Want to make sure I'm clean

[madmike283]

Hey guys and gals. I had a weird email sent from my gmail today to most of my contacts. I was at work when it happened and it was only a link to a suspicious url.

So I've run most of the tests in the instructions above and will post the results here. Other than the suspect email I'm not really experiencing anything abnormal that I can tell. The GMER scanner doesn't work as I get an error "G:\Windows\system32\config\system: The system cannot find the file specified". I DL'd the GMER from the first link provided and moved it to my desktop from it's original location. I also have not re-enabled Defogger yet.

DDS (Ver_09-12-01.01) - NTFSX64

Run by Mike at 19:36:29.55 on Tue 01/12/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2841 [GMT -7:00]

============== Running Processes ===============

G:\Windows\system32\wininit.exe

G:\Windows\system32\lsm.exe

G:\Windows\system32\svchost.exe -k DcomLaunch

G:\Windows\system32\svchost.exe -k RPCSS

G:\Windows\system32\atiesrxx.exe

G:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

G:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

G:\Windows\system32\svchost.exe -k netsvcs

G:\Windows\system32\svchost.exe -k LocalService

G:\Windows\system32\svchost.exe -k NetworkService

G:\Windows\system32\atieclxx.exe

G:\Windows\System32\spoolsv.exe

G:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

G:\Windows\system32\taskhost.exe

G:\Windows\system32\Dwm.exe

G:\Windows\system32\taskeng.exe

G:\Windows\Explorer.EXE

G:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

G:\Program Files (x86)\Bonjour\mDNSResponder.exe

G:\Program Files (x86)\DU Meter\DUMeterSvc.exe

G:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

G:\Program Files (x86)\FileZilla Server\FileZilla Server.exe

G:\PROGRA~2\AVG\AVG8\avgrsa.exe

G:\PROGRA~2\AVG\AVG8\avgnsa.exe

G:\Windows\system32\svchost.exe -k imgsvc

G:\PROGRA~2\AVG\AVG8\avgemc.exe

G:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

G:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe

G:\Program Files (x86)\DU Meter\DUMeter.exe

G:\Program Files\Logitech\SetPoint\SetPoint.exe

G:\Program Files\Rainmeter\Rainmeter.exe

G:\Program Files (x86)\AVG\AVG8\avgtray.exe

G:\Program Files (x86)\PowerISO\PWRISOVM.EXE

G:\Program Files (x86)\iTunes\iTunesHelper.exe

G:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

G:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

G:\Program Files (x86)\Java\jre6\bin\jusched.exe

G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

G:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

G:\Windows\system32\SearchIndexer.exe

G:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

G:\Program Files\Windows Media Player\wmpnetwk.exe

G:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

G:\Program Files\iPod\bin\iPodService.exe

G:\Windows\system32\SearchProtocolHost.exe

G:\Windows\system32\SearchFilterHost.exe

G:\Windows\System32\svchost.exe -k LocalServicePeerNet

G:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

G:\Windows\system32\wbem\wmiprvse.exe

G:\Windows\system32\taskeng.exe

G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

G:\Windows\system32\sppsvc.exe

G:\Windows\System32\svchost.exe -k secsvcs

G:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

G:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

G:\Windows\system32\wbem\wmiprvse.exe

G:\Windows\system32\wuauclt.exe

G:\Users\Mike\Desktop\dds.scr

G:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = g:\windows\syswow64\blank.htm

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program files (x86)\avg\avg8\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files (x86)\java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "g:\users\mike\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [uTorrent] "g:\program files (x86)\utorrent\uTorrent.exe"

uRun: [DU Meter] g:\program files (x86)\du meter\DUMeter.exe

mRun: [AVG8_TRAY] g:\progra~2\avg\avg8\avgtray.exe

mRun: [PWRISOVM.EXE] g:\program files (x86)\poweriso\PWRISOVM.EXE

mRun: [startCCC] "g:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "g:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [FileZilla Server Interface] "g:\program files (x86)\filezilla server\FileZilla Server Interface.exe"

mRun: [iTunesHelper] "g:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "g:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "g:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "g:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "g:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: g:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - g:\program files (x86)\common files\logishrd\ereg\common\eReg.exe

StartupFolder: g:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - g:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: g:\progra~3\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - g:\program files\rainmeter\Rainmeter.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - g:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~2\micros~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: {918B1D83-CF91-4E01-B0F0-DA7642C5B822} = 68.87.85.102,68.87.69.150

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\program files (x86)\avg\avg8\avgpp.dll

mRun-x64: [RtHDVCpl] g:\program files\realtek\audio\hda\RAVCpl64.exe

mRun-x64: [skytel] g:\program files\realtek\audio\hda\Skytel.exe

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;g:\windows\system32\drivers\avgldx64.sys [2009-7-25 427016]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;g:\windows\system32\drivers\avgmfx64.sys [2009-7-25 33416]

