Jump to content

Virus, spyware, or malware?


Recommended Posts

Its been over 2 days I hope Im postin in right place.

Im on a Hp laptop useing vista home prem. I use AVG free. I hope posting in right place my comp started running real slow yesterday so i tried to run Malware and kept getting "cannot find path" then tried to run Avg got the same went to safe mode did the same then cpu would turn off by itself or go to blue screen with fatal error, anyways been doin it since last nite Finally got it to stay open in safe mode w/networking and redownloaded Malware, restarted and said needed to update then got an error there but went to scan screen so started full scan but then it just shut down and didnt get to scan cant get it back up PLZ PLZ PLZ PLZ PLZ HELP!!!

I just did dds.com scan hope this helps

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_25

Run by Shell at 17:53:29 on 2011-08-22

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3006.1308 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\3203397148:3809022017.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\real\realplayer\Update\realsched.exe

C:\Windows\system32\CSHelper.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\ProgramData\Mattel\Watcher\jpjwatcher.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\iWin Games\iWinTrusted.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\lxcycoms.exe

C:\Program Files\Online Vault\OnlineVault.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\NETGEAR\WG111T\wlan111t.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Users\Shell\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Shell\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k SDRSVC

c:\program files\windows defender\MpCmdRun.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shell\Downloads\Defogger.exe

C:\Users\Shell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60391

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mWindow Title = Microsoft Internet Explorer

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60391

mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60391

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll

mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\shell\appdata\roaming\flashgetbho\FlashGetBHO3.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: BearSharePersonalization: {dd1849ea-8403-4441-8dff-7575aae1dc16} - c:\program files\bearshare applications\personalization\BearSharePersonalizationIE_v1040.dll

BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll

TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\shell\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\Flashget3.exe" -minimize

uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup

uRun: [OnlineVault] "c:\program files\online vault\OnlineVault.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRunOnce: [MVHSend] c:\program files\myvirtualhome\MVHSend.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [JPJWatcher] c:\programdata\mattel\watcher\jpjwatcher.exe

StartupFolder: c:\users\shell\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shell\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe

uPolicies-explorer: NoFileSharing = 1 (0x1)

uPolicies-system: NoSecCPL = 0 (0x0)

uPolicies-system: NoDevMgrPage = 0 (0x0)

uPolicies-system: NoConfigPage = 0 (0x0)

uPolicies-system: NoVirtMemPage = 0 (0x0)

uPolicies-system: NoFileSysPage = 0 (0x0)

uPolicies-system: NoNetSetup = 0 (0x0)

uPolicies-system: NoNetSetupIDPage = 0 (0x0)

uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)

uPolicies-system: NoWorkgroupContents = 0 (0x0)

uPolicies-system: NoEntireNetwork = 0 (0x0)

uPolicies-system: NoFileSharingControl = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download All By FlashGet3 - c:\users\shell\appdata\roaming\flashgetbho\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\shell\appdata\roaming\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {FA32182A-EA44-4583-803B-AA827F0D4E06} - c:\progra~1\online~2\ONLINE~1.EXE

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

LSP: c:\windows\system32\wpclsp.dll

LSP: mswsock.dll

Trusted Zone: kuaiche.com\software

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab

DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BEC0A1F5-5F98-4B2A-9297-EF4BCDEE05D5} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DFD50F7A-7359-4A2F-9524-342410C923D0} : DhcpNameServer = 192.168.2.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\shell\appdata\roaming\mozilla\firefox\profiles\yxpjku5k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da84ee3&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll

FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll

FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\shell\appdata\roaming\mozilla\firefox\profiles\yxpjku5k.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll

FF - component: c:\users\shell\appdata\roaming\mozilla\firefox\profiles\yxpjku5k.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\shell\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\shell\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\users\shell\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-22 20392]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-11-22 266240]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-7-22 722616]

R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]

R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-1 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 947528]

S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2010-9-24 21504]

S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2010-9-24 20480]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-1 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-1 136176]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2008-3-11 29824]

S3 PTDUMdm;PANTECH UM175 Drivers ;c:\windows\system32\drivers\PTDUMdm.sys [2008-3-11 41344]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port ;c:\windows\system32\drivers\PTDUVsp.sys [2008-3-11 39936]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2008-3-11 59776]

S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\drivers\WG111Tv.sys [2010-9-24 870400]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

regfile=NOTEPAD.EXE %1

scrfile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-08-23 00:15:55 -------- d-sh--w- C:\found.002

2011-08-22 19:27:32 709968 ----a-w- c:\windows\isRS-000.tmp

2011-08-22 12:49:35 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-08-22 12:49:34 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-08-16 20:42:57 -------- d-----w- c:\programdata\Mattel

2011-08-12 14:43:23 -------- d-----w- c:\program files\Free Offers from Freeze.com

.

