Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection of google links, cannot connect to AVG server (update or download)


  • This topic is locked This topic is locked
6 replies to this topic

#1 Sakori

Sakori

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 15 January 2009 - 03:26 PM

Hey guys, hope you can help me out with this one. I can usually deal with these sort of things...


DDS (Ver_09-01-07.01) - NTFSx86
Run by brendoshi at 20:17:52.09 on 15/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1460 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\brendoshi\Desktop\dds.scr
C:\Program Files\Mozilla Firefox\firefox.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.pcservicecall.co.uk/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\brendo~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\freeve~1.lnk - c:\freevents\FreeventsSchedule.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brendo~1\applic~1\mozilla\firefox\profiles\cmixhyx2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-2 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-2 26824]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2008-12-25 109440]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-2 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-2 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-2 76040]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-10 24652]
R4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-11 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-11 8320]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x32l.sys [2008-7-16 57856]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x32v.sys [2008-7-10 20992]
S3 SQTECH930B;In-Sight Motion Webcam;c:\windows\system32\drivers\capt930b.sys --> c:\windows\system32\drivers\Capt930b.sys [?]
S3 XDva168;XDva168;\??\c:\windows\system32\xdva168.sys --> c:\windows\system32\XDva168.sys [?]

=============== Created Last 30 ================

2009-01-10 23:23 <DIR> --d----- c:\docume~1\brendo~1\applic~1\OpenOffice.org
2009-01-10 23:15 <DIR> --d----- c:\program files\JRE
2009-01-10 23:15 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-01-10 23:15 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-07 18:53 <DIR> --d----- c:\program files\common files\Enterbrain
2008-12-31 23:36 0 a------- c:\windows\system32\msexcr.ini
2008-12-31 10:49 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2008-12-31 10:49 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-31 10:49 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2008-12-31 10:49 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2008-12-31 10:49 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-31 10:49 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-30 18:43 3,634,688 a------- c:\windows\system32\drivers\NETw5x32.sys
2008-12-30 18:43 2,756,608 a------- c:\windows\system32\NETw5r32.dll
2008-12-30 18:43 663,552 a------- c:\windows\system32\NETw5c32.dll
2008-12-30 18:31 53,248 a------- c:\windows\system32\CSVer.dll
2008-12-30 18:31 <DIR> --d----- C:\Intel
2008-12-30 16:05 2,441,216 a------- c:\windows\system32\nvwssr.dll
2008-12-30 16:05 2,363,392 a------- c:\windows\system32\nvwss.dll
2008-12-30 16:05 217,088 a------- c:\windows\system32\oemdspif.dll
2008-12-30 16:05 3,629,056 a------- c:\windows\system32\nvvitvsr.dll
2008-12-30 16:05 3,547,136 a------- c:\windows\system32\nvvitvs.dll
2008-12-30 16:04 3,166,208 a------- c:\windows\system32\nvgamesr.dll
2008-12-30 16:04 2,854,912 a------- c:\windows\system32\nvmoblsr.dll
2008-12-30 16:04 1,146,880 a------- c:\windows\system32\nvmobls.dll
2008-12-30 16:04 458,752 a------- c:\windows\system32\nvmccssr.dll
2008-12-30 16:04 286,720 a------- c:\windows\system32\nvnt4cpl.dll
2008-12-30 16:04 229,376 a------- c:\windows\system32\nvmccs.dll
2008-12-30 16:04 188,416 a------- c:\windows\system32\nvmccss.dll
2008-12-30 16:04 5,509,120 a------- c:\windows\system32\nvdispsr.dll
2008-12-30 16:04 3,325,952 a------- c:\windows\system32\nvgames.dll
2008-12-30 16:04 6,340,608 a------- c:\windows\system32\nvdisps.dll
2008-12-30 15:39 193,024 a------- c:\windows\system\binkw32.dll
2008-12-30 15:05 <DIR> --d----- c:\program files\2K Games
2008-12-28 19:55 0 a------- C:\SQ.bin
2008-12-28 19:51 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2008-12-28 19:34 28,416 a------- c:\windows\system32\uxtuneup.dll
2008-12-28 19:34 354,560 a------- c:\windows\system32\TuneUpDefragService.exe
2008-12-28 19:34 <DIR> --d----- c:\docume~1\brendo~1\applic~1\TuneUp Software
2008-12-28 19:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2008-12-28 19:34 <DIR> --d----- c:\program files\TuneUp Utilities 2008
2008-12-28 19:33 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-26 18:43 8,192 a------- C:\Tales of Phantasia.srm
2008-12-26 18:43 6,291,968 a------- C:\Tales of Phantasia.smc
2008-12-25 16:22 109,440 a------- c:\windows\system32\drivers\KbdCap.sys
2008-12-25 16:22 <DIR> --d----- c:\program files\AutoMacroRecorder
2008-12-25 16:18 <DIR> --d----- c:\program files\Workspace Macro 4.6
2008-12-20 21:18 <DIR> --dshr-- C:\resycled
2008-12-20 21:18 255 ---shr-- C:\autorun.inf
2008-12-20 17:17 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2008-12-20 17:17 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-12-20 17:15 <DIR> --d----- c:\program files\Microsoft
2008-12-20 17:14 <DIR> --d----- c:\program files\Windows Live SkyDrive

