Jump to content

Recommended Posts

Hello,

I have been locked out of almost everything on my pc. Malwarebytes will run for a sec then stop and disappear. Then when I go to re-run it my access is denied. I have tried to follow your self-help instructions posted in your Self Help Forum for TDL2 Rootkit infection aka WinNT-Alureon.... but that did not work because every time I tried to run the Rootkit Repeal for *files* is would shut down when it got to the "windows files". PLEASE HELP!!!!!

ALSO, I have no noticed that there is a new virus that redirects to a fake yahoo search engine

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Run by Mathew at 6:22:29 on 2011-11-10

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.com/

uSearch Page =

uDefault_Page_URL = hxxp://www.msn.com

uSearch Bar =

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Google Update] "c:\documents and settings\mathew\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [nah_Shell] c:\documents and settings\mathew\nah_xvqy.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mExplorerRun: [waults] c:\documents and settings\all users\application data\waults.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255025129312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255031421296

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 172.16.10.1

TCP: Interfaces\{8D0B0A99-A31C-486B-B9E2-54C59C5385C2} : DhcpNameServer = 172.16.10.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=

FF - component: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\mathew\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\mathew\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\funwebproducts\installr\2.bin\NPFUNWEB.DLL

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-11-10 00:29:09 709968 ----a-w- c:\windows\isRS-000.tmp

2011-11-08 13:32:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-08 13:32:29 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-11-06 16:03:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-06 15:14:16 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp

2011-11-06 15:01:10 -------- d-----w- c:\documents and settings\mathew\application data\SUPERAntiSpyware.com

2011-11-06 15:01:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-11-06 12:57:18 -------- d-----w- c:\documents and settings\mathew\New Folder

2011-10-28 14:07:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-10-28 12:57:11 -------- d-----w- c:\windows\LMI1B.tmp

2011-10-27 07:04:50 -------- d-----w- C:\832d669bcdce14cd5d2076bd

2011-10-23 01:24:56 7168 ----a-w- c:\documents and settings\mathew\0.8969312446172838.exe

2011-10-22 04:25:27 7168 ----a-w- c:\documents and settings\mathew\0.9222285357426925.exe

2011-10-19 16:09:32 -------- d-----w- C:\?

2011-10-19 00:34:36 132096 ----a-w- c:\documents and settings\mathew\nah_xvqy.exe

2011-10-14 07:03:16 -------- d-----w- C:\91bfc267de54f476866a

2011-10-11 21:43:42 -------- d-----w- c:\documents and settings\mathew\local settings\application data\Spotify

2011-10-11 21:43:33 -------- d-----w- c:\documents and settings\mathew\application data\Spotify

.

==================== Find3M ====================

.

2011-11-09 23:07:32 48016 --sha-w- c:\windows\system32\c_96022.nl_

2011-11-09 23:06:58 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys

2011-11-09 20:04:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 13:06:51 44544 ----a-w- c:\windows\system32\drivers\fips.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 01:42:28 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-12 19:10:58 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 6:24:15.06 ===============

Link to post
Share on other sites

yes I did, and then all hell broke loose with my pc... had to reinstall some drivers and my print spooler kept stopping so I had to c:\windows\system32\spool and delete the driver and spooler files and reinstall them....then my keyboard went crazy so i had to reinstall the drivers for that...plus i also had that Anti-virus virus which started locking me out of the internet so i had to locate it by right clicking it and going to its properties and locate target....at that point I deleted the file

.

I hope that all that I've done has not in any way caused more damage then the original problem itself :huh:

All in all Malwarebytes is currently working and has been for the last 2 days. Don't ask me how but it is. I was able to run it and it found 2 infected files which i quarantined.