==================== Find3M ====================

.

2011-08-22 20:03:56 146980442 ----a-w- c:\windows\DUMP4e0f.tmp

2011-08-22 13:18:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-08 19:01:38 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-08-08 19:01:28 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-07-19 19:42:44 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 17:56:27.93 ===============

Link to post
Share on other sites

  • Staff

Hello and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

I forgot to tell u that after I did the dds.com scan and I was waiting for a reply on here and got the blue shut down screen and I have never re enabaled whatever it had me disable. I also DL the GMER Rootkit Scanner but it wont run even under Adminsrator, just tried again to run malwarebytes & Avg scan and they still say cannot find path. Last but not least when combofix was going I say it say it found Rootkit Zero Access in the tcp/ip stack hope that helps. Thanks again for ur time :D

Thanks SOOOOOOOOO much for helping me! Have not been able to run Malwarebytes for lat 5 days most it will go is 11 sec. then shuts down but heres combo fix log

ComboFix 11-08-25.01 - Shell 08/25/2011 20:34:16.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3006.1800 [GMT -4:00]

Running from: c:\users\Shell\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\FREEzeFrog

c:\program files\FREEzeFrog\bin\1.0.663.0\FREEzeFrogSAHook.dll

c:\program files\iWin Games\iWINgameshookie.dll

c:\program files\MegaRadPopMaster

c:\program files\SelectRebates

c:\program files\SelectRebates\FFToolbar\chrome.manifest

c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar

c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js

c:\program files\SelectRebates\FFToolbar\install.rdf

c:\program files\SelectRebates\SelectAlerts.dat

c:\program files\SelectRebates\SelectRebates.exe

c:\program files\SelectRebates\SelectRebates.ini

c:\program files\SelectRebates\SelectRebatesA.dat

c:\program files\SelectRebates\SelectRebatesApi.exe

c:\program files\SelectRebates\SelectRebatesB.dat

c:\program files\SelectRebates\SelectRebatesBT.dat

c:\program files\SelectRebates\SelectRebatesDownload.exe

c:\program files\SelectRebates\SelectRebatesUninstall.exe

c:\program files\SelectRebates\SRebates.dll

c:\program files\SelectRebates\SRFF3.dll

c:\program files\SelectRebates\Toolbar\AddtoList.bmp

c:\program files\SelectRebates\Toolbar\basis.xml

c:\program files\SelectRebates\Toolbar\Basis.xml.dym

c:\program files\SelectRebates\Toolbar\Blank.bmp

c:\program files\SelectRebates\Toolbar\CashBack.bmp

c:\program files\SelectRebates\Toolbar\Coupons.bmp

c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp

c:\program files\SelectRebates\Toolbar\i_magnifying.bmp

c:\program files\SelectRebates\Toolbar\icons.bmp

c:\program files\SelectRebates\Toolbar\logo.bmp

c:\program files\SelectRebates\Toolbar\logo_24.bmp

c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp

c:\program files\SelectRebates\Toolbar\ReviewSite.bmp

c:\program files\SelectRebates\Toolbar\RightControls.dym

c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp

c:\program files\SelectRebates\Toolbar\sahtb-go.bmp

c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp

c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp

c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp

c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp

c:\program files\SelectRebates\Toolbar\Scissors.bmp

c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

c:\users\Shell\AppData\Roaming\FREEzeFrog

c:\users\Shell\AppData\Roaming\inst.exe

c:\users\Shell\AppData\Roaming\Microsoft\Windows\Recent\More.URL

c:\users\Shell\AppData\Roaming\Microsoft\Windows\Recent\ReadMeFirst.url

c:\windows\$NtUninstallKB3255$\3894512458

c:\windows\$NtUninstallKB3255$\485945278\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

c:\windows\$NtUninstallKB3255$\485945278\click.tlb

c:\windows\$NtUninstallKB3255$\485945278\L\qnbwvoto

c:\windows\$NtUninstallKB3255$\485945278\loader.tlb

c:\windows\$NtUninstallKB3255$\485945278\U\$000000c0

c:\windows\$NtUninstallKB3255$\485945278\U\$000000cb

c:\windows\$NtUninstallKB3255$\485945278\U\@00000001

c:\windows\$NtUninstallKB3255$\485945278\U\@000000c0

c:\windows\$NtUninstallKB3255$\485945278\U\@000000cb

c:\windows\$NtUninstallKB3255$\485945278\U\@000000cf

c:\windows\$NtUninstallKB3255$\485945278\U\@80000000

c:\windows\$NtUninstallKB3255$\485945278\U\@800000c0

c:\windows\$NtUninstallKB3255$\485945278\U\@800000cb

c:\windows\$NtUninstallKB3255$\485945278\U\@800000cf

c:\windows\system32\c_47915.nl_

.

c:\windows\3203397148:3809022017.exe . . . is infected!!

