While Googling how to join multiple MySQL tables, AVG 8.5.426 with the latest detected a virus. I did not get the name, as it said it 'fixed' the issue. Now I'm having major issues.
I ran a full scan with AVG and it found nothing, I ran a Spybot S&D scan which found some browser tracking cookies and a Trojan called virtumonde . Dll. I chose to fix-selected.
I'm still having major issues. In FireFox, pages will start to 'hang' and I need to refresh, or go back a page then try again. I could not get the sign up page for techsupportforum.com to work.
Originally, Internet Explorer was opening up at random, it would never load a page due to the fact that IE has not worked on this computer from the beginning, so I couldn't tell you what page was trying to load.
After a few times with IE, it started opening a window the emulated FireFox, but iexplore.exe was in the Task Manager. This loaded two sites, one of which I cannot remember, but the other was stopZilla . com with full audio ad.
Now I'm on Chrome, and I can actually navigate the web, but it just popped up as I was typing this, a new Chrome window for netaxle.com.
Whatever it is, is also messing with my DNS, when I try to click a search result from google it redirects me to other sites, and of course I cannot remember the site, but I believe it started with a number of 114 . ad, another one that just happened as I was googling techsupportforum . com came up with hxxp://www . airsplat . com/
I tried to download and run MalwareBytes Remover, but it would not install properly. I was able to run DDS and will post the DDS.txt below and attach the zip of Attach.txt. I was not able to run GMER Root Scanner, it would hang up while loading and become unresponsive.
If I open the Task Manager, the CPU spikes to 100%, which is consumed by taskmgr . exe. When the Task Manager is not open, the computer runs smoothly, minus the pop ups. Also while in the Task Manager, which ever process is highlighted (clicked on) flashes.
I apologize for the long post, but it said to be as specific as possible. I'm really hoping that someone can help me out, it would be greatly appreciated!
Thank you in advance!
DDS (Ver_09-12-01.01) - NTFSx86
Run by Kelly at 23:45:16.87 on Tue 12/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1155 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LanExpress\WlanASIL\Utility\WlanASIL.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Files\apache\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\apache\APACHE.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\apache\APACHE.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Kelly\Application Data\mjusbsp\magicJack.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kelly\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Shell=Explorer.exe logon.exe
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cdloader] "c:\documents and settings\kelly\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRunOnce: [SpybotDeletingB225] command.com /c del "c:\windows\system32\moyibaru.dll_old"
uRunOnce: [SpybotDeletingD8108] cmd.exe /c del "c:\windows\system32\moyibaru.dll_old"
uRunOnce: [SpybotDeletingB6488] command.com /c del "c:\windows\system32\gibetate.dll_old"
uRunOnce: [SpybotDeletingD2400] cmd.exe /c del "c:\windows\system32\gibetate.dll_old"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [WlanUtil_ASIL] "c:\program files\lanexpress\wlanasil\utility\WlanASIL.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [gojopopoh] Rundll32.exe "c:\windows\system32\fojuhoso.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA8857] command.com /c del "c:\windows\system32\moyibaru.dll_old"
mRunOnce: [SpybotDeletingC6428] cmd.exe /c del "c:\windows\system32\moyibaru.dll_old"
mRunOnce: [SpybotDeletingA1538] command.com /c del "c:\windows\system32\gibetate.dll_old"
mRunOnce: [SpybotDeletingC1684] cmd.exe /c del "c:\windows\system32\gibetate.dll_old"
dRun: [userinit] c:\windows\system32\twex.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AIM Toolbar Search
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel
IE: Google AdSense Preview Tool
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://www.twcable.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: hgGabYPf - hgGabYPf.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll csspdi.dll evfqwz.dll kwegpi.dll gibetate.dll c:\windows\system32\fojuhoso.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: honipuyas - {06c3d4b2-d63d-4b33-8295-47517d676ced} - c:\windows\system32\fojuhoso.dll
STS: jugezatag: {06c3d4b2-d63d-4b33-8295-47517d676ced} - c:\windows\system32\fojuhoso.dll
LSA: Notification Packages = scecli moyibaru.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kelly\applic~1\mozilla\firefox\profiles\rtf3iao1.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\kelly\application data\mozilla\firefox\profiles\rtf3iao1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\kelly\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
============= SERVICES / DRIVERS ===============
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-19 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-19 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-19 297752]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [2008-8-4 20480]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3e4.tmp --> c:\windows\system32\3E4.tmp [?]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-20 138680]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswSP;aswSP; [x]
S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.sys [2008-12-4 437760]
=============== Created Last 30 ================
2009-12-02 04:00:34 0 d-----w- c:\program files\Sophos
2009-12-02 03:52:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-23 21:56:11 0 d-----w- c:\docume~1\kelly\applic~1\mjusbsp
2009-11-23 21:54:36 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-23 21:54:36 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-12 22:15:04 3248 ----a-w- c:\windows\system32\wbem\Outlook_01ca63e595881bf0.mof
2009-11-06 00:59:11 0 d-----w- c:\program files\Uplink
2009-11-06 00:59:02 0 d-----w- c:\documents and settings\kelly\WINDOWS
2009-11-06 00:56:03 0 d-----w- c:\program files\ExtractNow
2009-11-05 20:51:04 0 d-----w- c:\program files\VideoLAN
2009-11-05 16:18:25 0 d-----w- c:\docume~1\kelly\applic~1\AVG8
2009-11-02 23:55:49 0 d-----w- c:\program files\CaTrain
==================== Find3M ====================
2009-10-21 04:08:54 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-19 12:41:35 6624 ----a-w- c:\docume~1\kelly\applic~1\wklnhst.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-04-20 23:08:03 2 --shatr- c:\windows\winstart.bat
2009-09-02 00:54:08 93696 --sha-w- c:\windows\system32\fojuhoso.dll
2009-09-02 00:54:08 39424 --sha-w- c:\windows\system32\wulowemo.dll
2009-04-12 12:59:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041220090413\index.dat
============= FINISH: 23:45:54.69 ===============
I ran a full scan with AVG and it found nothing, I ran a Spybot S&D scan which found some browser tracking cookies and a Trojan called virtumonde . Dll. I chose to fix-selected.
I'm still having major issues. In FireFox, pages will start to 'hang' and I need to refresh, or go back a page then try again. I could not get the sign up page for techsupportforum.com to work.
Originally, Internet Explorer was opening up at random, it would never load a page due to the fact that IE has not worked on this computer from the beginning, so I couldn't tell you what page was trying to load.
After a few times with IE, it started opening a window the emulated FireFox, but iexplore.exe was in the Task Manager. This loaded two sites, one of which I cannot remember, but the other was stopZilla . com with full audio ad.
Now I'm on Chrome, and I can actually navigate the web, but it just popped up as I was typing this, a new Chrome window for netaxle.com.
Whatever it is, is also messing with my DNS, when I try to click a search result from google it redirects me to other sites, and of course I cannot remember the site, but I believe it started with a number of 114 . ad, another one that just happened as I was googling techsupportforum . com came up with hxxp://www . airsplat . com/
I tried to download and run MalwareBytes Remover, but it would not install properly. I was able to run DDS and will post the DDS.txt below and attach the zip of Attach.txt. I was not able to run GMER Root Scanner, it would hang up while loading and become unresponsive.
If I open the Task Manager, the CPU spikes to 100%, which is consumed by taskmgr . exe. When the Task Manager is not open, the computer runs smoothly, minus the pop ups. Also while in the Task Manager, which ever process is highlighted (clicked on) flashes.
I apologize for the long post, but it said to be as specific as possible. I'm really hoping that someone can help me out, it would be greatly appreciated!
Thank you in advance!
