Jump to content

Constant Google Redirects


Recommended Posts

Can't update MBAM, getting "MBAM_ERROR_UPDATING (120007,0, WinHttpSendRequest). Constant Google redirects to random sites with Firefox.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Doug at 23:43:55.04 on Thu 07/29/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2122 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\iRacing\iRacingService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Doug\Desktop\Security\dds.scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\doug\applic~1\mozilla\firefox\profiles\4tupfm9c.default\

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-29 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-29 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-29 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-29 921440]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-29 308136]

R2 iRacingService;iRacing helper service;c:\program files\iracing\iRacingService.exe [2010-7-29 511136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-20 1684736]

=============== Created Last 30 ================

2010-07-30 06:41:30 176 ----a-w- c:\documents and settings\doug\defogger_reenable

2010-07-30 06:19:22 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-30 06:19:08 0 d-----w- c:\program files\Lavasoft

2010-07-30 06:17:33 0 d-----w- c:\docume~1\doug\applic~1\Malwarebytes

2010-07-30 06:17:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-30 06:17:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-30 06:17:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-30 06:17:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-30 05:04:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf

2010-07-30 00:33:56 0 d-sh--w- c:\documents and settings\doug\PrivacIE

2010-07-29 18:13:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-29 18:13:41 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-29 18:13:38 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-29 18:13:34 0 d-----w- c:\windows\system32\drivers\Avg

2010-07-29 18:11:57 0 d-----w- c:\program files\AVG

2010-07-29 18:11:47 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-07-29 18:11:35 0 d-----w- c:\windows\SxsCaPendDel

2010-07-29 17:35:26 0 d-----w- c:\program files\iRacing

2010-07-22 01:10:38 0 d-sh--w- c:\documents and settings\doug\IETldCache

2010-07-22 01:04:37 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-07-22 00:58:49 0 d-----w- c:\docume~1\doug\applic~1\Datel

2010-07-22 00:54:14 0 dc-h--w- c:\windows\ie8

2010-07-22 00:50:25 0 d-----w- c:\docume~1\doug\applic~1\GameTuts

2010-07-22 00:47:44 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat

2010-07-22 00:46:35 0 d-s---w- c:\documents and settings\doug\UserData

2010-07-22 00:44:32 0 d-----w- c:\windows\system32\XPSViewer

2010-07-22 00:44:09 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-07-22 00:44:09 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-07-22 00:44:09 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-07-22 00:44:09 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-07-22 00:44:09 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-07-22 00:44:09 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-07-22 00:44:09 117760 ------w- c:\windows\system32\prntvpt.dll

2010-07-22 00:44:08 0 d-----w- C:\29d1c0705bdb568f514e

2010-07-22 00:37:47 0 d-----w- c:\program files\Datel

2010-07-21 10:07:41 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-07-21 10:07:31 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-07-21 10:07:10 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-21 10:07:01 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-07-21 10:04:05 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx

2010-07-21 10:00:15 0 d-----w- c:\windows\system32\PreInstall

2010-07-21 05:47:15 0 d-----w- c:\program files\VideoLAN

2010-07-21 04:07:43 0 d-----w- c:\documents and settings\doug\Downloads

2010-07-21 04:07:41 0 d-----w- c:\docume~1\doug\applic~1\NewsLeecher

2010-07-21 04:07:19 0 d-----w- c:\program files\NewsLeecher

2010-07-21 03:54:09 0 d-----w- c:\docume~1\doug\applic~1\Digsby

2010-07-21 03:54:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Digsby

2010-07-21 03:53:39 0 d-----w- c:\program files\Digsby

2010-07-21 02:55:06 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys

2010-07-21 02:55:06 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll

2010-07-21 01:45:30 0 d-----w- c:\program files\Microsoft Xbox 360 Accessories

2010-07-21 01:45:26 68888 ----a-w- c:\windows\system32\xinput1_3.dll

2010-07-21 01:27:13 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-07-21 01:27:13 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-07-21 01:27:13 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2010-07-21 01:27:13 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-07-21 01:27:13 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-07-21 01:27:13 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-07-21 01:27:13 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-07-21 01:26:48 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 01:25:18 940794 ----a-w- c:\windows\system32\LoopyMusic.wav

2010-07-21 01:25:18 146650 ----a-w- c:\windows\system32\BuzzingBee.wav

2010-07-21 01:25:12 0 d-----w- c:\windows\system32\Lang

2010-07-21 01:22:42 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation

2010-07-21 01:22:37 0 d-----w- c:\program files\NVIDIA Corporation

2010-07-21 01:18:40 13646 ----a-w- c:\windows\system32\wpa.bak

2010-07-21 01:11:37 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-07-21 01:09:53 604776 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-07-21 01:01:30 0 d-----w- c:\windows\system32\RTCOM

