rogerwilco3d Posted October 27, 2009 ID:149668 Share Posted October 27, 2009 Hi there,First off, I would like to say this is the only forum on the internet that's been helping me with my Vundo problem so far. I have been reading other people's posts and following their instructions, which has helped me get Malwarebytes working again. However, this infection is pernicious and keeps coming back with popups. When I run MalwareBytes it detects one infection, and I restart but then AVG detects an infection in the "agp440.sys" file, and this is cycle keeps getting repeated.I have installed Kerio Personal Firewall and it keeps detecting odd outgoing connections from my winlogon.exe file also. I'm about to install Spyware Blaster. I could really use some expert advice. Thank you!Here is my HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:09:21 PM, on 10/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Dell AIO 810\dlcgmon.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Palm\HOTSYNC.EXEC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Kerio\Personal Firewall\persfw.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\WTablet\Wacom_TabletUser.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\system32\dlcgcoms.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Opera\opera.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dllO2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\decoy.exe" /runcleanupscriptO4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"O4 - HKLM\..\Run: [sowadinal] Rundll32.exe "c:\windows\system32\yuhisona.dll",aO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXEO4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dllO9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://bpmail.metbp.com/iNotes6W.cabO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4279018C-C574-4CE5-B416-3BE4C58D2BDA}: NameServer = 24.29.103.10,24.29.103.11O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO20 - AppInit_DLLs: c:\windows\system32\yuhisona.dll,matehabu.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO21 - SSODL: velurizuy - {f589dd17-d6f6-4f95-a236-2980de924ecd} - c:\windows\system32\yuhisona.dllO22 - SharedTaskScheduler: mujuzedij - {f589dd17-d6f6-4f95-a236-2980de924ecd} - c:\windows\system32\yuhisona.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exeO23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exeO23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 14528 bytes Link to post Share on other sites More sharing options...
rogerwilco3d Posted October 27, 2009 Author ID:149697 Share Posted October 27, 2009 And here is more information:I do my primary surfing on the Opera browser. Right now I have Malwarebytes, AVG, Kerio Personal Firewall, Spybot S&D, Spyware Blaster, CCleaner and HijackThis installed. (Spyware blaster doesn't appear to protect Opera, should I remove Opera?)I just ran Malwarebytes again and it detected 11 infected items and I just restarted. AVG again detected an infection in agp440.sys that it couldn't remove. When I restarted there was an error msg involving yuhisona.dll. I am running a quickscan on Malwarebytes again, and here it this log msg before I restarted:Malwarebytes' Anti-Malware 1.41Database version: 3042Windows 5.1.2600 Service Pack 310/27/2009 12:38:09 PMmbam-log-2009-10-27 (12-38-04).txtScan type: Quick ScanObjects scanned: 110042Time elapsed: 5 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\matehabu.dll (Trojan.Vundo) -> No action taken.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\matehabu.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\zorirako.dll (Trojan.Vundo) -> No action taken.----------------------------------------------------------------And here is the updated Hijack this log before restart:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:38:50 PM, on 10/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Dell AIO 810\dlcgmon.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Palm\HOTSYNC.EXEC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Kerio\Personal Firewall\persfw.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\WINDOWS\system32\dlcgcoms.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Opera\opera.exeC:\Program Files\Malwarebytes' Anti-Malware\decoy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dllO2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\decoy.exe" /runcleanupscriptO4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXEO4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dllO9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://bpmail.metbp.com/iNotes6W.cabO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4279018C-C574-4CE5-B416-3BE4C58D2BDA}: NameServer = 24.29.103.10,24.29.103.11O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO20 - AppInit_DLLs: matehabu.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exeO23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exeO23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 14206 bytes Link to post Share on other sites More sharing options...
Blade81 Posted October 31, 2009 ID:151838 Share Posted October 31, 2009 Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop. Post them back to your topic. Link to post Share on other sites More sharing options...
rogerwilco3d Posted October 31, 2009 Author ID:151887 Share Posted October 31, 2009 Hi I ran an updated Malware Bytes and AVG a few days ago, several times and it kept finding files. There was one agp440.sys file that was whitelisted on AVG, that I finally used FileAssassin to delete, and then MalwareBytes and AVG stopped picking up the problems.Do I still need to download and run DDS? MalwareBytes and AVG haven't detected the worm for a few days. (What is DDS by the way?)Thanks so much for answering my thread!-RHi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop. Post them back to your topic. Link to post Share on other sites More sharing options...
