peterz Posted January 6, 2011 ID:370558 Share Posted January 6, 2011 Happy New Year!When I attempt to navigate to some web sites I am directed to FindGala. Malwarebytes comes up clean. Notepad did not give me an option to "Send to", I pasted the other files. Sorry if this is a transgression, I am a novice and want to make this as easy as possible.Thank you very much,PeterZHere is my most recent malwarebytes log.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4867Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187021/6/2011 12:15:57 AMmbam-log-2011-01-06 (00-15-57).txtScan type: Full scan (C:\|)Objects scanned: 420778Time elapsed: 3 hour(s), 4 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Here is the DDS log file;DDS (Ver_10-12-12.02) - NTFSx86 Run by Peter at 19:54:28.68 on Wed 01/05/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.84 [GMT -8:00]AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Security Master AV *Enabled/Updated* {A43C7926-FB8F-4DBE-A5AD-BF7D3CF0B09C}AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}FW: Security Master AV *Enabled* ============== Running Processes ===============C:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\F5InstallerService.exeC:\Program Files\Motorola\MotoConnectService\MotoConnectService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG10\avgnsx.exeC:\Program Files\Motorola\MotoConnectService\MotoConnect.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\keyhook.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\PowerS.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\Logi_MwX.ExeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exeC:\Program Files\AVG\AVG10\avgtray.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeC:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\Program Files\InterVideo\WinDVR\WinScheduler.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\WINDOWS\system32\sistray.exeC:\Program Files\V CAST Media Manager\MEMonitor.exeC:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\AVG\AVG10\avgrsx.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\HP\hpcoretech\comp\hptskmgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Peter\Desktop\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://www.yahoo.com/uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.comuSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.htmluInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = http=localhost:8083uInternet Settings,ProxyOverride = ;localhost;<local>;*.localuSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.commSearchAssistant = hxxp://home.peoplepc.com/searchBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dllBHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop search\GoogleDesktopIE.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dllBHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton systemworks\norton antivirus\NavShExt.dllTB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton systemworks\norton antivirus\NavShExt.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exeuRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [Google Update] "c:\documents and settings\peter\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exemRun: [siS Windows KeyHook] c:\windows\system32\keyhook.exemRun: [siSUSBRG] c:\windows\SiSUSBrg.exemRun: [soundMan] SOUNDMAN.EXEmRun: [PCTVOICE] pctspk.exemRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [PowerS] c:\windows\PowerS.exemRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exemRun: [Logitech Utility] Logi_MwX.ExemRun: [QD FastAndSafe] mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorunmRun: [Device Detector] DevDetect.exe -autorunmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exeStartupFolder: c:\docume~1\peter\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~2.lnk - c:\program files\intervideo\windvr\WinScheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remote~1.lnk - c:\program files\prolink\playtv mpeg ii\TVRMVCR.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dllTrusted Zone: weightwatchers.comDPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - file://C:/Program Files/F5 VPN/F5_TMP/f5certchk.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cabDPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1093076765187DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://connect.marinemax.com/CitrixSessionInit/ICAWEB/icaweb.cabDPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - file://C:/Program Files/F5 VPN/F5_TMP/cachecleaner.cabDPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - file://C:/Program Files/F5 VPN/F5_TMP/urxvpn.cabDPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cabDPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - file://C:/Program Files/F5 VPN/F5_TMP/f5tunsrv.cabDPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - file://C:/Program Files/F5 VPN/F5_TMP/InstallerControl.cabDPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cabDPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://connections.weightwatchers.com/vdesk/terminal/f5InspectionHost.cab#version=6031,2010,0617,2003DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabDPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cabDPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files/F5 VPN/F5_TMP/f5GroupPolicyAgent.cabDPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38119.0834027778DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - file://C:/Program Files/F5 VPN/F5_TMP/urxshost.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://meetings.webex.com/client/T26L10NSP49/webex/ieatgpc.cabDPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - file://C:/Program Files/F5 VPN/F5_TMP/urxhost.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://connections.weightwatchers.com/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2010,0617,2012DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files/F5 VPN/F5_TMP/f5opswati.