2010-07-21 00:50:41 0 d-----w- c:\program files\Realtek

2010-07-21 00:45:13 0 d-----w- c:\docume~1\doug\applic~1\DAEMON Tools Pro

2010-07-21 00:44:33 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite

2010-07-21 00:44:31 0 d-----w- c:\program files\DAEMON Tools Lite

2010-07-21 00:42:46 0 d-----w- c:\docume~1\doug\applic~1\DAEMON Tools Lite

2010-07-21 00:42:15 0 d-----w- c:\program files\DAMN NFO Viewer

2010-07-21 00:37:51 0 d-----w- c:\program files\common files\Logitech

2010-07-21 00:22:50 0 d-sh--w- c:\documents and settings\all users\DRM

2010-07-21 00:22:38 0 d--h--w- c:\program files\WindowsUpdate

2010-07-21 00:21:39 0 d-----w- c:\program files\common files\MSSoap

2010-07-21 00:20:24 0 d-----w- c:\program files\Online Services

2010-07-21 00:20:19 0 d-----w- c:\program files\Messenger

2010-07-21 00:20:15 0 d-----w- c:\program files\MSN Gaming Zone

2010-07-21 00:19:32 0 d-----w- c:\program files\Windows NT

2010-07-20 17:05:05 0 d-----w- c:\program files\common files\ODBC

2010-07-20 17:05:03 0 d-----w- c:\program files\common files\SpeechEngines

2010-07-20 17:04:36 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-07-21 06:06:40 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-21 01:35:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2010-07-21 01:35:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-07-21 01:32:23 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-21 00:42:48 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-07-21 00:20:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-07-09 23:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-07-09 23:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-07-09 23:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-07-09 23:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2010-07-09 23:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-07-09 23:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll

2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll

2010-07-09 22:38:00 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll

2010-07-09 22:38:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll

2010-07-09 22:38:00 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll

2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll

2010-07-09 22:38:00 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll

2010-07-09 22:38:00 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-07-09 22:38:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 23:44:24.18 ===============

Attatch.rar

Link to post
Share on other sites

Hi ItsDoug420 And Welcome to Malwarebytes Forum!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

========

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply with the TDSSKiller log.
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

ComboFix 10-07-30.01 - Doug 07/30/2010 12:34:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1625 [GMT -7:00]

Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))

.

2010-07-30 18:02 . 2010-07-30 18:02 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe

2010-07-30 18:02 . 2010-07-30 18:02 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-30 18:02 . 2010-07-30 18:02 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll

2010-07-30 18:02 . 2010-07-30 18:02 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-30 08:17 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-07-30 08:15 . 2010-07-30 08:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-30 08:08 . 2010-07-30 08:08 -------- d-----w- c:\program files\uTorrent

2010-07-30 08:08 . 2010-07-30 18:01 -------- d-----w- c:\documents and settings\Doug\Application Data\uTorrent

2010-07-30 07:45 . 2010-07-30 07:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-30 06:19 . 2010-07-30 06:19 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\Sunbelt Software

2010-07-30 06:19 . 2010-07-30 06:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-30 06:19 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-30 06:19 . 2010-07-30 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-30 06:19 . 2010-07-30 06:19 -------- d-----w- c:\program files\Lavasoft

2010-07-30 06:17 . 2010-07-30 06:17 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes

2010-07-30 06:17 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-30 06:17 . 2010-07-30 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-30 06:17 . 2010-07-30 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-30 06:17 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-30 00:33 . 2010-07-30 00:33 -------- d-sh--w- c:\documents and settings\Doug\PrivacIE

2010-07-29 18:13 . 2010-07-29 18:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-29 18:13 . 2010-07-29 18:13 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-29 18:13 . 2010-07-29 18:13 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-29 18:13 . 2010-07-29 18:13 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-07-29 18:13 . 2010-07-30 18:03 -------- d-----w- c:\windows\system32\drivers\Avg

2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\program files\AVG

2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-27 07:35 . 2010-07-27 08:01 -------- d-----w- c:\documents and settings\Doug\Application Data\ImgBurn

2010-07-27 07:26 . 2010-07-27 07:26 -------- d-----w- c:\program files\ImgBurn

2010-07-22 01:37 . 2010-07-22 01:37 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\FeudalNate

2010-07-22 01:10 . 2010-07-22 01:10 -------- d-sh--w- c:\documents and settings\Doug\IETldCache

2010-07-22 00:58 . 2010-07-22 00:58 -------- d-----w- c:\documents and settings\Doug\Application Data\Datel

2010-07-22 00:50 . 2010-07-22 00:50 -------- d-----w- c:\documents and settings\Doug\Application Data\GameTuts

2010-07-22 00:49 . 2010-07-22 00:49 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\GameTuts

2010-07-22 00:46 . 2010-07-22 00:46 -------- d-s---w- c:\documents and settings\Doug\UserData

2010-07-22 00:37 . 2010-07-22 00:37 -------- d-----w- c:\program files\Datel

2010-07-21 10:07 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-07-21 10:07 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-07-21 10:07 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-21 10:07 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-07-21 10:06 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-07-21 10:06 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-07-21 10:06 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-07-21 10:06 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-07-21 10:06 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-07-21 10:06 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-21 10:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-07-21 10:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-07-21 10:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-07-21 10:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-07-21 10:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-07-21 10:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-07-21 10:02 . 2010-02-17 16:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-07-21 10:02 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-07-21 10:02 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-07-21 10:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2010-07-21 10:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-07-21 10:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-07-21 10:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-07-21 10:01 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-07-21 10:01 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-07-21 10:01 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-07-21 05:57 . 2010-07-21 05:57 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-07-21 05:57 . 2010-07-22 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-21 05:49 . 2010-07-26 04:48 -------- d-----w- c:\documents and settings\Doug\Application Data\vlc

2010-07-21 05:47 . 2010-07-21 05:47 -------- d-----w- c:\program files\VideoLAN

2010-07-21 04:07 . 2010-07-30 08:14 -------- d-----w- c:\documents and settings\Doug\Downloads

2010-07-21 04:07 . 2010-07-21 05:40 -------- d-----w- c:\documents and settings\Doug\Application Data\NewsLeecher

2010-07-21 04:07 . 2010-07-21 04:07 -------- d-----w- c:\program files\NewsLeecher

2010-07-21 03:54 . 2010-07-29 18:11 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\Digsby

2010-07-21 03:54 . 2010-07-21 05:27 -------- d-----w- c:\documents and settings\Doug\Application Data\Digsby

2010-07-21 03:54 . 2010-07-21 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Digsby

2010-07-21 03:53 . 2010-07-29 18:11 -------- d-----w- c:\program files\Digsby

2010-07-21 01:35 . 2007-01-30 08:46 69632 ----a-w- c:\windows\system32\KemXML.dll

2010-07-21 01:35 . 2007-01-30 08:46 163840 ----a-w- c:\windows\system32\kemutb.dll

2010-07-21 01:35 . 2007-01-30 08:46 110592 ----a-w- c:\windows\system32\KemWnd.dll

2010-07-21 01:35 . 2007-01-30 08:46 135168 ----a-w- c:\windows\system32\KemUtil.dll

2010-07-21 01:34 . 2010-07-21 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2010-07-21 01:34 . 2010-07-21 01:34 10134 ----a-r- c:\documents and settings\Doug\Application Data\Microsoft\Installer\{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON.exe

2010-07-21 01:27 . 2010-03-10 06:15 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2010-07-21 01:27 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-07-21 01:27 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-07-21 01:27 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-07-21 01:27 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-07-21 01:27 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-07-21 01:27 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-07-21 01:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 01:25 . 2010-07-22 00:48 13104 ----a-w- c:\documents and settings\Doug\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-21 01:25 . 2010-07-21 01:25 -------- d-----w- c:\windows\system32\Lang

2010-07-21 01:14 . 2010-07-21 01:14 0 ----a-w- c:\windows\nsreg.dat

2010-07-21 01:14 . 2010-07-21 01:14 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\Mozilla

2010-07-21 01:10 . 2007-11-17 23:43 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys

2010-07-21 01:10 . 2007-11-17 23:41 197120 ----a-r- c:\windows\system32\fdco1ins.dll

2010-07-21 01:10 . 2007-11-17 23:41 197120 ----a-r- c:\windows\system32\fdco1.dll

2010-07-21 01:10 . 2007-11-17 23:22 3636 ----a-r- c:\windows\system32\drivers\nvphy.bin

2010-07-21 01:10 . 2007-11-07 21:32 35328 ----a-r- c:\windows\system32\nvconrm.dll

2010-07-21 01:10 . 2007-11-07 21:31 356352 ----a-w- c:\windows\system32\nvunrm.exe

2010-07-21 01:10 . 2007-11-17 23:43 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys

2010-07-21 01:10 . 2007-11-17 23:43 943872 ----a-r- c:\windows\system32\drivers\nvnrm.sys

2010-07-21 01:10 . 2007-11-17 23:40 9216 ----a-r- c:\windows\system32\bdco1ins.dll

2010-07-21 01:10 . 2007-11-17 23:40 9216 ----a-r- c:\windows\system32\bdco1.dll

2010-07-21 01:10 . 2007-07-05 23:01 356352 ----a-r- c:\windows\system32\nvusmb.exe

2010-07-21 01:09 . 2010-07-07 20:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-07-21 01:01 . 2010-07-21 01:01 -------- d-----w- c:\windows\system32\RTCOM

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-30 07:27 . 2010-07-21 01:22 233384 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-30 07:27 . 2010-07-21 01:22 233384 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-30 07:27 . 2010-07-21 01:22 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-07-30 05:04 . 2010-07-30 05:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf

2010-07-29 17:41 . 2010-07-29 17:35 -------- d-----w- c:\program files\iRacing

2010-07-29 17:35 . 2010-07-21 00:50 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-29 17:35 . 2010-07-29 17:35 -------- d-----w- c:\documents and settings\Doug\Application Data\InstallShield

2010-07-22 00:44 . 2010-07-22 00:44 -------- d-----w- c:\program files\MSBuild

2010-07-22 00:44 . 2010-07-22 00:44 -------- d-----w- c:\program files\Reference Assemblies

2010-07-21 02:55 . 2010-07-21 01:45 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\documents and settings\Doug\Application Data\Logitech

2010-07-21 01:35 . 2010-07-21 01:35 -------- d-----w- c:\program files\Common Files\LogiShrd

2010-07-21 01:35 . 2010-07-21 01:35 10134 ----a-r- c:\documents and settings\Doug\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe

2010-07-21 01:35 . 2010-07-21 01:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2010-07-21 01:35 . 2010-07-21 01:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-07-21 01:35 . 2010-07-21 00:37 -------- d-----w- c:\program files\Common Files\Logitech

2010-07-21 01:34 . 2010-07-21 00:37 -------- d-----w- c:\program files\Logitech

2010-07-21 01:23 . 2010-07-21 01:22 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-21 01:22 . 2010-07-21 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-07-21 00:52 . 2010-07-21 00:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-21 00:50 . 2010-07-21 00:50 -------- d-----w- c:\program files\Realtek

2010-07-21 00:50 . 2010-07-21 00:50 -------- d-----w- c:\program files\Common Files\InstallShield

2010-07-21 00:45 . 2010-07-21 00:45 -------- d-----w- c:\documents and settings\Doug\Application Data\DAEMON Tools Pro

