Unwanted browser window opening/redirecting
Many warning popups (not sure if any are legit)
Can not access CD/DVD drive, USB drives
Desktop background forced to unknown graphic and locked
Task Manager disabled (ctrl/alt/del)
Pop up indicates Win32.Banker.FS Trojan.SpyAgent.DA and others on system
Ran on-line Bit Defender - locked up at completion
Many access violation and system error and dll error popups
Intermittent wireless access
Critical kernal error pop up
Downloaded and ran AVG Free 8.5.
1st run: "Scan whole computer";"3/17/2009, 10:16 AM";"3/17/2009, 12:09 PM";"331968";"57/57";"0/0";"0/0";""
"C:\Documents and Settings\John\Local Settings\Temp\5_odb.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\avto.exe";"Trojan horse SHeur2.WJA";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\avto1.exe";"Trojan horse SHeur2.WJC";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\avto2.exe";"Trojan horse SHeur2.WJB";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\avto3.exe";"Trojan horse SHeur2.WJG";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\avto4.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q1.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q2.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q3.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q4.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q5.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q6.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q7.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q8.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\q9.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\teste1_p.exe";"Trojan horse SHeur2.WJF";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\teste2_p.exe";"Trojan horse SHeur2.WJH";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\teste3_p.exe";"Trojan horse SHeur2.WJD";"Moved to Virus Vault"
"C:\Documents and Settings\John\Local Settings\Temp\teste4_p.exe";"Trojan horse SHeur2.WJE";"Moved to Virus Vault"
"C:\WINDOWS\odb.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\WINDOWS\odb.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\WINDOWS\odb.exe (3972)";"Trojan horse FakeAlert.HY";"Reboot is required to finish the action"
"C:\WINDOWS\runsql.exe";"Trojan horse SHeur2.WJE";"Moved to Virus Vault"
"C:\WINDOWS\runsql.exe";"Trojan horse SHeur2.WJE";"Moved to Virus Vault"
"C:\WINDOWS\runsql.exe";"Trojan horse SHeur2.WJE";"Moved to Virus Vault"
"C:\WINDOWS\svc.exe";"Trojan horse SHeur2.WJA";"Moved to Virus Vault"
"C:\WINDOWS\svc.exe";"Trojan horse SHeur2.WJA";"Moved to Virus Vault"
"C:\WINDOWS\runsql.exe (2808)";"Trojan horse SHeur2.WJE";"Reboot is required to finish the action"
"C:\WINDOWS\sv.exe";"Trojan horse SHeur2.WJD";"Moved to Virus Vault"
"C:\WINDOWS\sv.exe";"Trojan horse SHeur2.WJD";"Moved to Virus Vault"
"C:\WINDOWS\sv.exe";"Trojan horse SHeur2.WJD";"Moved to Virus Vault"
"C:\WINDOWS\svc.exe (2876)";"Trojan horse SHeur2.WJA";"Reboot is required to finish the action"
"C:\WINDOWS\sv.exe (2784)";"Trojan horse SHeur2.WJD";"Reboot is required to finish the action"
"C:\WINDOWS\svhoster.exe";"Trojan horse SHeur2.WJF";"Moved to Virus Vault"
"C:\WINDOWS\svhoster.exe";"Trojan horse SHeur2.WJF";"Moved to Virus Vault"
"C:\WINDOWS\svhoster.exe";"Trojan horse SHeur2.WJF";"Moved to Virus Vault"
"C:\WINDOWS\svhoster.exe (2792)";"Trojan horse SHeur2.WJF";"Reboot is required to finish the action"
"C:\WINDOWS\svw.exe";"Trojan horse SHeur2.WJC";"Moved to Virus Vault"