==================== Find3M ====================

2008-12-11 23:12 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-11 23:12 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-04 22:55 307,560 a------- c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll

============= FINISH: 20:18:26.60 ===============

Many thanks ^^

Edited by Sakori, 15 January 2009 - 03:28 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 27 January 2009 - 05:05 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable AVG:
  • Please navigate to the system tray on the bottom right hand corner and look for this Posted Image sign.
  • Right click it-> select Quit Control Center.
  • A warning will pop up, click Yes
Download and Run ComboFix
If you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).

Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

In your next reply include:
-the ComboFix log
-a new HijackThis or DDS log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#3 Sakori

Sakori
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 27 January 2009 - 05:44 PM

Enlarged text to notify change of combo fix log to DDS log, to make life slightly easier for you :thumbsup:

Combo fix log:

ComboFix 09-01-21.04 - brendoshi 2009-01-27 22:27:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1626 [GMT 0:00]
Running from: c:\documents and settings\brendoshi\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
C:\resycled
c:\windows\system32\drivers\msqpdxgyoygnnv.sys
c:\windows\system32\drivers\msqpdxstiuhgll.sys
c:\windows\system32\msqpdxkvplquci.dll
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-24 14:06 . 2009-01-24 14:11 <DIR> d-------- c:\program files\Frets on Fire
2009-01-24 14:06 . 2009-01-24 14:09 <DIR> d-------- c:\documents and settings\brendoshi\Application Data\fretsonfire
2009-01-17 14:25 . 2009-01-17 14:25 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-17 14:13 . 2009-01-17 14:13 <DIR> d--h----- c:\windows\PIF
2009-01-17 14:09 . 2009-01-17 14:09 <DIR> d-------- c:\program files\CleanUp!
2009-01-17 13:59 . 2009-01-17 13:59 <DIR> d-------- c:\program files\Trend Micro
2009-01-10 23:23 . 2009-01-10 23:23 <DIR> d-------- c:\documents and settings\brendoshi\Application Data\OpenOffice.org
2009-01-10 23:15 . 2009-01-10 23:15 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-01-10 23:15 . 2009-01-10 23:15 <DIR> d-------- c:\program files\JRE
2009-01-10 23:15 . 2009-01-17 14:25 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-10 23:14 . 2009-01-17 14:25 <DIR> d-------- c:\program files\Java
2009-01-10 23:14 . 2009-01-10 23:14 <DIR> d-------- c:\program files\Common Files\Java
2009-01-07 18:53 . 2009-01-07 18:53 <DIR> d-------- c:\program files\Common Files\Enterbrain
2008-12-31 23:36 . 2008-12-31 23:36 0 --a------ c:\windows\system32\msexcr.ini
2008-12-31 10:49 . 2008-04-13 18:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-31 10:49 . 2008-04-13 18:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-31 10:49 . 2008-04-14 00:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-31 10:49 . 2008-04-14 00:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-31 10:49 . 2008-04-13 18:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-31 10:49 . 2008-04-13 18:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-12-30 18:43 . 2008-09-25 05:22 3,634,688 --a------ c:\windows\system32\drivers\NETw5x32.sys
2008-12-30 18:43 . 2008-06-20 08:33 2,756,608 --a------ c:\windows\system32\NETw5r32.dll
2008-12-30 18:43 . 2008-06-20 08:32 663,552 --a------ c:\windows\system32\NETw5c32.dll
2008-12-30 18:31 . 2008-12-30 18:31 <DIR> d-------- C:\Intel
2008-12-30 18:31 . 2008-05-01 15:35 53,248 --a------ c:\windows\system32\CSVer.dll
2008-12-30 16:05 . 2007-08-23 22:15 3,629,056 --a------ c:\windows\system32\nvvitvsr.dll
2008-12-30 16:05 . 2007-08-23 22:15 3,547,136 --a------ c:\windows\system32\nvvitvs.dll
2008-12-30 16:05 . 2007-08-23 22:15 2,441,216 --a------ c:\windows\system32\nvwssr.dll
2008-12-30 16:05 . 2007-08-23 22:15 2,363,392 --a------ c:\windows\system32\nvwss.dll
2008-12-30 16:05 . 2007-08-23 22:15 217,088 --a------ c:\windows\system32\oemdspif.dll
2008-12-30 16:04 . 2007-08-23 22:15 6,340,608 --a------ c:\windows\system32\nvdisps.dll
2008-12-30 16:04 . 2007-08-23 22:15 5,509,120 --a------ c:\windows\system32\nvdispsr.dll
2008-12-30 16:04 . 2007-08-23 22:15 3,325,952 --a------ c:\windows\system32\nvgames.dll
2008-12-30 16:04 . 2007-08-23 22:15 3,166,208 --a------ c:\windows\system32\nvgamesr.dll
2008-12-30 16:04 . 2007-08-23 22:15 2,854,912 --a------ c:\windows\system32\nvmoblsr.dll
2008-12-30 16:04 . 2007-08-23 22:15 1,146,880 --a------ c:\windows\system32\nvmobls.dll
2008-12-30 16:04 . 2007-08-23 22:15 458,752 --a------ c:\windows\system32\nvmccssr.dll
2008-12-30 16:04 . 2007-08-23 22:15 286,720 --a------ c:\windows\system32\nvnt4cpl.dll
2008-12-30 16:04 . 2007-08-23 22:15 229,376 --a------ c:\windows\system32\nvmccs.dll
2008-12-30 16:04 . 2007-08-23 22:15 188,416 --a------ c:\windows\system32\nvmccss.dll
2008-12-30 15:39 . 2007-07-19 12:32 193,024 --a------ c:\windows\system\binkw32.dll
2008-12-30 15:05 . 2008-12-30 15:05 <DIR> d-------- c:\program files\2K Games
2008-12-28 19:55 . 2008-12-28 19:55 0 --a------ C:\SQ.bin
2008-12-28 19:51 . 2008-12-28 19:51 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2008-12-28 19:34 . 2008-12-28 19:35 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2008-12-28 19:34 . 2008-12-28 19:34 <DIR> d-------- c:\documents and settings\brendoshi\Application Data\TuneUp Software