Please let me know if what i did was a no no, and if there was a correct way to resolve the issues

Kee

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

ComboFix 11-11-23.01 - Mathew 11/23/2011 16:17:51.1.1 - x86

Running from: c:\documents and settings\Mathew\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi

c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Check out Previous Winners.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Frequently Asked Questions.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\How can I win $100,000.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\How can I win $500 Today.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Shop To Win Privacy Policy.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Shop to Win Terms and Conditions.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Sweepstakes Official Rules.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Uninstall.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\View My Shop to Win Account.lnk

c:\documents and settings\LocalService\Start Menu\Programs\Shop to Win 11\Visit the Shop to Win Mall.lnk

c:\documents and settings\Mathew\Application Data\Mozilla\Firefox\Profiles\pjwcb8xw.default\searchplugins\bing-zugo.xml

c:\documents and settings\Mathew\System

c:\documents and settings\Mathew\System\win_qs8.jqx

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\exe.exe

c:\windows\system32\

.

c:\windows\system32\drivers\cdrom.sys was missing

Restored copy from - c:\windows\system32\dllcache\cdrom.sys

.

c:\program files\AVG\AVG9\avgwdsvc.exe . . . is infected!!

c:\program files\AVG\AVG9\avgwdsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\AVG\AVG9\avgfws9.exe . . . is infected!!

c:\program files\AVG\AVG9\avgfws9.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe . . . is infected!!

c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Microsoft\BingBar\SeaPort.EXE was found and disinfected

Restored copy from - c:\program files\Microsoft\BingBar\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{61A03066-C4CC-4331-8D56-AFED29605E4B}\RP491\A0328631.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{61A03066-C4CC-4331-8D56-AFED29605E4B}\RP495\A0328835.exe

.

c:\program files\Java\jre6\bin\jqs.exe . . . is infected!!

c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . is infected!!

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . was deleted!! You should re-install the program it pertains to

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_.i8042prt

.

.

((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))

.

.

2011-11-23 21:35 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-11-23 21:35 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-11-20 18:42 . 2011-11-20 18:42 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-11-20 18:39 . 2011-11-20 18:42 -------- d-----w- c:\program files\Coupons

2011-11-18 12:11 . 2011-11-18 15:27 -------- d-----w- C:\1ed5c16b4cbb0adcc29f44e6006333

2011-11-18 12:06 . 2011-11-18 12:06 -------- d-----w- C:\06fd66ed9abf5b9ab8918d59f3a62b

2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\Mathew\Application Data\DriverCure

2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\Mathew\Application Data\SpeedyPC Software

2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\program files\Common Files\SpeedyPC Software

2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software

2011-11-10 13:38 . 2011-11-10 13:38 -------- d-----w- c:\program files\Common Files\Logitech

2011-11-08 13:32 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-11-06 15:14 . 2011-11-06 15:14 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp

2011-11-06 15:01 . 2011-11-06 15:01 -------- d-----w- c:\documents and settings\Mathew\Application Data\SUPERAntiSpyware.com

2011-11-06 15:01 . 2011-11-06 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-11-06 12:57 . 2011-11-06 12:57 -------- d-----w- c:\documents and settings\Mathew\New Folder

2011-11-06 11:03 . 2011-11-06 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY

2011-10-28 14:07 . 2011-10-28 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-10-28 12:57 . 2011-10-28 14:21 -------- d-----w- c:\windows\LMI1B.tmp

2011-10-27 07:04 . 2011-10-27 07:05 -------- d-----w- C:\832d669bcdce14cd5d2076bd

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 12:35 . 2002-08-29 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-11-10 11:59 . 2002-08-29 01:05 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys

2011-11-09 20:04 . 2011-08-02 11:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 13:06 . 2002-08-29 12:00 44544 ----a-w- c:\windows\system32\drivers\fips.sys

2011-10-10 14:22 . 2009-10-08 17:49 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 01:42 . 2009-10-08 13:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2002-08-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-12 19:10 . 2011-08-12 19:11 774144 ----a-w- c:\program files\RngInterstitial.dll

2011-11-09 19:00 . 2011-07-27 01:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\eventlog.dll

.