DDS (Ver_09-12-01.01) - NTFSx86
Run by Kelly at 23:45:16.87 on Tue 12/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1155 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LanExpress\WlanASIL\Utility\WlanASIL.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Files\apache\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\apache\APACHE.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\apache\APACHE.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Kelly\Application Data\mjusbsp\magicJack.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kelly\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080419
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Shell=Explorer.exe logon.exe
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cdloader] "c:\documents and settings\kelly\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRunOnce: [SpybotDeletingB225] command.com /c del "c:\windows\system32\moyibaru.dll_old"
uRunOnce: [SpybotDeletingD8108] cmd.exe /c del "c:\windows\system32\moyibaru.dll_old"
uRunOnce: [SpybotDeletingB6488] command.com /c del "c:\windows\system32\gibetate.dll_old"
uRunOnce: [SpybotDeletingD2400] cmd.exe /c del "c:\windows\system32\gibetate.dll_old"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [WlanUtil_ASIL] "c:\program files\lanexpress\wlanasil\utility\WlanASIL.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [gojopopoh] Rundll32.exe "c:\windows\system32\fojuhoso.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA8857] command.com /c del "c:\windows\system32\moyibaru.dll_old"
mRunOnce: [SpybotDeletingC6428] cmd.exe /c del "c:\windows\system32\moyibaru.dll_old"
mRunOnce: [SpybotDeletingA1538] command.com /c del "c:\windows\system32\gibetate.dll_old"
mRunOnce: [SpybotDeletingC1684] cmd.exe /c del "c:\windows\system32\gibetate.dll_old"
dRun: [userinit] c:\windows\system32\twex.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AIM Toolbar Search
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel
IE: Google AdSense Preview Tool
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://www.twcable.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: hgGabYPf - hgGabYPf.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll csspdi.dll evfqwz.dll kwegpi.dll gibetate.dll c:\windows\system32\fojuhoso.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: honipuyas - {06c3d4b2-d63d-4b33-8295-47517d676ced} - c:\windows\system32\fojuhoso.dll
STS: jugezatag: {06c3d4b2-d63d-4b33-8295-47517d676ced} - c:\windows\system32\fojuhoso.dll
LSA: Notification Packages = scecli moyibaru.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kelly\applic~1\mozilla\firefox\profiles\rtf3iao1.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\kelly\application data\mozilla\firefox\profiles\rtf3iao1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\kelly\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
============= SERVICES / DRIVERS ===============
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-19 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-19 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-19 297752]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [2008-8-4 20480]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3e4.tmp --> c:\windows\system32\3E4.tmp [?]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-20 138680]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswSP;aswSP; [x]
S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.sys [2008-12-4 437760]
=============== Created Last 30 ================
2009-12-02 04:00:34 0 d-----w- c:\program files\Sophos
2009-12-02 03:52:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-23 21:56:11 0 d-----w- c:\docume~1\kelly\applic~1\mjusbsp
2009-11-23 21:54:36 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-23 21:54:36 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-12 22:15:04 3248 ----a-w- c:\windows\system32\wbem\Outlook_01ca63e595881bf0.mof
2009-11-06 00:59:11 0 d-----w- c:\program files\Uplink
2009-11-06 00:59:02 0 d-----w- c:\documents and settings\kelly\WINDOWS
2009-11-06 00:56:03 0 d-----w- c:\program files\ExtractNow
2009-11-05 20:51:04 0 d-----w- c:\program files\VideoLAN
2009-11-05 16:18:25 0 d-----w- c:\docume~1\kelly\applic~1\AVG8
2009-11-02 23:55:49 0 d-----w- c:\program files\CaTrain
==================== Find3M ====================
2009-10-21 04:08:54 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-19 12:41:35 6624 ----a-w- c:\docume~1\kelly\applic~1\wklnhst.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-04-20 23:08:03 2 --shatr- c:\windows\winstart.bat
2009-09-02 00:54:08 93696 --sha-w- c:\windows\system32\fojuhoso.dll
2009-09-02 00:54:08 39424 --sha-w- c:\windows\system32\wulowemo.dll
2009-04-12 12:59:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041220090413\index.dat
============= FINISH: 23:45:54.69 ===============