2010-07-21 00:45 . 2010-07-21 00:45 -------- d-----w- c:\documents and settings\Doug\Application Data\DAEMON Tools

2010-07-21 00:44 . 2010-07-21 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-07-21 00:44 . 2010-07-21 00:44 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-07-21 00:42 . 2010-07-21 00:42 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-07-21 00:42 . 2010-07-21 00:42 -------- d-----w- c:\documents and settings\Doug\Application Data\DAEMON Tools Lite

2010-07-21 00:42 . 2010-07-21 00:42 -------- d-----w- c:\program files\DAMN NFO Viewer

2010-07-21 00:23 . 2010-07-21 00:23 -------- d-----w- c:\program files\microsoft frontpage

2010-07-21 00:20 . 2010-07-21 00:20 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

2010-07-09 22:38 . 2010-07-21 01:22 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-07-09 22:38 . 2010-07-21 01:22 13549568 ----a-w- c:\windows\system32\nvoglnt.dll

2010-07-09 22:38 . 2010-07-21 01:22 4595712 ----a-w- c:\windows\system32\nvcuda.dll

2010-07-09 22:38 . 2010-07-21 01:22 2914408 ----a-w- c:\windows\system32\nvcuvid.dll

2010-07-09 22:38 . 2010-07-21 01:22 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-07-09 22:38 . 2010-07-21 01:22 236136 ----a-w- c:\windows\system32\nvcodins.dll

2010-07-09 22:38 . 2010-07-21 01:22 236136 ----a-w- c:\windows\system32\nvcod.dll

2010-07-09 22:38 . 2010-07-21 01:22 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-07-09 22:38 . 2010-07-21 01:22 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-07-09 22:38 . 2010-07-21 01:22 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-07-09 22:38 . 2010-07-21 00:52 6343040 ----a-w- c:\windows\system32\nv4_disp.dll

2010-07-09 22:38 . 2010-07-21 00:50 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-06-14 14:31 . 2010-07-21 00:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-05-06 10:41 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2007-07-27 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]

"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-29 2065760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-7-20 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-29 18:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2010 11:13 AM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2010 11:13 AM 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/29/2010 11:12 AM 921440]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/29/2010 11:12 AM 308136]

R2 iRacingService;iRacing helper service;c:\program files\iRacing\iRacingService.exe [7/29/2010 10:35 AM 511136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 1:55 AM 1352832]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/20/2010 5:50 PM 1684736]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/20/2010 5:42 PM 717296]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD24

*Deregistered* - klmd24

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

TCP: {CF7476A1-D270-4BD7-A421-CE39ABDACB80} = 213.109.64.7,213.109.72.139

FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\4tupfm9c.default\

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-30 12:35

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(492)

c:\windows\system32\WININET.dll

c:\program files\NVIDIA Corporation\nView\nview.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2010-07-30 12:36:30

ComboFix-quarantined-files.txt 2010-07-30 19:36

Pre-Run: 954,975,485,952 bytes free

Post-Run: 955,796,303,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0378D2C2CF86F493D49FC19D31DA6EC0

2010/07/30 12:31:00.0031 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49

2010/07/30 12:31:00.0031 ================================================================================

2010/07/30 12:31:00.0031 SystemInfo:

2010/07/30 12:31:00.0031

2010/07/30 12:31:00.0031 OS Version: 5.1.2600 ServicePack: 3.0

2010/07/30 12:31:00.0031 Product type: Workstation

2010/07/30 12:31:00.0031 ComputerName: DOUGLAS-EEA933C

2010/07/30 12:31:00.0031 UserName: Doug

2010/07/30 12:31:00.0031 Windows directory: C:\WINDOWS

2010/07/30 12:31:00.0031 System windows directory: C:\WINDOWS

2010/07/30 12:31:00.0031 Processor architecture: Intel x86

2010/07/30 12:31:00.0031 Number of processors: 2

2010/07/30 12:31:00.0031 Page size: 0x1000

2010/07/30 12:31:00.0031 Boot type: Normal boot

2010/07/30 12:31:00.0031 ================================================================================

2010/07/30 12:31:00.0234 Initialize success

2010/07/30 12:31:07.0046 ================================================================================

2010/07/30 12:31:07.0046 Scan started

2010/07/30 12:31:07.0046 Mode: Manual;

2010/07/30 12:31:07.0046 ================================================================================

2010/07/30 12:31:07.0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/07/30 12:31:07.0812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/07/30 12:31:07.0843 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/07/30 12:31:07.0890 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/07/30 12:31:07.0937 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

2010/07/30 12:31:07.0968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/07/30 12:31:07.0984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/07/30 12:31:07.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/07/30 12:31:08.0000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/07/30 12:31:08.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/07/30 12:31:08.0093 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys

2010/07/30 12:31:08.0109 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys

2010/07/30 12:31:08.0156 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys

2010/07/30 12:31:08.0265 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/07/30 12:31:08.0296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/07/30 12:31:08.0312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/07/30 12:31:08.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/07/30 12:31:08.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/07/30 12:31:08.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/07/30 12:31:08.0390 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/07/30 12:31:08.0421 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/07/30 12:31:08.0437 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/07/30 12:31:08.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/07/30 12:31:08.0468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/07/30 12:31:08.0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/07/30 12:31:08.0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/07/30 12:31:08.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/07/30 12:31:08.0531 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/07/30 12:31:08.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/07/30 12:31:08.0546 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/07/30 12:31:08.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/07/30 12:31:08.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/07/30 12:31:08.0593 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/07/30 12:31:08.0593 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/07/30 12:31:08.0640 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/07/30 12:31:08.0671 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/07/30 12:31:08.0687 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/07/30 12:31:08.0812 IntcAzAudAddService (3fa02c6e3e9ebe8523a2d4e51d0ece1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/07/30 12:31:08.0984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/07/30 12:31:09.0000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/07/30 12:31:09.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/07/30 12:31:09.0031 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/07/30 12:31:09.0062 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/07/30 12:31:09.0062 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/07/30 12:31:09.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/07/30 12:31:09.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/07/30 12:31:09.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/07/30 12:31:09.0156 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/07/30 12:31:09.0187 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys

2010/07/30 12:31:09.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/07/30 12:31:09.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/07/30 12:31:09.0296 LHidFilt (c91206ca84684057118265e8377c77b6) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2010/07/30 12:31:09.0312 LMouFilt (9f03720fa5e6d14cd4dfea610f2c1a7c) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2010/07/30 12:31:09.0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/07/30 12:31:09.0343 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/07/30 12:31:09.0375 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

2010/07/30 12:31:09.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/07/30 12:31:09.0453 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/07/30 12:31:09.0468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/07/30 12:31:09.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/07/30 12:31:09.0484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/07/30 12:31:09.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/07/30 12:31:09.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/07/30 12:31:09.0531 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/07/30 12:31:09.0531 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/07/30 12:31:09.0562 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/07/30 12:31:09.0593 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/07/30 12:31:09.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/07/30 12:31:09.0625 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/07/30 12:31:09.0625 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/07/30 12:31:09.0640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/07/30 12:31:09.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/07/30 12:31:09.0671 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/07/30 12:31:09.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/07/30 12:31:09.0671 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/07/30 12:31:09.0687 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/07/30 12:31:09.0687 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/07/30 12:31:09.0703 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/07/30 12:31:09.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/07/30 12:31:09.0734 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/07/30 12:31:09.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/07/30 12:31:09.0968 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/07/30 12:31:10.0156 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2010/07/30 12:31:10.0187 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2010/07/30 12:31:10.0218 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/07/30 12:31:10.0218 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/07/30 12:31:10.0250 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/07/30 12:31:10.0265 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/07/30 12:31:10.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/07/30 12:31:10.0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/07/30 12:31:10.0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/07/30 12:31:10.0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/07/30 12:31:10.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/07/30 12:31:10.0390 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/07/30 12:31:10.0390 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/07/30 12:31:10.0390 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/07/30 12:31:10.0421 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/07/30 12:31:10.0437 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/07/30 12:31:10.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/07/30 12:31:10.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/07/30 12:31:10.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/07/30 12:31:10.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/07/30 12:31:10.0468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/07/30 12:31:10.0500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/07/30 12:31:10.0515 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/07/30 12:31:10.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/07/30 12:31:10.0531 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/07/30 12:31:10.0531 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/07/30 12:31:10.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/07/30 12:31:10.0546 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/07/30 12:31:10.0578 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/07/30 12:31:10.0625 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys

2010/07/30 12:31:10.0656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/07/30 12:31:10.0671 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/07/30 12:31:10.0671 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/07/30 12:31:10.0687 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/07/30 12:31:10.0703 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/07/30 12:31:10.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/07/30 12:31:10.0750 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/07/30 12:31:10.0765 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/07/30 12:31:10.0781 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/07/30 12:31:10.0812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/07/30 12:31:10.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/07/30 12:31:10.0843 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/07/30 12:31:10.0890 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/07/30 12:31:10.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/07/30 12:31:10.0906 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/07/30 12:31:10.0906 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/07/30 12:31:10.0906 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/07/30 12:31:10.0953 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/07/30 12:31:11.0015 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/07/30 12:31:11.0031 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/07/30 12:31:11.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/07/30 12:31:11.0046 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/07/30 12:31:11.0078 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/07/30 12:31:11.0109 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/07/30 12:31:11.0140 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\WINDOWS\system32\drivers\WmBEnum.sys

2010/07/30 12:31:11.0156 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\WINDOWS\system32\drivers\WmFilter.sys

2010/07/30 12:31:11.0156 WmHidLo (31d2906d59f127654964be334b615720) C:\WINDOWS\system32\drivers\WmHidLo.sys

2010/07/30 12:31:11.0187 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\WINDOWS\system32\drivers\WmVirHid.sys

2010/07/30 12:31:11.0187 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\WINDOWS\system32\drivers\WmXlCore.sys

2010/07/30 12:31:11.0218 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/07/30 12:31:11.0250 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys

2010/07/30 12:31:11.0265 ================================================================================

2010/07/30 12:31:11.0265 Scan finished

2010/07/30 12:31:11.0265 ================================================================================

2010/07/30 12:32:14.0578 Deinitialize success

ComboFix.txt

TDSSKiller.2.4.0.0_30.07.2010_12.31.00_log.txt

Link to post
Share on other sites

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Are the redirects still happening now? Before we move on.

Link to post
Share on other sites

Sorry, here is the log...

GooredFix by jpshortstuff (03.07.10.1)

Log created at 12:52 on 30/07/2010 (Doug)

Firefox version 3.6.8 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:14 21/07/2010]

C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\4tupfm9c.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b} [18:23 29/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:44 22/07/2010]

"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [18:12 29/07/2010]

-=E.O.F=-

Link to post
Share on other sites

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.