R1 AvgTdiA;AVG Free8 Network Redirector x64;g:\windows\system32\drivers\avgtdia.sys [2009-7-25 133640]

R2 AMD External Events Utility;AMD External Events Utility;g:\windows\system32\atiesrxx.exe [2009-5-16 203264]

R2 avg8emc;AVG Free8 E-mail Scanner;g:\progra~2\avg\avg8\avgemc.exe [2009-7-25 908056]

R2 avg8wd;AVG Free8 WatchDog;g:\progra~2\avg\avg8\avgwdsvc.exe [2009-7-25 297752]

R2 DUMeterSvc;DU Meter Service;g:\program files (x86)\du meter\DUMeterSvc.exe [2009-12-29 504832]

R2 MBAMService;MBAMService;g:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-1-12 236368]

R3 MBAMProtector;MBAMProtector;g:\windows\system32\drivers\mbam.sys [2010-1-12 22104]

S2 gupdate;Google Update Service (gupdate);g:\program files (x86)\google\update\GoogleUpdate.exe [2009-8-2 133104]

S3 cpuz132;cpuz132;g:\windows\system32\drivers\cpuz132_x64.sys [2009-7-25 19432]

S3 pwdrvio;pwdrvio;g:\windows\system32\pwdrvio.sys [2009-12-2 19912]

S3 pwdspio;pwdspio;g:\windows\system32\pwdspio.sys [2009-12-2 13264]

S3 RTL8167;Realtek 8167 NT Driver;g:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]

S3 USBAAPL64;Apple Mobile USB Driver;g:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

=============== Created Last 30 ================

2010-01-13 02:12:24 0 ----a-w- g:\users\mike\defogger_reenable

2010-01-12 22:03:34 0 d-----w- g:\users\mike\appdata\roaming\Malwarebytes

2010-01-12 22:03:29 22104 ----a-w- g:\windows\system32\drivers\mbam.sys

2010-01-12 22:03:29 0 d-----w- g:\programdata\Malwarebytes

2010-01-12 22:03:28 0 d-----w- g:\program files (x86)\Malwarebytes' Anti-Malware

2010-01-07 03:58:56 1908 ----a-w- g:\windows\diagwrn.xml

2010-01-07 03:58:56 1908 ----a-w- g:\windows\diagerr.xml

2009-12-30 05:14:08 719 ----a-w- g:\windows\pwcmdlist.bak

2009-12-30 05:05:29 0 d-----w- g:\program files (x86)\DU Meter

2009-12-30 04:58:09 0 d-----w- g:\programdata\Hagel Technologies

==================== Find3M ====================

2009-12-01 05:00:51 11030 ----a-w- g:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat

2009-12-01 05:00:49 3494576 ----a-w- g:\windows\syswow64\SpoonUninstall.exe

2009-12-01 05:00:49 15613 ----a-w- g:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat

2009-11-29 19:57:13 0 ---ha-w- g:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2009-11-19 07:22:46 64512 ----a-w- g:\windows\syswow64\msfeedsbs.dll

2009-11-19 07:22:46 5958656 ----a-w- g:\windows\syswow64\mshtml.dll

2009-11-06 23:33:02 514048 ----a-w- g:\windows\system32\pwNative.exe

2009-11-04 18:47:32 19912 ----a-w- g:\windows\system32\pwdrvio.sys

2009-11-04 18:47:30 13264 ----a-w- g:\windows\system32\pwdspio.sys

2009-11-03 03:42:06 226688 ------w- g:\windows\system32\MpSigStub.exe

2009-10-29 07:48:16 2048 ----a-w- g:\windows\system32\tzres.dll

2009-10-29 07:22:37 2048 ----a-w- g:\windows\syswow64\tzres.dll

2009-10-29 03:14:51 2995 ----a-w- g:\windows\syswow64\SpoonUninstall-dBpoweramp FLAC Codec.dat

2009-07-14 05:37:38 31548 ----a-w- g:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- g:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- g:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- g:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- g:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- g:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- g:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- g:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- g:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- g:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- g:\windows\fonts\StaticCache.dat

2009-07-25 17:12:13 245760 --sha-w- g:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 04:55:03 16384 --sha-w- g:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-07-14 04:55:03 32768 --sha-w- g:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-07-14 04:55:03 16384 --sha-w- g:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat

2009-07-14 01:39:53 398848 --sha-w- g:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- g:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:37:06.29 ===============

[madmike283]

Forgot to add the attach.zip since the DDS did run properly.

Anyone have a minute to check me out here? Thanks

attach.zip