Blade81 Posted October 31, 2009 ID:151890 Share Posted October 31, 2009 Hi,I'd still run DDS to see if there's still something that needs to be removed. DDS is a bit similar to Hijackthis but it gives more detailed results. Link to post Share on other sites More sharing options...
rogerwilco3d Posted October 31, 2009 Author ID:151939 Share Posted October 31, 2009 Thanks! Better safe than sorry. Here's my DDS log below. Hope I'm okay. AVG just detected a trojan in my system volume information. It wasn't the Vundo, though. Dunno if it removed it. Let me know if you want me to send the other attached log.DDS (Ver_09-10-26.01) - NTFSx86 Run by roger at 12:36:52.76 on Sat 10/31/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2728 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Dell AIO 810\dlcgmon.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Palm\HOTSYNC.EXEsvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\WTablet\Wacom_TabletUser.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\system32\dlcgcoms.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Opera\opera.exeC:\WINDOWS\system32\rundll32.exeD:\INSTALLATION\VirusSpyware\2009\dds.scr============== Pseudo HJT Report ===============uStart Page = about:blankuInternet Settings,ProxyOverride = *.localuURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dlluURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllmURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dllBHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dllBHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dllBHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dllTB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"mRun: [<NO NAME>] mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXEmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1mRun: [blackmagic CheckVersion PCI] c:\program files\blackmagic design\blackmagic decklink\CheckVersionPCI.exemRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exemRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartmRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"StartupFolder: c:\docume~1\roger\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXEStartupFolder: c:\docume~1\alluse~1\applic~1\micros~1\shortc~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeIE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.htmlIE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dllIE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://bpmail.metbp.com/iNotes6W.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cabDPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader2.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: {4279018C-C574-4CE5-B416-3BE4C58D2BDA} = 24.29.103.10,24.29.103.11Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllNotify: avgrsstarter - avgrsstx.dllAppInit_DLLs: matehabu.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllLSA: Notification Packages = scecli cnelinv.dll kerelizo.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\roger\applic~1\mozilla\firefox\profiles\309n0vfj.default\FF - prefs.js: browser.startup.homepage - about:blankFF - component: c:\program files\avg\avg8\firefox\components\avgssff.dllFF - plugin: c:\documents and settings\roger\application data\move networks\plugins\npqmp071500000347.dllFF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dllFF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dllFF - plugin: c:\program files\opera\program\plugins\npdivx32.dllFF - plugin: c:\program files\opera\program\plugins\npmusicn.dllFF - plugin: c:\program files\opera\program\plugins\nppl3260.dllFF - plugin: c:\program files\opera\program\plugins\nprpjplug.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}============= SERVICES / DRIVERS ===============R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-27 333192]R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-27 360584]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-27 285392]R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-9-6 2789672]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-13 24652]R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-8-28 15656]S1 BMDPDisk;BMDPDisk;c:\windows\system32\drivers\bmdpdisk.sys [2008-9-23 17408]S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]S2 BMDPBox;BMDPBox;c:\windows\system32\drivers\bmdpbox.sys [2008-9-23 143872]S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]=============== Created Last 30 ================2009-10-28 00:28:37 0 d-----w- c:\program files\FileASSASSIN2009-10-27 20:19:47 0 d--h--w- C:\$AVG2009-10-27 20:19:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll2009-10-27 20:19:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-10-27 20:19:28 0 d-----w- c:\windows\system32\drivers\Avg2009-10-27 20:19:25 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar2009-10-27 20:19:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys2009-10-27 20:19:05 0 d-----w- c:\docume~1\alluse~1\applic~1\avg92009-10-27 19:45:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-10-27 19:45:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-10-27 17:14:11 0 d-----w- C:\DATA_2009-10-272009-10-27 16:16:29 0 d-----w- c:\program files\SpywareBlaster2009-10-27 05:25:34 0 d-----w- c:\program files\Kerio2009-10-27 04:08:30 0 d-----w- c:\program files\Trend Micro2009-10-27 04:07:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2009-10-20 00:41:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2009-10-20 00:41:15 0 d-----w- c:\program files\SUPERAntiSpyware2009-10-19 13:20:22 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI2009-10-04 00:41:35 0 d-----w- c:\program files\uTorrent2009-10-04 00:41:10 0 d-----w- c:\docume~1\roger\applic~1\uTorrent==================== Find3M ====================2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe2008-08-30 03:13:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat============= FINISH: 12:37:25.54 =============== Link to post Share on other sites More sharing options...