"C:\WINDOWS\svw.exe";"Trojan horse SHeur2.WJC";"Moved to Virus Vault"
"C:\WINDOWS\svw.exe (2900)";"Trojan horse SHeur2.WJC";"Reboot is required to finish the action"
"C:\WINDOWS\svx.exe";"Trojan horse SHeur2.WJB";"Moved to Virus Vault"
"C:\WINDOWS\svw.exe";"Trojan horse SHeur2.WJC";"Moved to Virus Vault"
"C:\WINDOWS\svx.exe";"Trojan horse SHeur2.WJB";"Moved to Virus Vault"
"C:\WINDOWS\svx.exe";"Trojan horse SHeur2.WJB";"Moved to Virus Vault"
"C:\WINDOWS\svx.exe (2884)";"Trojan horse SHeur2.WJB";"Reboot is required to finish the action"
"C:\WINDOWS\svzip.exe";"Trojan horse SHeur2.WJH";"Moved to Virus Vault"
"C:\WINDOWS\svzip.exe";"Trojan horse SHeur2.WJH";"Moved to Virus Vault"
"C:\WINDOWS\svzip.exe";"Trojan horse SHeur2.WJH";"Moved to Virus Vault"
"C:\WINDOWS\svzip.exe (2800)";"Trojan horse SHeur2.WJH";"Reboot is required to finish the action"
"C:\WINDOWS\vlc.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\WINDOWS\vlc.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\WINDOWS\wdmon.exe";"Trojan horse SHeur2.WJG";"Moved to Virus Vault"
"C:\WINDOWS\vlc.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\WINDOWS\vlc.exe (2840)";"Trojan horse FakeAlert.HY";"Reboot is required to finish the action"
"C:\WINDOWS\wdmon.exe";"Trojan horse SHeur2.WJG";"Moved to Virus Vault"
"C:\WINDOWS\wdmon.exe";"Trojan horse SHeur2.WJG";"Moved to Virus Vault"
"C:\WINDOWS\wdmon.exe (2868)";"Trojan horse SHeur2.WJG";"Reboot is required to finish the action"
2nd Run: "Scheduled scan";"3/17/2009, 12:00 PM";"3/17/2009, 12:00 PM";"0";"14/14";"0/0";"0/0";"Scan log was repaired"
"C:\WINDOWS\runsql.exe";"Trojan horse SHeur2.WJE";"Moved to Virus Vault"
"C:\WINDOWS\runsql.exe (2808)";"Trojan horse SHeur2.WJE";"Reboot is required to finish the action"
"C:\WINDOWS\sv.exe";"Trojan horse SHeur2.WJD";"Moved to Virus Vault"
"C:\WINDOWS\sv.exe (2784)";"Trojan horse SHeur2.WJD";"Reboot is required to finish the action"
"C:\WINDOWS\svw.exe";"Trojan horse SHeur2.WJC";"Moved to Virus Vault"
"C:\WINDOWS\svzip.exe";"Trojan horse SHeur2.WJH";"Moved to Virus Vault"
"C:\WINDOWS\svw.exe (2900)";"Trojan horse SHeur2.WJC";"Reboot is required to finish the action"
"C:\WINDOWS\svzip.exe (2800)";"Trojan horse SHeur2.WJH";"Reboot is required to finish the action"
"C:\WINDOWS\svx.exe";"Trojan horse SHeur2.WJB";"Moved to Virus Vault"
"C:\WINDOWS\svx.exe (2884)";"Trojan horse SHeur2.WJB";"Reboot is required to finish the action"
"C:\WINDOWS\vlc.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
"C:\WINDOWS\vlc.exe (2840)";"Trojan horse FakeAlert.HY";"Reboot is required to finish the action"
"C:\WINDOWS\wdmon.exe";"Trojan horse SHeur2.WJG";"Moved to Virus Vault"
"C:\WINDOWS\wdmon.exe (2868)";"Trojan horse SHeur2.WJG";"Reboot is required to finish the action"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt";"Found Tracking cookie.Sextracker";"Healed"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\fastclick.net.c054072f";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\sextracker.com.87622e37";"Found Tracking cookie.Sextracker";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\sextracker.com.dd8b56b5";"Found Tracking cookie.Sextracker";"Moved to Virus Vault"
"C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\773104ap.default\cookies.txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
3rd RUN (set on Slow): "Scan whole computer";"3/17/2009, 12:41 PM";"3/17/2009, 2:56 PM";"332757";"1/1";"0/0";"0/0";""
"C:\WINDOWS\Temp\5_odb.exe";"Trojan horse FakeAlert.HY";"Moved to Virus Vault"
All problems listed above still exist.
DDS.TXT
DDS (Ver_09-03-16.01) - NTFSx86
Run by John at 16:25:02.34 on Tue 03/17/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.40 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\servicelayer.exe
C:\Program Files\Messenger\MSMSGS.EXE
svchost.exe "C:\WINDOWS\system32\12520850x.exe"
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\TEMP\C.tmp
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\John\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.hp.com/
mDefault_Page_URL = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {539338c9-5480-4c1d-affe-271357e25ff0} - c:\windows\system32\wewefove.dll
BHO: {49ad77c5-d7a1-75f9-9954-1f2070b17387}: {78371b07-02f1-4599-9f57-1a7d5c77da94} - c:\windows\system32\ctdhdo.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [UpdateWin] c:\windows\system32\12520850x.exe
uRun: [userinit] c:\windows\system32\ntos.exe
uRunServices: [UpdateWin] c:\windows\system32\12520850x.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Ktiyitivumejabiv] rundll32.exe "c:\windows\Wpitimu.dll",e
mRun: [UpdateWin] c:\windows\system32\12520850x.exe
mRun: [yewopubeke] Rundll32.exe "c:\windows\system32\popiwoba.dll",s
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [CPM4ff4e647] Rundll32.exe "c:\windows\system32\pufajahe.dll",a
mRun: [4cc7d5db] rundll32.exe "c:\windows\system32\gohifodi.dll",b
mRun: [ctfmon] c:\windows\ctfmon.exe
mRun: [servicelayer] c:\windows\servicelayer.exe
mRunServices: [UpdateWin] c:\windows\system32\12520850x.exe
dRun: [userinit] c:\windows\system32\ntos.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\wifufulu.dll ctdhdo.dll c:\windows\system32\pufajahe.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pufajahe.dll
STS: IPC Configuration Utility - No File
STS: Windows Installer Class: {020487cc-fc04-4b1e-863f-d9801796230b} - c:\docume~1\john\locals~1\temp\wndutl32.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pufajahe.dll
LSA: Notification Packages = scecli c:\windows\system32\wifufulu.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\pegf3iy5.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-3-18 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-18 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-3-18 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-3-18 298264]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [2007-9-12 27008]
S2 40C0CA64;40C0CA64;c:\windows\system32\91cd3028.exe -k --> c:\windows\system32\91CD3028.EXE -k [?]
S2 C0A7F5A8;C0A7F5A8;c:\windows\system32\2af98820.exe -k --> c:\windows\system32\2AF98820.EXE -k [?]
=============== Created Last 30 ================
2009-03-17 12:25 282,112 a------- c:\windows\servicelayer.exe
2009-03-17 12:25 280,064 a------- c:\windows\ctfmon.exe
2009-03-17 10:14 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-17 10:13 1,718,174 ---sh--- c:\windows\system32\idofihog.ini
2009-03-17 10:12 123,392 a--sh--- c:\windows\system32\ctdhdo.dll
==================== Find3M ====================
2009-03-17 10:12 86,016 a--sh--- c:\windows\system32\pufajahe.dll
2009-03-17 10:12 123,392 a--sh--- c:\windows\system32\wudepuve.dll
2009-03-17 10:12 80,896 a--sh--- c:\windows\system32\gohifodi.dll
2007-11-18 10:15 1,648 a------- c:\program files\eVideoShare.lnk
2008-03-17 18:45 41,984 ---shr-- c:\windows\system32\12520850x.exe
2008-03-18 07:55 86,016 a--sh--- c:\windows\system32\divimuvo.dll
2008-03-17 19:54 122,880 a--sh--- c:\windows\system32\donojawi.dll
2008-03-18 07:55 122,880 a--sh--- c:\windows\system32\jaditibi.dll
2008-03-18 07:55 122,880 a--sh--- c:\windows\system32\mbfvpp.dll
2008-03-17 19:54 86,528 a--sh--- c:\windows\system32\mebarepo.dll
2008-03-18 07:55 80,896 a--sh--- c:\windows\system32\nefavega.dll
2008-03-17 19:54 122,880 a--sh--- c:\windows\system32\stxnft.dll
0000-00-00 00:00 48,640 a--sh--- c:\windows\system32\wewefove.dll
0000-00-00 00:00 48,640 a--sh--- c:\windows\system32\wifufulu.dll
============= FINISH: 16:27:20.42 ===============
I also have attached the Attach.txt log zipped if needed.
Thanks for any assistance in advance, this one is CRAZY!
John