2008-12-28 19:34 . 2008-12-28 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-28 19:34 . 2008-12-28 19:35 354,560 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-12-28 19:34 . 2008-04-04 13:51 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-12-28 19:33 . 2008-12-28 19:33 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 14:48 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-17 13:38 --------- d-----w c:\program files\World of Warcraft
2009-01-15 18:28 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-15 18:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 18:24 --------- d-----w c:\program files\BitComet
2009-01-15 18:24 --------- d-----w c:\program files\AutoMacroRecorder
2009-01-15 18:19 --------- d-----w c:\program files\Common Files\AOL
2008-12-28 20:00 --------- d-----w c:\program files\Marvell
2008-12-28 19:21 --------- d-----w c:\program files\Windows Live
2008-12-25 16:22 109,440 ----a-w c:\windows\system32\drivers\KbdCap.sys
2008-12-25 16:20 --------- d-----w c:\program files\Workspace Macro 4.6
2008-12-20 17:17 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-20 17:15 --------- d-----w c:\program files\Microsoft
2008-12-20 17:14 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-11 23:12 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-11 23:12 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-11 23:03 --------- d-----w c:\program files\Nokia
2008-12-11 23:03 --------- d-----w c:\program files\MSXML 6.0
2008-12-11 23:02 --------- d-----w c:\program files\Common Files\Nokia
2008-12-11 23:01 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-12-11 22:52 --------- d-----w c:\documents and settings\brendoshi\Application Data\Nokia
2008-12-11 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-12-11 22:50 --------- d-----w c:\documents and settings\brendoshi\Application Data\NSeries
2008-12-11 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-12-11 22:45 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-11 22:44 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-11 22:44 --------- d-----w c:\program files\DIFX
2008-12-11 22:44 --------- d-----w c:\documents and settings\brendoshi\Application Data\PC Suite
2008-12-05 17:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 22:55 307,560 ----a-w c:\windows\WLXPGSS.SCR
2008-12-01 22:50 --------- d-----w c:\program files\NEXON
2008-12-01 18:13 --------- d-----w c:\documents and settings\brendoshi\Application Data\SPORE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-30 737370]
"Keyboard Manager Utility"="c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2006-05-17 1200128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-08-04 26112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2007-08-23 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-28 c:\windows\system32\CHDAudPropShortcut.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Philips Media Manager.lnk - c:\program files\Philips\Media Manager\Philips Media Manager.exe [2006-07-02 136704]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Philips Media Manager.lnk - c:\program files\Philips\Media Manager\Philips Media Manager.exe [2006-07-02 136704]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]
FreeventsSchedule.lnk - c:\freevents\FreeventsSchedule.exe [2006-07-02 16384]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"HostManager"=c:\program files\Common Files\AOL\1217851813\ee\AOLSoftware.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"IMEKRMIG6.1"=c:\windows\ime\imkr6_1\IMEKRMIG.EXE
"NSLauncher"=c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217851813\\ee\\aolsoftware.exe"=
"c:\\Program Files\\GameTribe\\Infinity\\xclient.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17900:TCP"= 17900:TCP:BitComet 17900 TCP
"17900:UDP"= 17900:UDP:BitComet 17900 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26734:TCP"= 26734:TCP:BitComet 26734 TCP
"26734:UDP"= 26734:UDP:BitComet 26734 UDP
"1337:TCP"= 1337:TCP:Bitcommet
"18590:TCP"= 18590:TCP:BitComet 18590 TCP
"18590:UDP"= 18590:UDP:BitComet 18590 UDP
"1337:UDP"= 1337:UDP:1337
"8505:TCP"= 8505:TCP:BitComet 8505 TCP
"8505:UDP"= 8505:UDP:BitComet 8505 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-02 97928]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2008-12-25 109440]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-02 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-02 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-02 76040]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-11-10 24652]
R4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-11 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-11 8320]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x32l.sys [2008-07-16 57856]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x32v.sys [2008-07-10 20992]
S3 SQTECH930B;In-Sight Motion Webcam;c:\windows\system32\Drivers\Capt930b.sys --> c:\windows\system32\Drivers\Capt930b.sys [?]
S3 XDva168;XDva168;\??\c:\windows\system32\XDva168.sys --> c:\windows\system32\XDva168.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{688dd59a-09bd-11db-8318-00163613a891}]
\Shell\AutoRun\command - E:\OEMBranding.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919a1391-9333-11da-bf07-806d6172696f}]
\Shell\AutoRun\command - E:\Launch.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:59]