rogerwilco3d Posted October 31, 2009 Author ID:151941 Share Posted October 31, 2009 Here's my Attach.txt log, too:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-10-26.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 10/28/2007 5:39:46 PMSystem Uptime: 10/31/2009 11:02:15 AM (1 hours ago)Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS4Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 699 GiB total, 131.864 GiB free.D: is FIXED (NTFS) - 699 GiB total, 216.36 GiB free.E: is CDROM ()F: is CDROM ()==== Disabled Device Manager Items ================= System Restore Points ===================RP529: 8/2/2009 12:57:04 PM - System CheckpointRP530: 8/3/2009 10:19:15 PM - System CheckpointRP531: 8/5/2009 11:04:29 PM - System CheckpointRP532: 8/7/2009 11:00:09 PM - System CheckpointRP533: 8/7/2009 11:37:51 PM - Software Distribution Service 3.0RP534: 8/14/2009 8:55:14 PM - System CheckpointRP535: 8/14/2009 11:31:03 PM - Software Distribution Service 3.0RP536: 8/22/2009 12:49:16 AM - System CheckpointRP537: 8/22/2009 1:58:19 PM - Avg8 UpdateRP538: 8/22/2009 1:59:07 PM - Avg8 UpdateRP539: 8/24/2009 9:52:07 PM - System CheckpointRP540: 8/26/2009 1:16:32 AM - System CheckpointRP541: 8/26/2009 8:51:46 AM - Software Distribution Service 3.0RP542: 8/28/2009 9:19:02 PM - System CheckpointRP543: 8/29/2009 11:48:39 PM - System CheckpointRP544: 8/31/2009 9:17:33 PM - System CheckpointRP545: 9/1/2009 8:50:23 AM - Software Distribution Service 3.0RP546: 9/3/2009 12:58:12 AM - System CheckpointRP547: 9/4/2009 1:26:08 AM - System CheckpointRP548: 9/5/2009 10:57:44 AM - System CheckpointRP549: 9/6/2009 12:03:27 PM - System CheckpointRP550: 9/7/2009 11:39:06 PM - System CheckpointRP551: 9/9/2009 8:59:44 PM - System CheckpointRP552: 9/9/2009 11:41:28 PM - Software Distribution Service 3.0RP553: 9/11/2009 1:28:27 AM - System CheckpointRP554: 9/13/2009 11:40:07 AM - System CheckpointRP555: 9/14/2009 9:25:41 PM - System CheckpointRP556: 9/18/2009 1:12:19 AM - System CheckpointRP557: 9/19/2009 11:49:31 AM - System CheckpointRP558: 9/20/2009 9:27:53 PM - System CheckpointRP559: 9/21/2009 10:47:23 PM - System CheckpointRP560: 9/26/2009 10:14:15 AM - System CheckpointRP561: 9/27/2009 8:49:30 PM - System CheckpointRP562: 9/29/2009 12:09:35 AM - System CheckpointRP563: 10/2/2009 11:07:50 PM - System CheckpointRP564: 10/4/2009 1:31:45 PM - System CheckpointRP565: 10/6/2009 8:39:10 AM - Avg8 UpdateRP566: 10/6/2009 8:40:04 AM - Avg8 UpdateRP567: 10/7/2009 11:11:34 PM - Avg8 UpdateRP568: 10/11/2009 12:51:28 AM - Installed Java 6 Update 15RP569: 10/12/2009 10:41:55 PM - Software Distribution Service 3.0RP570: 10/15/2009 8:56:34 AM - Software Distribution Service 3.0RP571: 10/16/2009 9:09:17 AM - System CheckpointRP572: 10/17/2009 6:44:11 PM - Avg8 UpdateRP573: 10/18/2009 7:13:49 PM - System CheckpointRP574: 10/19/2009 8:41:14 PM - Installed SUPERAntiSpyware Free EditionRP575: 10/20/2009 9:00:54 PM - Avg8 UpdateRP576: 10/25/2009 4:26:17 PM - System CheckpointRP577: 10/26/2009 5:55:03 PM - System CheckpointRP578: 10/27/2009 1:01:31 AM - Removed SUPERAntiSpyware Free EditionRP579: 10/27/2009 1:25:34 AM - Installed Kerio Personal FirewallRP580: 10/27/2009 2:30:50 PM - Removed Kerio Personal FirewallRP581: 10/27/2009 2:34:30 PM - Installed Kerio Personal FirewallRP582: 10/27/2009 3:54:21 PM - Removed AVG Free 8.5RP583: 10/27/2009 3:55:21 PM - Installed AVG Free 8.5RP584: 10/27/2009 4:00:42 PM - Removed Kerio Personal FirewallRP585: 10/27/2009 4:19:05 PM - Installed AVG Free 9.0RP586: 10/30/2009 10:56:37 PM - System Checkpoint==== Installed Programs ======================@BIOS Link to post Share on other sites More sharing options...
rogerwilco3d Posted October 31, 2009 Author ID:151945 Share Posted October 31, 2009 Now AVG continues to detect a trojan horse injector.GJ in the system volume information, also. Is it bad? Link to post Share on other sites More sharing options...