.

c:\program files\AVG\AVG10\avgwdsvc.exe . . . is infected!!

.

c:\windows\system32\CSHelper.exe . . . is infected!!

.

c:\program files\Google\Update\GoogleUpdate.exe . . . is infected!!

.

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe . . . is infected!!

.

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe . . . is infected!!

.

c:\program files\iolo\Common\Lib\ioloServiceManager.exe . . . is infected!!

.

c:\program files\iWin Games\iWinTrusted.exe . . . is infected!!

.

c:\program files\Common Files\LightScribe\LSSrvc.exe . . . is infected!!

.

Infected copy of c:\windows\system32\lxcycoms.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\lxcyprc.inf_3dbb3025\i386\lxcycoms.exe

.

Infected copy of c:\windows\system32\nvvsvc.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\nvwh.inf_54c23b5f\nvvsvc.exe

.

c:\windows\system32\PnkBstrA.exe . . . is infected!!

.

c:\program files\TomTom HOME 2\TomTomHOMEService.exe . . . is infected!!

.

Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\hpqherzm.inf_8705e467\XAudio.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_1cf6efbe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))

.

.

2011-08-26 01:06 . 2011-08-26 01:07 43408 --sha-w- c:\windows\system32\c_47915.nl_

2011-08-26 01:04 . 2011-08-26 01:08 -------- d-----w- c:\users\Shell\AppData\Local\temp

2011-08-26 01:04 . 2011-08-26 01:04 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-08-26 01:04 . 2011-08-26 01:04 -------- d-----w- c:\users\Kids\AppData\Local\temp

2011-08-26 01:04 . 2011-08-26 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-23 16:15 . 2011-08-23 16:15 -------- d-----w- C:\Shell

2011-08-23 00:15 . 2011-08-23 00:15 -------- d-----w- C:\found.002

2011-08-22 12:49 . 2011-08-22 12:49 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-08-22 12:49 . 2011-08-22 12:49 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-08-16 20:42 . 2011-08-16 20:44 -------- d-----w- c:\programdata\Mattel

2011-08-12 14:43 . 2011-08-12 14:43 -------- d-----w- c:\program files\Free Offers from Freeze.com

2011-08-03 21:56 . 2011-08-03 21:56 -------- d-----w- c:\users\Kids\AppData\Local\AVG Security Toolbar

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-23 11:22 . 2006-11-02 08:57 66048 ----a-w- c:\windows\system32\drivers\smb.sys

2011-08-22 20:03 . 2007-12-31 17:59 146980442 ----a-w- c:\windows\DUMP4e0f.tmp

2011-08-22 13:18 . 2011-07-03 01:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-16 12:48 . 2011-08-23 21:06 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4EA79AAC-27F0-4E6A-9F87-A364556DF01D}\mpengine.dll

2011-08-08 19:01 . 2008-10-22 14:38 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-08-08 19:01 . 2008-10-22 14:38 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-07-19 19:42 . 2011-07-22 13:21 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-06 23:52 . 2010-07-11 04:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-07-11 04:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 12:49 . 2011-04-22 03:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]

2008-01-28 18:06 641464 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1040.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408]

"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072]

"OnlineVault"="c:\program files\Online Vault\OnlineVault.exe" [2010-03-19 2459136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-03 273544]

"JPJWatcher"="c:\programdata\Mattel\Watcher\jpjwatcher.exe" [2011-08-16 194560]

.

c:\users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Shell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-9-24 995328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileSharing"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 TfFsMon;TfFsMon; [x]

R0 TfSysMon;TfSysMon; [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 136176]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]

R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]

R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 136176]

R3 I97DRIVER;I97DRIVER; [x]

R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-03-11 29824]

R3 PTDUMdm;PANTECH UM175 Drivers ;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-03-11 41344]

R3 PTDUVsp;PANTECH UM175 Diagnostic Port ;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-03-11 39936]

R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-03-11 59776]

R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tv.sys [2007-06-01 870400]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 20392]

S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-01-27 266240]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-07-19 722616]

S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2011-04-08 176848]

S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2007-06-20 537264]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-15 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-26 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-20 03:45]

.

2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 02:12]

.

2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 02:12]

.

2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675819506-889393583-3195363467-1000Core.job

- c:\users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05 01:04]

.

2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675819506-889393583-3195363467-1000UA.job

- c:\users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05 01:04]

.