[7] 2011-08-17 . 6A1D755C68C10863C598C78A597FA7C3 . 634632 . . [7.00.6000.17103] . . c:\windows\SoftwareDistribution\Download\7ca19747c08289c89633b8e50554b874\SP3GDR\iexplore.exe

[7] 2011-08-17 . CB0AFAF9E5C5FE70EC7087E71275DD33 . 634632 . . [7.00.6000.21306] . . c:\windows\SoftwareDistribution\Download\7ca19747c08289c89633b8e50554b874\SP3QFE\iexplore.exe

[7] 2010-04-16 . C4BA5E36FB57F547117305BF1E0FE454 . 634656 . . [7.00.6000.17055] . . c:\windows\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3GDR\iexplore.exe

[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3QFE\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe

[-] 2002-08-29 . 418D301C3B1FA94B19584AEEB3D65166 . 91136 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\iexplore.exe

.

c:\windows\System32\eventlog.dll ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-10-06 15:31 2475336 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-6 805392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-06-22 13:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-07-29 05:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

2004-09-07 17:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-03-18 11:37 136176 ----atw- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2008-02-29 08:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-10-15 02:40 417792 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]

2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-10-11 21:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-10-08 21:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2004-10-22 15:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/27/2009 8:54 PM 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/9/2009 7:38 AM 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/9/2009 7:38 AM 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/9/2009 7:38 AM 243024]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [11/23/2011 4:43 PM 249648]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 7:37 AM 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/27/2009 8:54 PM 122448]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/27/2009 8:54 PM 30288]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/27/2009 8:54 PM 26192]

S0 71303367;71303367;c:\windows\system32\drivers\72589297.sys --> c:\windows\system32\drivers\72589297.sys [?]

S0 wdhjekn;wdhjekn;c:\windows\system32\drivers\piawmbo.sys --> c:\windows\system32\drivers\piawmbo.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 7:00 AM 14336]

S2 avg9wd;AVG WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]

S2 avgfws9;AVG Firewall;"c:\program files\AVG\AVG9\avgfws9.exe" --> c:\program files\AVG\AVG9\avgfws9.exe [?]

S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/23/2011 4:45 PM 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/27/2009 6:39 AM 517448]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 7:37 AM 30104]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/8/2011 8:32 AM 22216]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/8/2011 8:37 AM 366152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2010-10-21 c:\windows\Tasks\AdobeAAMUpdater-1.0 Fallback-NUMBER1-Mathew.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [2010-10-04 22:48]

.

2010-10-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-NUMBER1-Mathew.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 05:25]

.

2009-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc706449018f42.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 14:04]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602609370-682003330-1003Core1cc7154ea025638.job

- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 11:37]

.

2011-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602609370-682003330-1003Core1cc8c2422d22d14.job

- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 11:37]

.

2011-11-16 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]

.

2011-11-16 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]

.

2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{9DFDB439-DA34-4124-B08E-04E5BF3C51CB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msn.com/

mStart Page = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

TCP: DhcpNameServer = 172.16.10.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Mathew\Application Data\Mozilla\Firefox\Profiles\pjwcb8xw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-10067677.sys

SafeBoot-34256789.sys

SafeBoot-41428562.sys

SafeBoot-61865136.sys

SafeBoot-71303367.sys

SafeBoot-78995987.sys

SafeBoot-83431963.sys

SafeBoot-klmdb.sys

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe

MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe

MSConfigStartUp-wben - c:\program files\Starfield\Desktop Notifier\wben.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-23 16:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook]

"ImagePath"="system32\drivers\tsk1D4.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1275210071-602609370-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F55135D6-8AE1-7D77-9B62-41CF32EB1FD4}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaahefklkndgpjpoel"=hex:6a,61,61,6d,6b,66,6d,70,67,6c,64,69,6e,6b,6a,61,69,66,

6e,62,00,f1

"hakgodnfniohhpak"=hex:6a,61,61,6d,6b,66,6d,70,67,6c,64,69,6e,6b,6a,61,69,66,

6e,62,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1112)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(3704)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

.

**************************************************************************

.

Completion time: 2011-11-23 17:07:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-23 22:07

.