2008-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.pcservicecall.co.uk/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZUfox000
FF - ProfilePath - c:\documents and settings\brendoshi\Application Data\Mozilla\Firefox\Profiles\cmixhyx2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 22:33:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\brendoshi\Application Data\Mozilla\Firefox\Profiles\cmixhyx2.default\parent.lock 0 bytes
c:\documents and settings\brendoshi\Application Data\Mozilla\Firefox\Profiles\cmixhyx2.default\places.sqlite-journal 131840 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-140623087-643723168-2338495441-1006\Software\SecuROM\License information*]
"datasecu"=hex:3c,eb,e1,f7,47,e3,0a,c0,65,24,e8,44,ce,13,c6,7e,c0,3c,4a,19,3d,
3f,19,e8,af,71,07,c0,51,52,28,00,82,bd,41,f1,77,69,f9,7b,4a,be,29,e4,c7,58,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-27 22:38:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-27 22:38:39

Pre-Run: 40,755,429,376 bytes free
Post-Run: 40,759,709,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

310 --- E O F --- 2008-12-17 23:16:54


DDS log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by brendoshi at 22:42:04.67 on 27/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1419 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\brendoshi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.pcservicecall.co.uk/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\freeve~1.lnk - c:\freevents\FreeventsSchedule.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZUfox000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brendo~1\applic~1\mozilla\firefox\profiles\cmixhyx2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-2 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-2 26824]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2008-12-25 109440]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-2 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-2 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-2 76040]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-10 24652]
R4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-11 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-11 8320]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x32l.sys [2008-7-16 57856]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x32v.sys [2008-7-10 20992]
S3 SQTECH930B;In-Sight Motion Webcam;c:\windows\system32\drivers\capt930b.sys --> c:\windows\system32\drivers\Capt930b.sys [?]
S3 XDva168;XDva168;\??\c:\windows\system32\xdva168.sys --> c:\windows\system32\XDva168.sys [?]