2011-08-26 c:\windows\Tasks\User_Feed_Synchronization-{7D662327-DD37-4616-8405-233756DD78DD}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mWindow Title = Microsoft Internet Explorer

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download All By FlashGet3 - c:\users\Shell\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Shell\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{FA32182A-EA44-4583-803B-AA827F0D4E06} - c:\progra~1\ONLINE~2\ONLINE~1.EXE

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: kuaiche.com\software

TCP: DhcpNameServer = 192.168.2.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\users\Shell\AppData\Roaming\Mozilla\Firefox\Profiles\yxpjku5k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da84ee3&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-25 21:08

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB3255$:SummaryInformation 0 bytes hidden from API

c:\windows\3203397148:3809022017.exe 816 bytes executable

c:\users\Shell\AppData\Local\Temp\etilqs_ddAl4YgCf6wICdLlmqWI 3608 bytes

c:\users\Shell\AppData\Local\Temp\etilqs_j8DC76sNss8fywq6Ie8S 3072 bytes

c:\users\Shell\AppData\Local\Temp\etilqs_PN1ktOxzHttb5dlI0I40 2056 bytes

c:\windows\TEMP\TMP000000055F77F07F4DF40203 524288 bytes

.

scan completed successfully

hidden files: 6

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,10,60,6c,7b,a8,b1,40,b5,21,f3,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,10,60,6c,7b,a8,b1,40,b5,21,f3,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\WLANExt.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\sdclt.exe

.

**************************************************************************

.

Completion time: 2011-08-26 00:33:34 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-26 04:33

.

Pre-Run: 35,050,553,344 bytes free

Post-Run: 34,735,308,800 bytes free

.

- - End Of File - - 7311D052604D64949934EAB2A4D222DD

Link to post
Share on other sites

hello heres the logs u asked for. hope its not to bad I really need my computer back! <_<

File name:

PnkBstrA.exe

Submission date:

2011-08-31 09:15:21 (UTC)

Current status:

finished

Result:

37/ 44 (84.1%)

AhnLab-V3 2011.08.31.00 2011.08.31 Win-Trojan/Patched.DD

AntiVir 7.11.14.38 2011.08.31 W32/PatchLoad.A

Antiy-AVL 2.0.3.7 2011.08.31 -

Avast 4.8.1351.0 2011.08.31 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.31 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.31 Win32/Katusha.A

BitDefender 7.2 2011.08.31 Trojan.Patched.HE

ByteHero 1.0.0.1 2011.08.22 -

CAT-QuickHeal 11.00 2011.08.31 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.31 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.31 W32/Patched.G

Comodo 9940 2011.08.31 TrojWare.Win32.Patched.HN

DrWeb 5.0.2.03300 2011.08.31 Trojan.Starter.1695

Emsisoft 5.1.0.11 2011.08.31 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.30 -

eTrust-Vet 36.1.8532 2011.08.31 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.31 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.31 Trojan.Patched.HE

Fortinet 4.3.370.0 2011.08.30 W32/Patched.MF!tr

GData 22 2011.08.31 Trojan.Patched.HE

Ikarus T3.1.1.107.0 2011.08.31 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.30 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.31 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.31 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.30 Heuristic.LooksLike.Win32.SuspiciousPE.J

Microsoft 1.7604 2011.08.31 Virus:Win32/Patchload.O

NOD32 6423 2011.08.31 Win32/Patched.HN

Norman 6.07.10 2011.08.31 W32/Patched.BH

nProtect 2011-08-31.02 2011.08.31 -

Panda 10.0.3.5 2011.08.30 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.31 Trojan.Paccyn

Prevx 3.0 2011.08.31 -

Rising 23.73.01.03 2011.08.30 Win32.Loader.li

Sophos 4.68.0 2011.08.31 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.31 -

Symantec 20111.2.0.82 2011.08.31 Trojan.Paccyn!inf

TheHacker 6.7.0.1.286 2011.08.31 -

TrendMicro 9.500.0.1008 2011.08.30 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.31 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.30 Trojan-Spy.Zbot.gen

VIPRE 10324 2011.08.31 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.31.4649 2011.08.31 Win32.Patched.BE

VirusBuster 14.0.193.0 2011.08.30 Win32.Katusha.Gen

Additional information

MD5 : c20050ea096c94ac0f14f10f07e19c51

SHA1 : 2efd719913d374d6a7a8791d36366f952e89a1bc

SHA256: 8781059e1ff6e09587453f5b75cbbba738232e2b23409cde5128d47ab76d6e82

File name:

GoogleUpdate.exe

Submission date:

2011-08-31 09:15:55 (UTC)

Current status:

analysing

Result:

25/ 26 (96.2%)

AhnLab-V3 2011.08.31.00 2011.08.31 Win-Trojan/Patched.DD

AntiVir 7.11.14.38 2011.08.31 TR/Spy.136176.1

Antiy-AVL 2.0.3.7 2011.08.31 Trojan/Win32.Zbot.gen

Avast 4.8.1351.0 2011.08.31 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.31 PSW.Generic8.BWCH

BitDefender 7.2 2011.08.31 Trojan.Patched.HE

ByteHero 1.0.0.1 2011.08.22 Trojan.Win32.Heur.Gen

ClamAV 0.97.0.0 2011.08.31 Trojan.Patched-167

Comodo 9940 2011.08.31 UnclassifiedMalware

DrWeb 5.0.2.03300 2011.08.31 Trojan.Starter.1695

Emsisoft 5.1.0.11 2011.08.31 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.30 Win32.TRSpy

F-Secure 9.0.16440.0 2011.08.31 Trojan.Patched.HE

GData 22 2011.08.31 Trojan.Patched.HE

Kaspersky 9.0.0.837 2011.08.31 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.31 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.30 W32/Katusha

Microsoft 1.7604 2011.08.31 Virus:Win32/Patchload.O

Norman 6.07.10 2011.08.31 W32/Patched.BH

Panda 10.0.3.5 2011.08.30 W32/Katusha.BN

Sophos 4.68.0 2011.08.31 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.31 -

Symantec 20111.2.0.82 2011.08.31 Trojan.Paccyn!inf

VBA32 3.12.16.4 2011.08.30 TrojanSpy.Zbot.gen

ViRobot 2011.8.31.4649 2011.08.31 Win32.Patched.BE

VirusBuster 14.0.193.0 2011.08.30 Win32.Katusha.Gen

Additional information

MD5 : b488a83b6c00e38aaf5fb4ce1a26ca07

SHA1 : 869fd5e792e58be5a6189eee1714e8582ea1d29f

SHA256: 4be3dfcf1d5f16224eb0e4cda5a5fc1628125679217d4f376b5c320ef4abaed5

File name:

CSHelper.exe

Submission date:

2011-08-31 09:08:02 (UTC)

Current status:

finished

Result:

38/ 44 (86.4%)

AhnLab-V3 2011.08.31.00 2011.08.31 Win-Trojan/Patched.DD

AntiVir 7.11.14.38 2011.08.31 W32/PatchLoad.A

Antiy-AVL 2.0.3.7 2011.08.31 -

Avast 4.8.1351.0 2011.08.31 Win32:Patched-WQ [Trj]

Avast5 5.0.677.0 2011.08.31 Win32:Patched-WQ [Trj]

AVG 10.0.0.1190 2011.08.31 Win32/Katusha.A

BitDefender 7.2 2011.08.31 Trojan.Patched.HE

ByteHero 1.0.0.1 2011.08.22 Trojan.Win32.Heur.Gen

CAT-QuickHeal 11.00 2011.08.31 W32.Patchload.O

ClamAV 0.97.0.0 2011.08.31 Trojan.Patched-167

Commtouch 5.3.2.6 2011.08.31 W32/Patched.G

Comodo 9940 2011.08.31 TrojWare.Win32.Patched.HN

DrWeb 5.0.2.03300 2011.08.31 Trojan.Starter.1695

Emsisoft 5.1.0.11 2011.08.31 Trojan-Spy.Win32.Zbot!IK

eSafe 7.0.17.0 2011.08.30 -

eTrust-Vet 36.1.8532 2011.08.31 Win32/Patchload.U

F-Prot 4.6.2.117 2011.08.31 W32/Patched.G

F-Secure 9.0.16440.0 2011.08.31 Trojan.Patched.HE

Fortinet 4.3.370.0 2011.08.30 W32/Patched.MF!tr

GData 22 2011.08.31 Trojan.Patched.HE

Ikarus T3.1.1.107.0 2011.08.31 Trojan-Spy.Win32.Zbot

Jiangmin 13.0.900 2011.08.30 TrojanSpy.Zbot.adxr

K7AntiVirus 9.111.5068 2011.08.29 Trojan

Kaspersky 9.0.0.837 2011.08.31 Trojan.Win32.Patched.mf

McAfee 5.400.0.1158 2011.08.31 W32/Katusha

McAfee-GW-Edition 2010.1D 2011.08.30 Heuristic.LooksLike.Win32.SuspiciousPE.J

Microsoft 1.7604 2011.08.31 Virus:Win32/Patchload.O

NOD32 6423 2011.08.31 Win32/Patched.HN

Norman 6.07.10 2011.08.31 W32/Patched.BH

nProtect 2011-08-31.02 2011.08.31 -

Panda 10.0.3.5 2011.08.30 W32/Katusha.BN

PCTools 8.0.0.5 2011.08.31 Trojan.Katusha

Prevx 3.0 2011.08.31 -

Rising 23.73.01.03 2011.08.30 Win32.Loader.li

Sophos 4.68.0 2011.08.31 W32/Patched-AK

SUPERAntiSpyware 4.40.0.1006 2011.08.31 -

Symantec 20111.2.0.82 2011.08.31 Trojan.Katusha.A!inf

TheHacker 6.7.0.1.286 2011.08.31 -

TrendMicro 9.500.0.1008 2011.08.30 PTCH_KATUSHA.W

TrendMicro-HouseCall 9.500.0.1008 2011.08.31 PTCH_KATUSHA.W

VBA32 3.12.16.4 2011.08.30 Trojan-Spy.Zbot.gen

VIPRE 10324 2011.08.31 Virus.Win32.Agent.mpq (v)