Link to post
Share on other sites

Bootkit Remover

© 2009 eSage Lab

www.esagelab.com

Program version: 1.1.0.0

OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000

Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;

Press any key to quit...

Link to post
Share on other sites

Great Bootkit scan shows no Bootkit infection.

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

Folder::
c:\program files\uTorrent
c:\documents and settings\Doug\Application Data\uTorrent


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply with the Kaspersky Online Scanner

Next

Please download Java:

http://www.java.com/en/

So we can run Kaspersky Online Scanner.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Link to post
Share on other sites

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-30 13:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2928)

c:\windows\system32\WININET.dll

c:\program files\NVIDIA Corporation\nView\nview.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2010-07-30 13:42:17 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-30 20:42

Pre-Run: 955,779,788,800 bytes free

Post-Run: 955,768,356,864 bytes free

- - End Of File - - 06DE1B4D46B63FEBA790639C811F9BDF

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, July 30, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, July 30, 2010 16:42:49

Records in database: 4193202

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

Scan statistics:

Objects scanned: 387684

Threats found: 2

Infected objects found: 2

Suspicious objects found: 0

Scan duration: 03:31:07

File name / Threat / Threats count

D:\Downloads\windows 7 64bit also with everything\loader\not sure!\7Loader By Orbit30 & Hazar v1.2.exe Infected: Trojan.Win32.Swisyn.rgy 1

D:\Xbox360 Stuff\corruptprofile.zip Infected: not-a-virus:Monitor.MSIL.Keylogger.a 1

Selected area has been scanned.

Link to post
Share on other sites

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Next

Run CKScanner

  • Please download CKScanner by from Here
  • Important: - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Link to post
Share on other sites

ComboFix 10-07-30.01 - Doug 07/30/2010 19:56:13.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1916 [GMT -7:00]

Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))

.

2010-07-30 18:02 . 2010-07-30 18:02 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe

2010-07-30 18:02 . 2010-07-30 18:02 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-30 18:02 . 2010-07-30 18:02 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll

2010-07-30 18:02 . 2010-07-30 18:02 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-30 08:17 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-07-30 08:15 . 2010-07-30 08:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-30 07:45 . 2010-07-30 07:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-30 06:19 . 2010-07-30 06:19 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\Sunbelt Software

2010-07-30 06:19 . 2010-07-30 06:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-30 06:19 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-30 06:19 . 2010-07-30 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-30 06:19 . 2010-07-30 06:19 -------- d-----w- c:\program files\Lavasoft

2010-07-30 06:17 . 2010-07-30 06:17 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes

2010-07-30 06:17 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-30 06:17 . 2010-07-30 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-30 06:17 . 2010-07-30 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-30 06:17 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-30 00:33 . 2010-07-30 00:33 -------- d-sh--w- c:\documents and settings\Doug\PrivacIE

2010-07-29 18:13 . 2010-07-29 18:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-29 18:13 . 2010-07-29 18:13 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-29 18:13 . 2010-07-29 18:13 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-29 18:13 . 2010-07-29 18:13 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-07-29 18:13 . 2010-07-31 00:33 -------- d-----w- c:\windows\system32\drivers\Avg

2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\program files\AVG

2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-27 07:35 . 2010-07-27 08:01 -------- d-----w- c:\documents and settings\Doug\Application Data\ImgBurn

2010-07-27 07:26 . 2010-07-27 07:26 -------- d-----w- c:\program files\ImgBurn

2010-07-22 01:37 . 2010-07-22 01:37 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\FeudalNate

2010-07-22 01:10 . 2010-07-22 01:10 -------- d-sh--w- c:\documents and settings\Doug\IETldCache

2010-07-22 00:58 . 2010-07-22 00:58 -------- d-----w- c:\documents and settings\Doug\Application Data\Datel

2010-07-22 00:50 . 2010-07-22 00:50 -------- d-----w- c:\documents and settings\Doug\Application Data\GameTuts

2010-07-22 00:49 . 2010-07-22 00:49 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\GameTuts

2010-07-22 00:46 . 2010-07-22 00:46 -------- d-s---w- c:\documents and settings\Doug\UserData

2010-07-22 00:37 . 2010-07-22 00:37 -------- d-----w- c:\program files\Datel

2010-07-21 10:07 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-07-21 10:07 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-07-21 10:07 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-21 10:07 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-07-21 10:06 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-07-21 10:06 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-07-21 10:06 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-07-21 10:06 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-07-21 10:06 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-07-21 10:06 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-21 10:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-07-21 10:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-07-21 10:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-07-21 10:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-07-21 10:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-07-21 10:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-07-21 10:02 . 2010-02-17 16:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-07-21 10:02 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-07-21 10:02 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-07-21 10:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2010-07-21 10:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-07-21 10:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-07-21 10:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-07-21 10:01 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-07-21 10:01 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-07-21 10:01 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-07-21 05:57 . 2010-07-21 05:57 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-07-21 05:57 . 2010-07-22 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-21 05:49 . 2010-07-26 04:48 -------- d-----w- c:\documents and settings\Doug\Application Data\vlc

2010-07-21 05:47 . 2010-07-21 05:47 -------- d-----w- c:\program files\VideoLAN

2010-07-21 04:07 . 2010-07-30 08:14 -------- d-----w- c:\documents and settings\Doug\Downloads

2010-07-21 04:07 . 2010-07-21 05:40 -------- d-----w- c:\documents and settings\Doug\Application Data\NewsLeecher

2010-07-21 04:07 . 2010-07-21 04:07 -------- d-----w- c:\program files\NewsLeecher

2010-07-21 03:54 . 2010-07-29 18:11 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\Digsby

2010-07-21 03:54 . 2010-07-21 05:27 -------- d-----w- c:\documents and settings\Doug\Application Data\Digsby

2010-07-21 03:54 . 2010-07-21 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Digsby

2010-07-21 03:53 . 2010-07-29 18:11 -------- d-----w- c:\program files\Digsby

2010-07-21 01:35 . 2007-01-30 08:46 69632 ----a-w- c:\windows\system32\KemXML.dll

2010-07-21 01:35 . 2007-01-30 08:46 163840 ----a-w- c:\windows\system32\kemutb.dll

2010-07-21 01:35 . 2007-01-30 08:46 110592 ----a-w- c:\windows\system32\KemWnd.dll

2010-07-21 01:35 . 2007-01-30 08:46 135168 ----a-w- c:\windows\system32\KemUtil.dll

2010-07-21 01:34 . 2010-07-21 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2010-07-21 01:34 . 2010-07-21 01:34 10134 ----a-r- c:\documents and settings\Doug\Application Data\Microsoft\Installer\{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON.exe

2010-07-21 01:27 . 2010-03-10 06:15 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2010-07-21 01:27 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-07-21 01:27 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-07-21 01:27 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-07-21 01:27 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-07-21 01:27 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-07-21 01:27 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-07-21 01:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 01:25 . 2010-07-22 00:48 13104 ----a-w- c:\documents and settings\Doug\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-21 01:25 . 2010-07-21 01:25 -------- d-----w- c:\windows\system32\Lang

2010-07-21 01:14 . 2010-07-21 01:14 0 ----a-w- c:\windows\nsreg.dat

2010-07-21 01:14 . 2010-07-21 01:14 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\Mozilla

2010-07-21 01:10 . 2007-11-17 23:43 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys

2010-07-21 01:10 . 2007-11-17 23:41 197120 ----a-r- c:\windows\system32\fdco1ins.dll

2010-07-21 01:10 . 2007-11-17 23:41 197120 ----a-r- c:\windows\system32\fdco1.dll

2010-07-21 01:10 . 2007-11-17 23:22 3636 ----a-r- c:\windows\system32\drivers\nvphy.bin

2010-07-21 01:10 . 2007-11-07 21:32 35328 ----a-r- c:\windows\system32\nvconrm.dll

2010-07-21 01:10 . 2007-11-07 21:31 356352 ----a-w- c:\windows\system32\nvunrm.exe

2010-07-21 01:10 . 2007-11-17 23:43 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys

2010-07-21 01:10 . 2007-11-17 23:43 943872 ----a-r- c:\windows\system32\drivers\nvnrm.sys

2010-07-21 01:10 . 2007-11-17 23:40 9216 ----a-r- c:\windows\system32\bdco1ins.dll

2010-07-21 01:10 . 2007-11-17 23:40 9216 ----a-r- c:\windows\system32\bdco1.dll

2010-07-21 01:10 . 2007-07-05 23:01 356352 ----a-r- c:\windows\system32\nvusmb.exe

2010-07-21 01:09 . 2010-07-07 20:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-07-21 01:01 . 2010-07-21 01:01 -------- d-----w- c:\windows\system32\RTCOM

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-30 20:44 . 2010-07-30 20:44 -------- d-----w- c:\program files\Common Files\Java

2010-07-30 20:44 . 2010-07-30 20:44 61440 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37420ca9-n\decora-sse.dll

2010-07-30 20:44 . 2010-07-30 20:44 503808 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25ce3814-n\msvcp71.dll

2010-07-30 20:44 . 2010-07-30 20:44 499712 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25ce3814-n\jmc.dll

2010-07-30 20:44 . 2010-07-30 20:44 348160 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25ce3814-n\msvcr71.dll

2010-07-30 20:44 . 2010-07-30 20:44 12800 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37420ca9-n\decora-d3d.dll

2010-07-30 20:44 . 2010-07-30 20:44 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-30 20:44 . 2010-07-30 20:44 -------- d-----w- c:\program files\Java

2010-07-30 07:27 . 2010-07-21 01:22 233384 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-30 07:27 . 2010-07-21 01:22 233384 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-30 07:27 . 2010-07-21 01:22 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-07-30 05:04 . 2010-07-30 05:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf

2010-07-29 17:41 . 2010-07-29 17:35 -------- d-----w- c:\program files\iRacing

2010-07-29 17:35 . 2010-07-21 00:50 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-29 17:35 . 2010-07-29 17:35 -------- d-----w- c:\documents and settings\Doug\Application Data\InstallShield

2010-07-22 00:44 . 2010-07-22 00:44 -------- d-----w- c:\program files\MSBuild

2010-07-22 00:44 . 2010-07-22 00:44 -------- d-----w- c:\program files\Reference Assemblies

2010-07-21 02:55 . 2010-07-21 01:45 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2010-07-21 01:38 . 2010-07-21 01:38 -------- d-----w- c:\documents and settings\Doug\Application Data\Logitech

2010-07-21 01:35 . 2010-07-21 01:35 -------- d-----w- c:\program files\Common Files\LogiShrd