Blade81 Posted November 1, 2009 ID:152145 Share Posted November 1, 2009 Hi,It looks like there's word wrap enabled in your text editor. Please disable it and get new logs after that to make them appear in more readable format. Link to post Share on other sites More sharing options...
rogerwilco3d Posted November 2, 2009 Author ID:152394 Share Posted November 2, 2009 Sorry about that. Here they are again, with word wrap off:DDS (Ver_09-10-26.01) - NTFSx86 Run by roger at 20:49:11.17 on Sun 11/01/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2676 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Dell AIO 810\dlcgmon.exeC:\Program Files\HP\Dfawep\bin\hpbdfawep.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Palm\HOTSYNC.EXEsvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\WTablet\Wacom_TabletUser.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\system32\dlcgcoms.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Opera\opera.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeD:\INSTALLATION\VirusSpyware\2009\dds.scr============== Pseudo HJT Report ===============uStart Page = about:blankuInternet Settings,ProxyOverride = *.localuURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dlluURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllmURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dllBHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dllBHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dllBHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dllTB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"mRun: [<NO NAME>] mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXEmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1mRun: [blackmagic CheckVersion PCI] c:\program files\blackmagic design\blackmagic decklink\CheckVersionPCI.exemRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exemRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartmRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exemRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"StartupFolder: c:\docume~1\roger\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXEStartupFolder: c:\docume~1\alluse~1\applic~1\micros~1\shortc~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeIE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.htmlIE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dllIE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://bpmail.metbp.com/iNotes6W.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cabDPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader2.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: {4279018C-C574-4CE5-B416-3BE4C58D2BDA} = 24.29.103.10,24.29.103.11Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllNotify: avgrsstarter - avgrsstx.dllAppInit_DLLs: matehabu.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllLSA: Notification Packages = scecli cnelinv.dll kerelizo.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\roger\applic~1\mozilla\firefox\profiles\309n0vfj.default\FF - prefs.js: browser.startup.homepage - about:blankFF - component: c:\program files\avg\avg8\firefox\components\avgssff.dllFF - plugin: c:\documents and settings\roger\application data\move networks\plugins\npqmp071500000347.dllFF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dllFF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dllFF - plugin: c:\program files\opera\program\plugins\npdivx32.dllFF - plugin: c:\program files\opera\program\plugins\npmusicn.dllFF - plugin: c:\program files\opera\program\plugins\nppl3260.dllFF - plugin: c:\program files\opera\program\plugins\nprpjplug.