Pre-Run: 42,158,739,456 bytes free

Post-Run: 43,325,104,128 bytes free

.

- - End Of File - - 353618228F92E3C783998E4C80F49494

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Run by Mathew at 19:05:42 on 2011-11-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.258 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.com/

mStart Page = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255025129312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255031421296

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 172.16.10.1

TCP: Interfaces\{8D0B0A99-A31C-486B-B9E2-54C59C5385C2} : DhcpNameServer = 172.16.10.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\mathew\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\mathew\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-27 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-9 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-9 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-9 29584]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-9 243024]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-11-23 249648]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-10-9 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-27 122448]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-27 30288]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-27 26192]

S0 71303367;71303367;c:\windows\system32\drivers\72589297.sys --> c:\windows\system32\drivers\72589297.sys [?]

S0 wdhjekn;wdhjekn;c:\windows\system32\drivers\piawmbo.sys --> c:\windows\system32\drivers\piawmbo.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mathew\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mathew\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mathew\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mathew\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]

S2 avg9wd;AVG WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]

S2 avgfws9;AVG Firewall;"c:\program files\avg\avg9\avgfws9.exe" --> c:\program files\avg\avg9\avgfws9.exe [?]

S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\avg\avg9\identity protection\agent\bin\avgidsagent.exe" avgidsagent --> c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-23 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2009-10-27 517448]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-10-9 30104]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-8 22216]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-8 366152]

.

=============== Created Last 30 ================

.

2011-11-23 21:35:21 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-11-23 21:35:21 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-11-20 18:42:00 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-11-20 18:39:55 -------- d-----w- c:\program files\Coupons

2011-11-18 12:11:52 -------- d-----w- C:\1ed5c16b4cbb0adcc29f44e6006333

2011-11-18 12:06:28 -------- d-----w- C:\06fd66ed9abf5b9ab8918d59f3a62b

2011-11-16 14:52:25 -------- d-----w- c:\documents and settings\mathew\application data\DriverCure

2011-11-16 14:52:24 -------- d-----w- c:\documents and settings\mathew\application data\SpeedyPC Software

2011-11-16 14:52:14 -------- d-----w- c:\program files\common files\SpeedyPC Software

2011-11-16 14:52:13 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software

2011-11-10 13:38:06 -------- d-----w- c:\program files\common files\Logitech

2011-11-08 13:32:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-08 13:32:29 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-11-06 15:14:16 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp

2011-11-06 15:01:10 -------- d-----w- c:\documents and settings\mathew\application data\SUPERAntiSpyware.com

2011-11-06 15:01:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-11-06 12:57:18 -------- d-----w- c:\documents and settings\mathew\New Folder

2011-10-28 14:07:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-10-28 12:57:11 -------- d-----w- c:\windows\LMI1B.tmp

2011-10-27 07:04:50 -------- d-----w- C:\832d669bcdce14cd5d2076bd

.

==================== Find3M ====================

.

2011-11-10 12:35:37 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-11-10 11:59:00 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys

2011-11-09 20:04:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 13:06:51 44544 ----a-w- c:\windows\system32\drivers\fips.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 01:42:28 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-12 19:10:58 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 19:08:42.59 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

FCOPY::
c:\windows\ServicePackFiles\i386\eventlog.dll | c:\windows\System32\eventlog.dll
c:\windows\system32\dllcache\iexplore.exe | C:\Program Files\Internet Explorer\iexplore.exe
KILLALL::
Driver::
wdhjekn
71303367

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

ComboFix 11-11-26.04 - Mathew 11/27/2011 6:38.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.748 [GMT -5:00]

Running from: c:\documents and settings\Mathew\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mathew\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}

c:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}\chrome.manifest

c:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}\chrome\content\_cfg.js

c:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}\chrome\content\overlay.xul

c:\documents and settings\Mathew\Local Settings\Application Data\{1278051B-C50C-4FAE-A63F-A4FC5CB6F439}\install.rdf

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\System32\eventlog.dll

c:\windows\system32\dllcache\iexplore.exe --> c:\program files\Internet Explorer\iexplore.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_71303367

-------\Service_wdhjekn

.

.

((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))

.

.

2011-11-27 11:38 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll

2011-11-27 11:38 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll

2011-11-23 21:35 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-11-23 21:35 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-11-20 18:42 . 2011-11-20 18:42 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-11-20 18:39 . 2011-11-20 18:42 -------- d-----w- c:\program files\Coupons

2011-11-18 12:11 . 2011-11-18 15:27 -------- d-----w- C:\1ed5c16b4cbb0adcc29f44e6006333

2011-11-18 12:06 . 2011-11-18 12:06 -------- d-----w- C:\06fd66ed9abf5b9ab8918d59f3a62b

2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\Mathew\Application Data\DriverCure

2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\Mathew\Application Data\SpeedyPC Software

2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\program files\Common Files\SpeedyPC Software

2011-11-16 14:52 . 2011-11-16 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software

2011-11-10 13:38 . 2011-11-10 13:38 -------- d-----w- c:\program files\Common Files\Logitech

2011-11-08 13:32 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-11-06 15:14 . 2011-11-06 15:14 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp

2011-11-06 15:01 . 2011-11-06 15:01 -------- d-----w- c:\documents and settings\Mathew\Application Data\SUPERAntiSpyware.com

2011-11-06 15:01 . 2011-11-06 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-11-06 12:57 . 2011-11-06 12:57 -------- d-----w- c:\documents and settings\Mathew\New Folder

2011-11-06 11:03 . 2011-11-06 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY

2011-10-28 14:07 . 2011-10-28 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-10-28 12:57 . 2011-10-28 14:21 -------- d-----w- c:\windows\LMI1B.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 12:35 . 2002-08-29 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-11-10 11:59 . 2002-08-29 01:05 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys

2011-11-09 20:04 . 2011-08-02 11:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 13:06 . 2002-08-29 12:00 44544 ----a-w- c:\windows\system32\drivers\fips.sys

2011-10-10 14:22 . 2009-10-08 17:49 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 01:42 . 2009-10-08 13:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2002-08-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-12 19:10 . 2011-08-12 19:11 774144 ----a-w- c:\program files\RngInterstitial.dll

2011-11-09 19:00 . 2011-07-27 01:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-23_21.58.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-08 17:48 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe

- 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-10-06 15:31 2475336 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-6 805392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-06-22 13:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-07-29 05:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

2004-09-07 17:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-03-18 11:37 136176 ----atw- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2008-02-29 08:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-10-15 02:40 417792 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]

2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-10-11 21:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-10-08 21:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2004-10-22 15:53 53248 ----a-w- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/27/2009 8:54 PM 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/9/2009 7:38 AM 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/9/2009 7:38 AM 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/9/2009 7:38 AM 243024]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [11/23/2011 4:43 PM 249648]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 7:37 AM 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/27/2009 8:54 PM 122448]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/27/2009 8:54 PM 30288]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/27/2009 8:54 PM 26192]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Mathew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 7:00 AM 14336]

S2 avg9wd;AVG WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]

S2 avgfws9;AVG Firewall;"c:\program files\AVG\AVG9\avgfws9.exe" --> c:\program files\AVG\AVG9\avgfws9.exe [?]

S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/23/2011 4:45 PM 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/27/2009 6:39 AM 517448]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [10/9/2009 7:37 AM 30104]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/8/2011 8:32 AM 22216]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/8/2011 8:37 AM 366152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-NUMBER1-Mathew.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 05:25]

.

2009-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc706449018f42.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-23 14:04]

.

2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602609370-682003330-1003Core1cc7154ea025638.job

- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 11:37]

.

2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602609370-682003330-1003Core1cc8c2422d22d14.job

- c:\documents and settings\Mathew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 11:37]

.

2011-11-16 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]

.

2011-11-27 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]

.