2010-07-21 01:35 . 2010-07-21 01:35 10134 ----a-r- c:\documents and settings\Doug\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe

2010-07-21 01:35 . 2010-07-21 01:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2010-07-21 01:35 . 2010-07-21 01:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-07-21 01:35 . 2010-07-21 00:37 -------- d-----w- c:\program files\Common Files\Logitech

2010-07-21 01:34 . 2010-07-21 00:37 -------- d-----w- c:\program files\Logitech

2010-07-21 01:23 . 2010-07-21 01:22 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-21 01:22 . 2010-07-21 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-07-21 00:52 . 2010-07-21 00:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-21 00:50 . 2010-07-21 00:50 -------- d-----w- c:\program files\Realtek

2010-07-21 00:50 . 2010-07-21 00:50 -------- d-----w- c:\program files\Common Files\InstallShield

2010-07-21 00:45 . 2010-07-21 00:45 -------- d-----w- c:\documents and settings\Doug\Application Data\DAEMON Tools Pro

2010-07-21 00:45 . 2010-07-21 00:45 -------- d-----w- c:\documents and settings\Doug\Application Data\DAEMON Tools

2010-07-21 00:44 . 2010-07-21 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-07-21 00:44 . 2010-07-21 00:44 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-07-21 00:42 . 2010-07-21 00:42 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-07-21 00:42 . 2010-07-21 00:42 -------- d-----w- c:\documents and settings\Doug\Application Data\DAEMON Tools Lite

2010-07-21 00:42 . 2010-07-21 00:42 -------- d-----w- c:\program files\DAMN NFO Viewer

2010-07-21 00:23 . 2010-07-21 00:23 -------- d-----w- c:\program files\microsoft frontpage

2010-07-21 00:20 . 2010-07-21 00:20 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

2010-07-09 22:38 . 2010-07-21 01:22 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-07-09 22:38 . 2010-07-21 01:22 13549568 ----a-w- c:\windows\system32\nvoglnt.dll

2010-07-09 22:38 . 2010-07-21 01:22 4595712 ----a-w- c:\windows\system32\nvcuda.dll

2010-07-09 22:38 . 2010-07-21 01:22 2914408 ----a-w- c:\windows\system32\nvcuvid.dll

2010-07-09 22:38 . 2010-07-21 01:22 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-07-09 22:38 . 2010-07-21 01:22 236136 ----a-w- c:\windows\system32\nvcodins.dll

2010-07-09 22:38 . 2010-07-21 01:22 236136 ----a-w- c:\windows\system32\nvcod.dll

2010-07-09 22:38 . 2010-07-21 01:22 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-07-09 22:38 . 2010-07-21 01:22 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-07-09 22:38 . 2010-07-21 01:22 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-07-09 22:38 . 2010-07-21 00:52 6343040 ----a-w- c:\windows\system32\nv4_disp.dll

2010-07-09 22:38 . 2010-07-21 00:50 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-06-14 14:31 . 2010-07-21 00:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-05-06 10:41 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2007-07-27 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-07-30_19.35.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-31 02:59 . 2010-07-31 02:59 16384 c:\windows\temp\Perflib_Perfdata_500.dat

+ 2010-07-30 20:44 . 2010-07-30 20:44 153376 c:\windows\system32\javaws.exe

+ 2010-07-30 20:44 . 2010-07-30 20:44 145184 c:\windows\system32\javaw.exe

+ 2010-07-30 20:44 . 2010-07-30 20:44 145184 c:\windows\system32\java.exe

+ 2010-07-30 20:44 . 2010-07-30 20:44 180224 c:\windows\Installer\3659b.msi

+ 2010-07-30 20:44 . 2010-07-30 20:44 676352 c:\windows\Installer\36595.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]

"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-29 2065760]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-7-20 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-29 18:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2010 11:13 AM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2010 11:13 AM 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/30/2010 11:02 AM 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/29/2010 11:12 AM 308136]

R2 iRacingService;iRacing helper service;c:\program files\iRacing\iRacingService.exe [7/29/2010 10:35 AM 511136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 1:55 AM 1352832]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/20/2010 5:50 PM 1684736]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/20/2010 5:42 PM 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

.

.

------- Supplementary Scan -------

.

TCP: {CF7476A1-D270-4BD7-A421-CE39ABDACB80} = 213.109.64.7,213.109.72.139

FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\4tupfm9c.default\

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-30 20:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2636)

c:\windows\system32\WININET.dll

c:\program files\NVIDIA Corporation\nView\nview.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-07-30 20:01:34 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-31 03:01

ComboFix2.txt 2010-07-30 20:42

Pre-Run: 955,487,510,528 bytes free

Post-Run: 955,586,465,792 bytes free

- - End Of File - - 0589CE1876231B693960CE51662CC133

Link to post
Share on other sites

It's very apparent that uTorrent was not removed. Also, Kaspersky Online Scanner shows evidence of P2P programs. I was going to help you, but after the CFScript without uTorrent entries and posting the cut off log of the first CF log. Sorry but the cleaning process stops here.

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programs.

Unless you uninstall all P2P software, I am sorry, but my only advice to you will be to reformat the computer.

I must also warn you that continued use of P2P and other questionable programs will likely result in your computer being in the same state again. P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and increasingly so of late. P2P security measures are easily circumvented. Further to that, if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. In addition to infections of the nature found on this computer, use of P2P programs can result in Identity Theft.

Please see the forum rules as well:

http://forums.malwarebytes.org/index.php?showtopic=5215

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.