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}============= SERVICES / DRIVERS ===============R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-27 333192]R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-27 360584]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-27 285392]R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-9-6 2789672]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-13 24652]R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-8-28 15656]S1 BMDPDisk;BMDPDisk;c:\windows\system32\drivers\bmdpdisk.sys [2008-9-22 17408]S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]S2 BMDPBox;BMDPBox;c:\windows\system32\drivers\bmdpbox.sys [2008-9-22 143872]S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]=============== Created Last 30 ================2009-10-28 00:28:37 0 d-----w- c:\program files\FileASSASSIN2009-10-27 20:19:47 0 d--h--w- C:\$AVG2009-10-27 20:19:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll2009-10-27 20:19:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-10-27 20:19:28 0 d-----w- c:\windows\system32\drivers\Avg2009-10-27 20:19:25 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar2009-10-27 20:19:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys2009-10-27 20:19:05 0 d-----w- c:\docume~1\alluse~1\applic~1\avg92009-10-27 19:45:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-10-27 19:45:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-10-27 17:14:11 0 d-----w- C:\DATA_2009-10-272009-10-27 16:16:29 0 d-----w- c:\program files\SpywareBlaster2009-10-27 05:25:34 0 d-----w- c:\program files\Kerio2009-10-27 04:08:30 0 d-----w- c:\program files\Trend Micro2009-10-27 04:07:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2009-10-20 00:41:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2009-10-20 00:41:15 0 d-----w- c:\program files\SUPERAntiSpyware2009-10-19 13:20:22 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI2009-10-04 00:41:35 0 d-----w- c:\program files\uTorrent2009-10-04 00:41:10 0 d-----w- c:\docume~1\roger\applic~1\uTorrent==================== Find3M ====================2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe2008-08-30 03:13:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat============= FINISH: 20:49:50.48 =============== Link to post Share on other sites More sharing options...
rogerwilco3d Posted November 2, 2009 Author ID:152395 Share Posted November 2, 2009 UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-10-26.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 10/28/2007 5:39:46 PMSystem Uptime: 11/1/2009 9:41:32 PM (-1 hours ago)Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS4Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 699 GiB total, 131.912 GiB free.D: is FIXED (NTFS) - 699 GiB total, 216.36 GiB free.E: is CDROM ()F: is CDROM ()==== Disabled Device Manager Items ================= System Restore Points ===================RP530: 8/3/2009 10:19:15 PM - System CheckpointRP531: 8/5/2009 11:04:29 PM - System CheckpointRP532: 8/7/2009 11:00:09 PM - System CheckpointRP533: 8/7/2009 11:37:51 PM - Software Distribution Service 3.0RP534: 8/14/2009 8:55:14 PM - System CheckpointRP535: 8/14/2009 11:31:03 PM - Software Distribution Service 3.0RP536: 8/22/2009 12:49:16 AM - System CheckpointRP537: 8/22/2009 1:58:19 PM - Avg8 UpdateRP538: 8/22/2009 1:59:07 PM - Avg8 UpdateRP539: 8/24/2009 9:52:07 PM - System CheckpointRP540: 8/26/2009 1:16:32 AM - System CheckpointRP541: 8/26/2009 8:51:46 AM - Software Distribution Service 3.0RP542: 8/28/2009 9:19:02 PM - System CheckpointRP543: 8/29/2009 11:48:39 PM - System CheckpointRP544: 8/31/2009 9:17:33 PM - System CheckpointRP545: 9/1/2009 8:50:23 AM - Software Distribution Service 3.0RP546: 9/3/2009 12:58:12 AM - System CheckpointRP547: 9/4/2009 1:26:08 AM - System CheckpointRP548: 9/5/2009 10:57:44 AM - System CheckpointRP549: 9/6/2009 