Eculus

For about 3 months now, I have been getting redirected from google. I type in a term or word or whatever, and the links that I click on take me to sites with advertisements, or sites that can't display the page at all. It is very frustrating. I got AVG installed about 4 weeks ago, and it IMMEDIATELY caught 3-6 trojans, and a virus called polycrypt. When that happened, the google problem stopped. But about a week ago, the problem popped up AGAIN. AVG hasn't been removing anything up until today. The resident shield caught something in the directory C:\WINDOWS\System32\svchost.exe and the virus was called Heur. I have tried Malwarebytes, but every time, it freezes on a file "SOFTWARE.SAV" in the directory C:\WINDOWS\System32\SOFTWARE.SAV I don't know is this is a regular file or not but it's very frustrating. I have also tried Ad-Aware, but ift freezes on the same file. I have looked up different solutions for google redirect problem. I found out that there is a thing called a DNSChanger Trojan. I followed the steps for that, and I think I might have one. If I DO happen to have that, then it would explain my Windows Update problem I have been having for 5 months. I have been getting alot of BSOD's lately, and 2 days ago, I had to restart my computer 7 TIMES because of it. I need help bad. Thank you. The logs are atteched to this thread.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 23:15:02.06 on Tue 06/30/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1982.931 [GMT -8:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [sysav] c:\users\owner\appdata\roaming\pcdefender.exe
uRun: [AdobeBridge]
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [userinit] c:\users\owner\appdata\roaming\sdra64.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www2.rasterwerks.com/game/phosphor/beta1.asp"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray.exe] c:\program files\adobe\adobe photoshop cs4\Patch.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.134,85.255.112.10
TCP: {21C8A1C2-1CCD-4B3A-AE03-C6036673E3E0} = 85.255.112.134,85.255.112.10
TCP: {AD596EFD-DA10-44D9-B21C-6CCF78DF5C86} = 85.255.112.134,85.255.112.10
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\bth5xaws.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\bth5xaws.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\bth5xaws.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-8 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-12 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-12 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-28 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-12 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-3-23 185640]
S2 gupdate1c9aeae306093e0;Google Update Service (gupdate1c9aeae306093e0);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-2-13 28672]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2009-1-11 3768]

=============== Created Last 30 ================

2009-06-30 15:30 <DIR> --d----- c:\users\owner\.housecall6.6
2009-06-30 12:46 <DIR> --dsh--- c:\users\owner\appdata\roaming\lowsec
2009-06-30 12:06 <DIR> --dsh--- c:\windows\system32\lowsec
2009-06-29 20:49 <DIR> --d----- c:\program files\Conduit
2009-06-29 20:49 <DIR> --d----- c:\program files\Demonoid
2009-06-29 10:49 <DIR> --d----- c:\users\owner\appdata\roaming\Regensoft
2009-06-29 10:47 <DIR> --d----- c:\users\owner\PSP Emulator
2009-06-29 02:31 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-29 02:31 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-28 21:48 <DIR> --d----- c:\users\owner\appdata\roaming\Red Kawa
2009-06-28 20:55 <DIR> --d----- c:\users\owner\ZNES
2009-06-28 17:51 <DIR> --d----- c:\users\owner\appdata\roaming\Malwarebytes
2009-06-28 12:51 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-28 12:50 <DIR> --d----- c:\program files\Red Kawa
2009-06-28 12:49 9,130,463 a------- c:\users\owner\videora-ipodtouch-408-setup.exe
2009-06-28 00:22 <DIR> --d----- c:\users\owner\appdata\roaming\AVG8
2009-06-27 21:52 81,920 a------- c:\users\owner\appdata\roaming\ezpinst.exe
2009-06-27 21:52 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-27 21:52 47,360 a------- c:\users\owner\appdata\roaming\pcouffin.sys
2009-06-27 03:09 <DIR> --d----- C:\Temp
2009-06-27 02:50 <DIR> --d----- c:\users\owner\appdata\roaming\Xilisoft Corporation
2009-06-26 18:51 181,280 a------- c:\users\owner\msvcr71.zip
2009-06-26 18:50 <DIR> --d----- c:\users\owner\New Folder (2)
2009-06-26 18:50 6,143,972 a------- c:\users\owner\Dolphin_1546.zip
2009-06-25 21:32 <DIR> --d----- c:\program files\Audacity
2009-06-25 21:31 <DIR> --d----- c:\users\owner\Audacity
2009-06-24 20:44 140,616 a------- c:\users\owner\ThiefGoldSetup-dm.exe
2009-06-23 18:20 <DIR> --d----- c:\users\owner\Tracing
2009-06-23 03:01 <DIR> --d----- C:\Fraps
2009-06-23 02:59 <DIR> --d----- c:\users\owner\FRAPS v2.9.6 Full [Unlocked[sSniper]
2009-06-23 02:47 <DIR> a-d----- c:\programdata\TEMP
2009-06-22 23:08 <DIR> --d----- c:\program files\Thief2
2009-06-22 00:40 <DIR> --d----- c:\users\owner\New Folder
2009-06-22 00:36 <DIR> --d----- c:\users\owner\Peach
2009-06-22 00:34 <DIR> --d----- c:\users\owner\Butter
2009-06-21 22:23 <DIR> --d----- c:\users\owner\Grand Theft Anal 9
2009-06-21 19:37 898,293,056 a------- c:\users\owner\Thief - The Dark Project - Gold Edition Full.zip
2009-06-20 22:27 409,600 a------- c:\windows\system32\wrap_oal.dll
2009-06-20 22:27 114,688 a------- c:\windows\system32\OpenAL32.dll
2009-06-20 22:27 <DIR> --d----- c:\program files\OpenAL
2009-06-20 19:14 <DIR> --d----- c:\program files\common files\Logitech
2009-06-19 22:22 <DIR> --d----- c:\users\owner\Roms
2009-06-16 14:35 <DIR> --d----- c:\program files\common files\Macromedia
2009-06-16 14:34 <DIR> --d----- c:\programdata\Macromedia
2009-06-16 14:34 <DIR> --d----- c:\program files\Macromedia
2009-06-15 21:51 <DIR> --d----- c:\users\owner\appdata\roaming\DNA
2009-06-15 21:51 <DIR> --d----- c:\program files\DNA
2009-06-15 21:51 <DIR> --d----- c:\program files\BitTorrent
2009-06-13 18:58 <DIR> --d----- c:\program files\Trend Micro
2009-06-12 23:55 <DIR> --d----- c:\program files\iPod
2009-06-12 23:54 <DIR> --d----- c:\program files\iTunes
2009-06-12 22:45 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-12 22:45 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-12 22:38 <DIR> --d----- c:\programdata\f-secure
2009-06-12 22:38 <DIR> --d----- c:\progra~2\f-secure
2009-06-12 21:23 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-12 21:18 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-12 21:18 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-12 21:18 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-12 21:18 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-12 21:18 <DIR> --d----- c:\program files\AVG
2009-06-12 20:21 <DIR> --d----- c:\users\owner\appdata\roaming\uTorrent
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys

==================== Find3M ====================

2009-06-30 23:11 41,662 a------- c:\programdata\nvModes.dat
2009-06-30 23:11 41,662 a------- c:\progra~2\nvModes.dat
2009-06-27 21:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-27 21:52 51,200 a------- c:\windows\inf\infpub.dat
2009-06-27 21:52 86,016 a------- c:\windows\inf\infstor.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-16 00:18 56 a---h--- c:\programdata\ezsidmv.dat
2009-02-16 00:18 56 a---h--- c:\progra~2\ezsidmv.dat
2009-01-16 17:26 13,025 a------- c:\users\owner\appdata\roaming\nvModes.dat
2009-01-12 16:33 174 a--sh--- c:\program files\desktop.ini
2009-01-12 16:23 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-18 23:38 927,744 a----r-- c:\users\owner\appdata\roaming\sdra64.exe
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2005-05-17 13:01 1,649,152 a------- c:\users\owner\N v1.4.exe
2009-03-25 02:11 88 ---shr-- c:\windows\system32\5469390644.sys
2009-03-25 02:15 952 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 23:16:51.91 ===============

Attached Files

New WinRAR ZIP archive.zip (5.9 KB, 1 views)

mas_pogi

hi.

Welcome to TSF once again.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe

-------------------------------------------------------------------------
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

-----------------------------------------------------------------------
I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

----------------------------------------------------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


* You must rename it before saving it. Rename it from Combofix.exe to Combo-fix.exe . Save it to your desktop.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

AVG 8.5
Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.

• Click on Open AVG Interface.
• Double click on Resident Shield
• Deselect the option to "Enable Resident Shield."
• Save changes, and exit the application.
• To re-enable AVG 8.5 later, please select "Enable Resident Shield" again.

Please include the C:\ComboFix.txt in your next reply for further review


Mark

mas_pogi

hi.

Do you still need help?

If I don't receive a reply from you within 3 days of this post, this topic will be closed.

Mark

amateur

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html