FindGala

peterz · January 6, 2011

Happy New Year!

When I attempt to navigate to some web sites I am directed to FindGala. Malwarebytes comes up clean. Notepad did not give me an option to "Send to", I pasted the other files. Sorry if this is a transgression, I am a novice and want to make this as easy as possible.

Thank you very much,

PeterZ

Here is my most recent malwarebytes log.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4867

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/6/2011 12:15:57 AM

mbam-log-2011-01-06 (00-15-57).txt

Scan type: Full scan (C:\|)

Objects scanned: 420778

Time elapsed: 3 hour(s), 4 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the DDS log file;

DDS (Ver_10-12-12.02) - NTFSx86

Run by Peter at 19:54:28.68 on Wed 01/05/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.84 [GMT -8:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Security Master AV *Enabled/Updated* {A43C7926-FB8F-4DBE-A5AD-BF7D3CF0B09C}

AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}

FW: Security Master AV *Enabled*

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\F5InstallerService.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\keyhook.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\PowerS.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\InterVideo\WinDVR\WinScheduler.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\V CAST Media Manager\MEMonitor.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Peter\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=localhost:8083

uInternet Settings,ProxyOverride = ;localhost;<local>;*.local

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com

mSearchAssistant = hxxp://home.peoplepc.com/search

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop search\GoogleDesktopIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll

TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"

uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe

uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\peter\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe

mRun: [siS Windows KeyHook] c:\windows\system32\keyhook.exe

mRun: [siSUSBRG] c:\windows\SiSUSBrg.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [PCTVOICE] pctspk.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [PowerS] c:\windows\PowerS.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [QD FastAndSafe]

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [Device Detector] DevDetect.exe -autorun

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

StartupFolder: c:\docume~1\peter\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~2.lnk - c:\program files\intervideo\windvr\WinScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remote~1.lnk - c:\program files\prolink\playtv mpeg ii\TVRMVCR.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

Trusted Zone: weightwatchers.com

DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - file://C:/Program Files/F5 VPN/F5_TMP/f5certchk.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab

DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1093076765187

DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://connect.marinemax.com/CitrixSessionInit/ICAWEB/icaweb.cab

DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - file://C:/Program Files/F5 VPN/F5_TMP/cachecleaner.cab

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - file://C:/Program Files/F5 VPN/F5_TMP/urxvpn.cab

DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - file://C:/Program Files/F5 VPN/F5_TMP/f5tunsrv.cab

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cab

DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab

DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://connections.weightwatchers.com/vdesk/terminal/f5InspectionHost.cab#version=6031,2010,0617,2003

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cab

DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38119.0834027778

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://meetings.webex.com/client/T26L10NSP49/webex/ieatgpc.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - file://C:/Program Files/F5 VPN/F5_TMP/urxhost.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://connections.weightwatchers.com/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2010,0617,2012

DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

IFEO: image file execution options - svchost.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\peter\applic~1\mozilla\firefox\profiles\xyonhl99.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://connections.weightwatchers.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d19c4f0&i=23&tp=ab&nt=1&q=

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\peter\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\documents and settings\peter\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\documents and settings\peter\application data\mozilla\firefox\profiles\xyonhl99.default\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dll

FF - plugin: c:\documents and settings\peter\application data\mozilla\plugins\npCtxCAO.dll

FF - plugin: c:\documents and settings\peter\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\weightwatchers browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: F5 Networks Host Plugin: {DBBB3167-6E81-400f-BBFD-BD8921726F52} - %profile%\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\peter\application data\Move Networks

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton systemworks\norton antivirus\Savrtpel.sys [2003-11-7 37056]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2009-11-18 443460]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2010-1-25 33920]

S2 BT878;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT878.SYS [2004-10-10 99334]

S2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\Bttuner.sys [2004-10-10 21824]

S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\Btxbar.sys [2004-10-10 12796]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-8-3 6016]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2010-10-28 10752]

S3 GzOFBus;CASIO C721 USB Composite device driver;c:\windows\system32\drivers\GzOFBus.sys [2010-8-17 40080]

S3 GzOFMdm;CASIO C721 CDMA USB Modem;c:\windows\system32\drivers\GzOFMdm.sys [2010-8-17 61072]

S3 GzOFVsp;CASIO C721 USB Virtual Serial Port Driver;c:\windows\system32\drivers\GzOFVsp.sys [2010-8-17 61072]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-8-3 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-8-3 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-8-3 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-8-3 9472]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20051005.037\NAVENG.Sys [2005-10-6 77816]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20051005.037\NavEx15.Sys [2005-10-6 665816]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2004-9-29 31872]

S3 SAVRT;SAVRT;c:\program files\norton systemworks\norton antivirus\savrt.sys [2003-11-7 308416]

S4 gei8042;Wireless i8042 Keyboard and PS/2 Mouse Port Driver;c:\windows\system32\drivers\gensmps2.sys --> c:\windows\system32\drivers\gensmps2.sys [?]

=============== Created Last 30 ================

2010-12-28 11:40:12 -------- d--h--w- C:\$AVG

2010-12-28 11:09:51 -------- d-----w- c:\docume~1\peter\applic~1\AVG10

2010-12-28 11:06:27 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-12-28 11:03:31 -------- d-----w- c:\windows\system32\drivers\AVG

2010-12-28 11:03:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-12-28 11:02:46 -------- d-----w- c:\program files\AVG

2010-12-28 09:34:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-12-14 19:08:33 45568 ------w- c:\windows\system32\dllcache\wab.exe

2010-12-14 19:08:12 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-08 12:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 19:56:46.54 ===============

This is the GMER Log:

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2011-01-05 20:33:21

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3300620A rev.3.AAC

Running: mmgfn1p9.exe; Driver: C:\DOCUME~1\Peter\LOCALS~1\Temp\pgtdipow.sys

---- System - GMER 1.0.15 ----

SSDT 82C60148 ZwConnectPort

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB99F26C0]

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF60EE620]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB99F2810]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB99F28B0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF80C2360, 0x24BB1D, 0xE8000020]

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7FCB510]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3372] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0

sector 08: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.app\Contents 0 bytes

---- EOF - GMER 1.0.15 ----

The ark file follows;