12:03:27 PM - System CheckpointRP550: 9/7/2009 11:39:06 PM - System CheckpointRP551: 9/9/2009 8:59:44 PM - System CheckpointRP552: 9/9/2009 11:41:28 PM - Software Distribution Service 3.0RP553: 9/11/2009 1:28:27 AM - System CheckpointRP554: 9/13/2009 11:40:07 AM - System CheckpointRP555: 9/14/2009 9:25:41 PM - System CheckpointRP556: 9/18/2009 1:12:19 AM - System CheckpointRP557: 9/19/2009 11:49:31 AM - System CheckpointRP558: 9/20/2009 9:27:53 PM - System CheckpointRP559: 9/21/2009 10:47:23 PM - System CheckpointRP560: 9/26/2009 10:14:15 AM - System CheckpointRP561: 9/27/2009 8:49:30 PM - System CheckpointRP562: 9/29/2009 12:09:35 AM - System CheckpointRP563: 10/2/2009 11:07:50 PM - System CheckpointRP564: 10/4/2009 1:31:45 PM - System CheckpointRP565: 10/6/2009 8:39:10 AM - Avg8 UpdateRP566: 10/6/2009 8:40:04 AM - Avg8 UpdateRP567: 10/7/2009 11:11:34 PM - Avg8 UpdateRP568: 10/11/2009 12:51:28 AM - Installed Java 6 Update 15RP569: 10/12/2009 10:41:55 PM - Software Distribution Service 3.0RP570: 10/15/2009 8:56:34 AM - Software Distribution Service 3.0RP571: 10/16/2009 9:09:17 AM - System CheckpointRP572: 10/17/2009 6:44:11 PM - Avg8 UpdateRP573: 10/18/2009 7:13:49 PM - System CheckpointRP574: 10/19/2009 8:41:14 PM - Installed SUPERAntiSpyware Free EditionRP575: 10/20/2009 9:00:54 PM - Avg8 UpdateRP576: 10/25/2009 4:26:17 PM - System CheckpointRP577: 10/26/2009 5:55:03 PM - System CheckpointRP578: 10/27/2009 1:01:31 AM - Removed SUPERAntiSpyware Free EditionRP579: 10/27/2009 1:25:34 AM - Installed Kerio Personal FirewallRP580: 10/27/2009 2:30:50 PM - Removed Kerio Personal FirewallRP581: 10/27/2009 2:34:30 PM - Installed Kerio Personal FirewallRP582: 10/27/2009 3:54:21 PM - Removed AVG Free 8.5RP583: 10/27/2009 3:55:21 PM - Installed AVG Free 8.5RP584: 10/27/2009 4:00:42 PM - Removed Kerio Personal FirewallRP585: 10/27/2009 4:19:05 PM - Installed AVG Free 9.0RP586: 10/30/2009 10:56:37 PM - System Checkpoint==== Installed Programs ======================@BIOS Link to post Share on other sites More sharing options...
Blade81 Posted November 2, 2009 ID:152482 Share Posted November 2, 2009 uTorrentVuzeBoth above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again: Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menuselect Advanced Mode On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck Resident TeaTimer and OK any prompts. Restart your computerPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use. Link to post Share on other sites More sharing options...
rogerwilco3d Posted November 2, 2009 Author ID:152569 Share Posted November 2, 2009 Ok, I removed my P2P programs, and shut down tea timer.I read the instructions for ComboFix and turned off AVG.It's been running for about 1 hr now, and is stalled on a blue screen that says "Attempting to Create a New System Restore Point."Should I force quit it and restart?-R Link to post Share on other sites More sharing options...
rogerwilco3d Posted November 2, 2009 Author ID:152572 Share Posted November 2, 2009 Ok, I just forcequit ComboFix as it was stuck on a blue screen saying "Attempting to create a new SystemRestore point" for over an hour. I am uncomfortable proceeding forward. My computer seems to be functioning fine, and AVG hasn't detected any Trojans in a few days. Please advise on how to proceed. Thanks so much.-R Link to post Share on other sites More sharing options...
Blade81 Posted November 2, 2009 ID:152629 Share Posted November 2, 2009 Hi,Please give ComboFix another attempt. If it still fails to progress further from system restore point creation stage then close the program and try to run it in safe mode. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 12, 2009 Root Admin ID:156765 Share Posted November 12, 2009 Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts