnc\winvnc\WinVNC.exe" -servicehelper
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [RightFAX Print-to-Fax Driver] c:\program files\rightfax\client\FaxCtrl.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\cbellson\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\cbellson\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\cbellson\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\documents and settings\cbellson\start menu\programs\startup\Fireworks.exe
StartupFolder: c:\documents and settings\cbellson\start menu\programs\startup\Lindenhurst Health & Fitness Center.url
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\Snagit32.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: smsrsm.com\gldl0fpp1.rsodm20
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxp://208.254.39.208/viewer9/activeXViewer/activexviewer.cab
DPF: {42F3E909-9DC2-4D58-BCAE-1B4FCF27363B} - hxxp://www.bookingplus.com/ishield/Downloads/setup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cbellson\applic~1\mozilla\firefox\profiles\lr7zg93g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.worldofinspiration.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-14 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-14 108552]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AcronisAgent;Acronis Remote Agent;c:\program files\common files\acronis\agent\agent.exe [2006-7-21 319488]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-14 297752]
R2 TIRmtCtl;Track-It! Remote Control;c:\windows\tiremote\wuser32.exe [2007-7-25 311374]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\tiremote\TIRemoteService.exe [2007-7-25 613888]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-13 38496]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S2 gupdate1ca00f5c80401b6;Google Update Service (gupdate1ca00f5c80401b6);c:\program files\google\update\GoogleUpdate.exe [2009-7-9 133104]
S2 KeenfinderSrch Service;KeenfinderSrch Service;"c:\documents and settings\all users\application data\keenfindersrch\keenfinder145.exe" "c:\program files\keenfindersrch\keenfinder.dll" service --> c:\documents and settings\all users\application data\keenfindersrch\keenfinder145.exe [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-2 33752]

=============== Created Last 30 ================

2009-11-05 18:20:56 3247 ----a-w- c:\windows\system32\wbem\Outlook_01ca5e44b7c4f5f6.mof
2009-11-05 18:08:44 0 d-----w- c:\program files\common files\L&H
2009-11-05 18:08:18 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-05 18:06:07 0 d-----w- c:\windows\SHELLNEW
2009-11-02 20:33:18 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2009-10-21 21:03:38 0 d-----w- c:\windows\system32\IOSUBSYS
2009-10-21 21:03:25 0 d-----w- C:\Google
2009-10-20 16:56:55 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-20 16:56:15 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-20 16:56:15 0 d-----w- c:\docume~1\cbellson\applic~1\SUPERAntiSpyware.com
2009-10-20 15:46:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-10-14 22:01:59 0 d--h--w- C:\$AVG8.VAULT$
2009-10-14 21:45:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-14 21:45:15 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-14 21:45:14 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-14 21:45:02 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-14 21:44:17 0 d-----w- c:\program files\AVG
2009-10-14 21:44:08 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2009-10-14 20:27:34 0 d-----w- c:\docume~1\cbellson\applic~1\AVG8

==================== Find3M ====================

2009-10-29 15:15:24 249856 ------w- c:\windows\Setup1.exe
2009-10-29 15:15:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-18 21:30:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-08-23 21:00:38 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00:38 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-23 21:00:38 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-18 19:38:23 60744 ----a-w- c:\documents and settings\cbellson\g2mdlhlpx.exe

============= FINISH: 12:07:14.46 ===============

Attached Files

	Attach.zip (4.2 KB)
	ARK.zip (1,005 Bytes)