ViRobot 2011.8.31.4649 2011.08.31 Win32.Patched.BE

VirusBuster 14.0.193.0 2011.08.30 Win32.Katusha.Gen

Additional information

MD5 : 1bc0e6919cfef67c04323fc2e8c45f99

SHA1 : d4678780ac193c869a83f5dcc230a8a66b81eb0b

SHA256: 487b43ceaac3e9dac24af524cb65b58297cb257d14e4cca6a5bb4e5aaecb01a5

Link to post
Share on other sites

  • Staff

Hi,

First uninstall this from Add or Remove Programs:

iWin Games.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

ADS::
c:\windows\3203397148
File::
c:\program files\AVG\AVG10\avgwdsvc.exe
c:\windows\system32\CSHelper.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iolo\Common\Lib\ioloServiceManager.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
KILLALL::
MIA::
c:\program files\AVG\AVG10\avgwdsvc.exe
c:\windows\system32\CSHelper.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iolo\Common\Lib\ioloServiceManager.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

ComboFix 11-09-02.04 - Shell 09/03/2011 10:35:37.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3006.1737 [GMT -4:00]

Running from: c:\users\Shell\Desktop\ComboFix.exe

Command switches used :: c:\users\Shell\Desktop\CFScript.txt

.

FILE ::

"c:\program files\AVG\AVG10\avgwdsvc.exe"

"c:\program files\Common Files\LightScribe\LSSrvc.exe"

"c:\program files\Google\Update\GoogleUpdate.exe"

"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe"

"c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe"

"c:\program files\iolo\Common\Lib\ioloServiceManager.exe"

"c:\program files\iWin Games\iWinTrusted.exe"

"c:\program files\TomTom HOME 2\TomTomHOMEService.exe"

"c:\windows\system32\CSHelper.exe"

"c:\windows\system32\PnkBstrA.exe"

.

ADS - 3203397148: deleted 816 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB3255$\3599332168

c:\windows\system32\c_47915.nl_

.

c:\program files\AVG\AVG10\avgwdsvc.exe . . . is infected!!

.

c:\windows\system32\CSHelper.exe . . . is infected!!

.

c:\program files\Google\Update\GoogleUpdate.exe . . . is infected!!

.

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe . . . is infected!!

.

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe . . . is infected!!

.

c:\program files\iolo\Common\Lib\ioloServiceManager.exe . . . is infected!!

.

c:\program files\Common Files\LightScribe\LSSrvc.exe . . . is infected!!

.

c:\windows\system32\PnkBstrA.exe . . . is infected!!

.

c:\program files\TomTom HOME 2\TomTomHOMEService.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))

.

.

2011-09-03 15:31 . 2011-09-03 15:32 43408 --sha-w- c:\windows\system32\c_47915.nl_

2011-09-03 15:29 . 2011-09-03 15:29 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-09-03 15:29 . 2011-09-03 15:29 -------- d-----w- c:\users\Kids\AppData\Local\temp

2011-09-03 15:29 . 2011-09-03 15:29 -------- d-----w- c:\users\Kevin\AppData\Local\temp

2011-09-03 15:29 . 2011-09-03 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-02 22:16 . 2011-09-02 22:16 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll

2011-09-02 22:16 . 2011-09-02 22:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-09-02 22:16 . 2011-09-02 22:16 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-09-02 22:16 . 2011-09-02 22:16 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe

2011-09-02 22:15 . 2011-09-02 22:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-09-02 22:15 . 2011-09-02 22:15 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe

2011-09-02 22:15 . 2011-09-02 22:15 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-09-02 22:15 . 2011-09-02 22:15 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-09-02 22:15 . 2011-09-02 22:15 269272 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll

2011-09-02 22:15 . 2011-09-02 22:15 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-09-02 22:15 . 2011-09-02 22:15 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-09-02 22:15 . 2011-09-02 22:15 715736 ----a-w- c:\program files\Mozilla Firefox\mozcrt19.dll

2011-08-26 01:04 . 2011-09-03 15:31 -------- d-----w- c:\users\Shell\AppData\Local\temp