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLIFEO: image file execution options - svchost.exe================= FIREFOX ===================FF - ProfilePath - c:\docume~1\peter\applic~1\mozilla\firefox\profiles\xyonhl99.default\FF - prefs.js: browser.search.selectedEngine - AVG Secure SearchFF - prefs.js: browser.startup.homepage - hxxp://connections.weightwatchers.comFF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d19c4f0&i=23&tp=ab&nt=1&q=FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dllFF - plugin: c:\documents and settings\peter\application data\move networks\plugins\npqmp071701000002.dllFF - plugin: c:\documents and settings\peter\application data\move networks\plugins\npqmp071705000014.dllFF - plugin: c:\documents and settings\peter\application data\mozilla\firefox\profiles\xyonhl99.default\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dllFF - plugin: c:\documents and settings\peter\application data\mozilla\plugins\npCtxCAO.dllFF - plugin: c:\documents and settings\peter\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\weightwatchers browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: F5 Networks Host Plugin: {DBBB3167-6E81-400f-BBFD-BD8921726F52} - %profile%\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtensionFF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\FirefoxFF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\peter\application data\Move Networks============= SERVICES / DRIVERS ===============R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]R1 SAVRTPEL;SAVRTPEL;c:\program files\norton systemworks\norton antivirus\Savrtpel.sys [2003-11-7 37056]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2009-11-18 443460]R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2010-1-25 33920]S2 BT878;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT878.SYS [2004-10-10 99334]S2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\Bttuner.sys [2004-10-10 21824]S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\Btxbar.sys [2004-10-10 12796]S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-8-3 6016]S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2010-10-28 10752]S3 GzOFBus;CASIO C721 USB Composite device driver;c:\windows\system32\drivers\GzOFBus.sys [2010-8-17 40080]S3 GzOFMdm;CASIO C721 CDMA USB Modem;c:\windows\system32\drivers\GzOFMdm.sys [2010-8-17 61072]S3 GzOFVsp;CASIO C721 USB Virtual Serial Port Driver;c:\windows\system32\drivers\GzOFVsp.sys [2010-8-17 61072]S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-8-3 19712]S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-8-3 8320]S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-8-3 23424]S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-8-3 9472]S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20051005.037\NAVENG.Sys [2005-10-6 77816]S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20051005.037\NavEx15.Sys [2005-10-6 665816]S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2004-9-29 31872]S3 SAVRT;SAVRT;c:\program files\norton systemworks\norton antivirus\savrt.sys [2003-11-7 308416]S4 gei8042;Wireless i8042 Keyboard and PS/2 Mouse Port Driver;c:\windows\system32\drivers\gensmps2.sys --> c:\windows\system32\drivers\gensmps2.sys [?]=============== Created Last 30 ================2010-12-28 11:40:12 -------- d--h--w- C:\$AVG2010-12-28 11:09:51 -------- d-----w- c:\docume~1\peter\applic~1\AVG102010-12-28 11:06:27 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files2010-12-28 11:03:31 -------- d-----w- c:\windows\system32\drivers\AVG2010-12-28 11:03:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG102010-12-28 11:02:46 -------- d-----w- c:\program files\AVG2010-12-28 09:34:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData2010-12-14 19:08:33 45568 ------w- c:\windows\system32\dllcache\wab.exe2010-12-14 19:08:12 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys2010-12-08 12:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys==================== Find3M ====================2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys============= FINISH: 19:56:46.54 ===============This is the GMER Log:GMER 1.0.15.15530 - http://www.gmer.netRootkit scan 2011-01-05 20:33:21Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3300620A rev.3.AACRunning: mmgfn1p9.exe; Driver: C:\DOCUME~1\Peter\LOCALS~1\Temp\pgtdipow.sys---- System - GMER 1.0.15 ----SSDT 82C60148 ZwConnectPortSSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB99F26C0]SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF60EE620]SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB99F2810]SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB99F28B0]---- Kernel code sections - GMER 1.0.15 ----.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF80C2360, 0x24BB1D, 0xE8000020]init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7FCB510]---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 sector 08: copy of MBR---- Files - GMER 1.0.15 ----File C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.app\Contents 0 bytes---- EOF - GMER 1.0.15 ----The ark file follows;GMER 1.0.15.15530 - http://www.gmer.netRootkit scan 2011-01-05 20:33:21Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3300620A rev.3.AACRunning: mmgfn1p9.exe; Driver: C:\DOCUME~1\Peter\LOCALS~1\Temp\pgtdipow.sys---- System - GMER 1.0.15 ----SSDT 82C60148 ZwConnectPortSSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB99F26C0]SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF60EE620]SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB99F2810]SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB99F28B0]---- Kernel code sections - GMER 1.0.15 ----.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF80C2360, 0x24BB1D, 0xE8000020]init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7FCB510]---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[3372] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 sector 08: copy of MBR---- Files - GMER 1.0.15 ----File C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.app\Contents 0 bytes---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
LDTate Posted January 7, 2011 ID:370962 Share Posted January 7, 2011 http://forums.malwarebytes.org/index.php?showtopic=72000 Link to post Share on other sites More sharing options...
Recommended Posts