=============== Created Last 30 ================

2009-01-27 22:13 <DIR> a-dshr-- C:\cmdcons
2009-01-27 22:09 161,792 a------- c:\windows\SWREG.exe
2009-01-27 22:09 98,816 a------- c:\windows\sed.exe
2009-01-24 14:06 <DIR> --d----- c:\docume~1\brendo~1\applic~1\fretsonfire
2009-01-24 14:06 <DIR> --d----- c:\program files\Frets on Fire
2009-01-17 14:25 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-17 14:13 <DIR> --d-h--- c:\windows\PIF
2009-01-17 14:09 <DIR> --d----- c:\program files\CleanUp!
2009-01-17 13:59 <DIR> --d----- c:\program files\Trend Micro
2009-01-10 23:23 <DIR> --d----- c:\docume~1\brendo~1\applic~1\OpenOffice.org
2009-01-10 23:15 <DIR> --d----- c:\program files\JRE
2009-01-10 23:15 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-01-10 23:15 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-07 18:53 <DIR> --d----- c:\program files\common files\Enterbrain
2008-12-31 23:36 0 a------- c:\windows\system32\msexcr.ini
2008-12-31 10:49 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2008-12-31 10:49 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-31 10:49 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2008-12-31 10:49 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2008-12-31 10:49 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-31 10:49 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-30 18:43 3,634,688 a------- c:\windows\system32\drivers\NETw5x32.sys
2008-12-30 18:43 2,756,608 a------- c:\windows\system32\NETw5r32.dll
2008-12-30 18:43 663,552 a------- c:\windows\system32\NETw5c32.dll
2008-12-30 18:31 53,248 a------- c:\windows\system32\CSVer.dll
2008-12-30 18:31 <DIR> --d----- C:\Intel
2008-12-30 16:05 2,441,216 a------- c:\windows\system32\nvwssr.dll
2008-12-30 16:05 2,363,392 a------- c:\windows\system32\nvwss.dll
2008-12-30 16:05 217,088 a------- c:\windows\system32\oemdspif.dll
2008-12-30 16:05 3,629,056 a------- c:\windows\system32\nvvitvsr.dll
2008-12-30 16:05 3,547,136 a------- c:\windows\system32\nvvitvs.dll
2008-12-30 16:04 3,166,208 a------- c:\windows\system32\nvgamesr.dll
2008-12-30 16:04 2,854,912 a------- c:\windows\system32\nvmoblsr.dll
2008-12-30 16:04 1,146,880 a------- c:\windows\system32\nvmobls.dll
2008-12-30 16:04 458,752 a------- c:\windows\system32\nvmccssr.dll
2008-12-30 16:04 286,720 a------- c:\windows\system32\nvnt4cpl.dll
2008-12-30 16:04 229,376 a------- c:\windows\system32\nvmccs.dll
2008-12-30 16:04 188,416 a------- c:\windows\system32\nvmccss.dll
2008-12-30 16:04 5,509,120 a------- c:\windows\system32\nvdispsr.dll
2008-12-30 16:04 3,325,952 a------- c:\windows\system32\nvgames.dll
2008-12-30 16:04 6,340,608 a------- c:\windows\system32\nvdisps.dll
2008-12-30 15:39 193,024 a------- c:\windows\system\binkw32.dll
2008-12-30 15:05 <DIR> --d----- c:\program files\2K Games

==================== Find3M ====================

2008-12-28 19:55 0 a------- C:\SQ.bin
2008-12-28 19:51 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2008-12-28 19:35 354,560 a------- c:\windows\system32\TuneUpDefragService.exe
2008-12-25 16:22 109,440 a------- c:\windows\system32\drivers\KbdCap.sys
2008-12-11 23:12 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-11 23:12 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-04 22:55 307,560 a------- c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 22:42:20.46 ===============


Changes since last post: Removed two games, added another. Removed two trojans manually.

Many thanks, once again!




Edit: Just as a quick note, things seem to be working fully once more, I will keep the topic active to see if ther eis anything else you need me to do.

Edited by Sakori, 27 January 2009 - 05:47 PM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 27 January 2009 - 07:59 PM

Hello Sakori.

No need to leave the computer on the whole time. I don't always respond promptly.

Let's clean up the leftovers.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    Windows Registry Editor Version 5.00
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
F-Secure Online Scan
Let's check for anything we missed.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

With Regards,
The Panda

#5 Sakori

Sakori
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 31 January 2009 - 07:30 PM

Once again many thanks, everything appears to be working in order, I didn't leave my comp on, just set it to a tab to open when I signed on. Thanks!

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 31 January 2009 - 07:45 PM

Okay. Take your time with the above.

The Panda

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 11 February 2009 - 04:02 PM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users