2011-08-23 16:15 . 2011-08-23 16:15 -------- d-----w- C:\Shell

2011-08-23 00:15 . 2011-08-23 00:15 -------- d-----w- C:\found.002

2011-08-16 20:42 . 2011-08-16 20:44 -------- d-----w- c:\programdata\Mattel

2011-08-12 14:43 . 2011-08-12 14:43 -------- d-----w- c:\program files\Free Offers from Freeze.com

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-23 11:22 . 2006-11-02 08:57 66048 ----a-w- c:\windows\system32\drivers\smb.sys

2011-08-22 20:03 . 2007-12-31 17:59 146980442 ----a-w- c:\windows\DUMP4e0f.tmp

2011-08-22 13:18 . 2011-07-03 01:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-16 12:48 . 2011-09-02 21:17 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AABB079F-D311-4883-997A-7714DD66B519}\mpengine.dll

2011-08-08 19:01 . 2008-10-22 14:38 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-08-08 19:01 . 2008-10-22 14:38 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-07-19 19:42 . 2011-07-22 13:21 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-06 23:52 . 2010-07-11 04:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-07-11 04:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-02 22:16 . 2011-09-02 22:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]

2008-01-28 18:06 641464 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1040.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Shell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408]

"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2008-03-18 2508072]

"OnlineVault"="c:\program files\Online Vault\OnlineVault.exe" [2010-03-19 2459136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-03 273544]

"JPJWatcher"="c:\programdata\Mattel\Watcher\jpjwatcher.exe" [2011-08-16 194560]

.

c:\users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Shell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2010-9-24 995328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileSharing"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 TfFsMon;TfFsMon; [x]

R0 TfSysMon;TfSysMon; [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]

R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]

R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 I97DRIVER;I97DRIVER; [x]

R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-03-11 29824]

R3 PTDUMdm;PANTECH UM175 Drivers ;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-03-11 41344]

R3 PTDUVsp;PANTECH UM175 Diagnostic Port ;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-03-11 39936]

R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-03-11 59776]

R3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG111Tv.sys [2007-06-01 870400]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 20392]

S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2007-06-20 537264]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-15 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-20 03:45]

.

2011-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675819506-889393583-3195363467-1000Core.job

- c:\users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05 01:04]

.

2011-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675819506-889393583-3195363467-1000UA.job

- c:\users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05 01:04]

.

2011-09-03 c:\windows\Tasks\User_Feed_Synchronization-{7D662327-DD37-4616-8405-233756DD78DD}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mWindow Title = Microsoft Internet Explorer

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download All By FlashGet3 - c:\users\Shell\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\Shell\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{FA32182A-EA44-4583-803B-AA827F0D4E06} - c:\progra~1\ONLINE~2\ONLINE~1.EXE

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: kuaiche.com\software

TCP: DhcpNameServer = 192.168.2.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\users\Shell\AppData\Roaming\Mozilla\Firefox\Profiles\yxpjku5k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - www.swagbucks.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-03 11:34

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\$NtUninstallKB3255$:SummaryInformation 0 bytes hidden from API

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,10,60,6c,7b,a8,b1,40,b5,21,f3,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,10,60,6c,7b,a8,b1,40,b5,21,f3,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(648)

c:\program files\Hewlett-Packard\HP QuickTouch\HPShared.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\windows\system32\sdclt.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Mozilla Firefox\firefox.exe

c:\program files\Mozilla Firefox\plugin-container.exe

.

**************************************************************************

.

Completion time: 2011-09-03 14:52:17 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-03 18:52

ComboFix2.txt 2011-08-26 04:33

.

Pre-Run: 28,604,755,968 bytes free

Post-Run: 28,422,377,472 bytes free

.

- - End Of File - - E80B8A750AD4F6B5C71C866E0BDF0256

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_25

Run by Shell at 18:36:24 on 2011-09-03

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3006.1383 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Windows\system32\lxcycoms.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\real\realplayer\Update\realsched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Online Vault\OnlineVault.exe

C:\Program Files\NETGEAR\WG111T\wlan111t.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\sdclt.exe

C:\Windows\System32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mWindow Title = Microsoft Internet Explorer

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll

mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\shell\appdata\roaming\flashgetbho\FlashGetBHO3.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: BearSharePersonalization: {dd1849ea-8403-4441-8dff-7575aae1dc16} - c:\program files\bearshare applications\personalization\BearSharePersonalizationIE_v1040.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\Flashget3.exe" -minimize

uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup

uRun: [OnlineVault] "c:\program files\online vault\OnlineVault.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [JPJWatcher] c:\programdata\mattel\watcher\jpjwatcher.exe