2011-11-27 c:\windows\Tasks\User_Feed_Synchronization-{9DFDB439-DA34-4124-B08E-04E5BF3C51CB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msn.com/

mStart Page = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

TCP: DhcpNameServer = 172.16.10.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Mathew\Application Data\Mozilla\Firefox\Profiles\pjwcb8xw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-27 07:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook]

"ImagePath"="system32\drivers\tsk1D4.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1275210071-602609370-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F55135D6-8AE1-7D77-9B62-41CF32EB1FD4}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaahefklkndgpjpoel"=hex:6a,61,61,6d,6b,66,6d,70,67,6c,64,69,6e,6b,6a,61,69,66,

6e,62,00,f1

"hakgodnfniohhpak"=hex:6a,61,61,6d,6b,66,6d,70,67,6c,64,69,6e,6b,6a,61,69,66,

6e,62,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1108)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(3748)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

.

**************************************************************************

.

Completion time: 2011-11-27 07:15:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-27 12:15

ComboFix2.txt 2011-11-23 22:07

.

Pre-Run: 43,597,574,144 bytes free

Post-Run: 43,582,709,760 bytes free

.

- - End Of File - - 460B1DE3527F4DC8ADE31438D59F0B99

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Run by Mathew at 7:44:49 on 2011-11-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.404 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://msn.com/

mStart Page = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255025129312

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255031421296

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 172.16.10.1

TCP: Interfaces\{8D0B0A99-A31C-486B-B9E2-54C59C5385C2} : DhcpNameServer = 172.16.10.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\mathew\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\firefox\profiles\pjwcb8xw.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\mathew\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\mathew\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-10-27 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-9 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-9 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-9 29584]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-9 243024]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-11-23 249648]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-10-9 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-10-27 122448]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-10-27 30288]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-10-27 26192]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mathew\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mathew\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mathew\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mathew\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]

S2 avg9wd;AVG WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]

S2 avgfws9;AVG Firewall;"c:\program files\avg\avg9\avgfws9.exe" --> c:\program files\avg\avg9\avgfws9.exe [?]

S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\avg\avg9\identity protection\agent\bin\avgidsagent.exe" avgidsagent --> c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-23 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2009-10-27 517448]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-10-9 30104]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-8 22216]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-8 366152]

.

=============== Created Last 30 ================

.

2011-11-27 11:38:36 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll

2011-11-27 11:38:36 56320 ----a-w- c:\windows\system32\eventlog.dll

2011-11-23 21:35:21 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-11-23 21:35:21 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-11-20 18:42:00 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-11-20 18:39:55 -------- d-----w- c:\program files\Coupons

2011-11-18 12:11:52 -------- d-----w- C:\1ed5c16b4cbb0adcc29f44e6006333

2011-11-18 12:06:28 -------- d-----w- C:\06fd66ed9abf5b9ab8918d59f3a62b

2011-11-16 14:52:25 -------- d-----w- c:\documents and settings\mathew\application data\DriverCure

2011-11-16 14:52:24 -------- d-----w- c:\documents and settings\mathew\application data\SpeedyPC Software

2011-11-16 14:52:14 -------- d-----w- c:\program files\common files\SpeedyPC Software

2011-11-16 14:52:13 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software

2011-11-10 13:38:06 -------- d-----w- c:\program files\common files\Logitech

2011-11-08 13:32:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-08 13:32:29 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-11-06 15:14:16 37760 ----a-w- c:\windows\system32\drivers\tsk30.tmp

2011-11-06 15:01:10 -------- d-----w- c:\documents and settings\mathew\application data\SUPERAntiSpyware.com

2011-11-06 15:01:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-11-06 12:57:18 -------- d-----w- c:\documents and settings\mathew\New Folder

2011-10-28 14:07:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-10-28 12:57:11 -------- d-----w- c:\windows\LMI1B.tmp

.

==================== Find3M ====================

.

2011-11-10 12:35:37 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-11-10 11:59:00 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys

2011-11-09 20:04:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 13:06:51 44544 ----a-w- c:\windows\system32\drivers\fips.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 01:42:28 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-12 19:10:58 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 7:45:55.22 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.