StartupFolder: c:\users\shell\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shell\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe

uPolicies-explorer: NoFileSharing = 1 (0x1)

uPolicies-system: NoSecCPL = 0 (0x0)

uPolicies-system: NoDevMgrPage = 0 (0x0)

uPolicies-system: NoConfigPage = 0 (0x0)

uPolicies-system: NoVirtMemPage = 0 (0x0)

uPolicies-system: NoFileSysPage = 0 (0x0)

uPolicies-system: NoNetSetup = 0 (0x0)

uPolicies-system: NoNetSetupIDPage = 0 (0x0)

uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)

uPolicies-system: NoWorkgroupContents = 0 (0x0)

uPolicies-system: NoEntireNetwork = 0 (0x0)

uPolicies-system: NoFileSharingControl = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download All By FlashGet3 - c:\users\shell\appdata\roaming\flashgetbho\GetAllUrl.htm

IE: Download By FlashGet3 - c:\users\shell\appdata\roaming\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {FA32182A-EA44-4583-803B-AA827F0D4E06} - c:\progra~1\online~2\ONLINE~1.EXE

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: kuaiche.com\software

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab

DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BEC0A1F5-5F98-4B2A-9297-EF4BCDEE05D5} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DFD50F7A-7359-4A2F-9524-342410C923D0} : DhcpNameServer = 192.168.2.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\shell\appdata\roaming\mozilla\firefox\profiles\yxpjku5k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - www.swagbucks.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrl.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\yahoo!\shared\npYState.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\shell\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\shell\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\users\shell\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-22 20392]

R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]

S2 CSHelper;CopySafe Helper Service;c:\windows\system32\cshelper.exe --> c:\windows\system32\CSHelper.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\tomtomhomeservice.exe --> c:\program files\tomtom home 2\TomTomHOMEService.exe [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 947528]

S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2010-9-24 21504]

S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2010-9-24 20480]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-1 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2008-3-11 29824]

S3 PTDUMdm;PANTECH UM175 Drivers ;c:\windows\system32\drivers\PTDUMdm.sys [2008-3-11 41344]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port ;c:\windows\system32\drivers\PTDUVsp.sys [2008-3-11 39936]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2008-3-11 59776]

S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\drivers\WG111Tv.sys [2010-9-24 870400]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-09-03 15:32:05 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-03 15:31:10 43408 --sha-w- c:\windows\system32\c_47915.nl_

2011-09-02 22:16:01 19416 ----a-w- c:\progra~1\mozilla firefox\AccessibleMarshal.dll

2011-09-02 22:16:00 2106216 ----a-w- c:\progra~1\mozilla firefox\D3DCompiler_43.dll

2011-09-02 22:16:00 134104 ----a-w- c:\progra~1\mozilla firefox\components\browsercomps.dll

2011-09-02 22:16:00 125912 ----a-w- c:\progra~1\mozilla firefox\crashreporter.exe

2011-09-02 22:15:59 1998168 ----a-w- c:\progra~1\mozilla firefox\d3dx9_43.dll

2011-09-02 22:15:58 924632 ----a-w- c:\progra~1\mozilla firefox\firefox.exe

2011-09-02 22:15:58 89048 ----a-w- c:\progra~1\mozilla firefox\libEGL.dll

2011-09-02 22:15:58 478168 ----a-w- c:\progra~1\mozilla firefox\libGLESv2.dll

2011-09-02 22:15:58 269272 ----a-w- c:\progra~1\mozilla firefox\freebl3.dll

2011-09-02 22:15:58 15832 ----a-w- c:\progra~1\mozilla firefox\mozalloc.dll

2011-09-02 22:15:57 719832 ----a-w- c:\progra~1\mozilla firefox\mozcpp19.dll

2011-09-02 22:15:55 715736 ----a-w- c:\progra~1\mozilla firefox\mozcrt19.dll

2011-09-02 21:17:51 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{aabb079f-d311-4883-997a-7714dd66b519}\mpengine.dll

2011-08-26 01:04:50 -------- d-----w- c:\users\shell\appdata\local\temp

2011-08-26 00:22:03 98816 ----a-w- c:\windows\sed.exe

2011-08-26 00:22:03 518144 ----a-w- c:\windows\SWREG.exe

2011-08-23 16:15:56 -------- d-----w- C:\Shell

2011-08-23 00:15:55 -------- d-----w- C:\found.002

2011-08-16 20:42:57 -------- d-----w- c:\programdata\Mattel

2011-08-12 14:43:23 -------- d-----w- c:\progra~1\Free Offers from Freeze.com

.

==================== Find3M ====================

.

2011-08-23 11:22:50 66048 ----a-w- c:\windows\system32\drivers\smb.sys

2011-08-22 20:03:56 146980442 ----a-w- c:\windows\DUMP4e0f.tmp

2011-08-22 13:18:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-08 19:01:38 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-08-08 19:01:28 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-07-19 19:42:44 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe

.

============= FINISH: 18:37:23.95 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://forums.malwarebytes.org/index.php?showtopic=93551
Collect::
c:\windows\system32\c_47915.nl_

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.