Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked ? Spyware Protect 2009 suddenly appeared Cant update AVG anymore


  • This topic is locked This topic is locked
33 replies to this topic

#1 dodgesrb

dodgesrb

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 April 2009 - 08:55 AM

I beleve this computer was infected by another one one the network that suddenly was attacked two days ago, computer running very slow, web sites redirected, sudden messages about the computer being infected, I have tried some suggestions to fix but nothing has worked. Running windows xp on laptop... here is the DDS you guys are amazing and I am desperately seeking any help!



DDS (Ver_09-03-16.01) - FAT32x86
Run by Mary(mom) at 9:16:29.70 on Tue 04/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.393 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
SVCHOST.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\windows\ld08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
SVCHOST.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\sysguard.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dll32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\DOCUME~1\MARY(M~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mary(mom)\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: 796525 Class: {e7f15ac4-e0a9-43f0-921b-70dfea621220} - c:\windows\system32\796525\796525.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [system tool] c:\windows\sysguard.exe
uRun: [dll32] dll32
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [LaunchApp]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RelevantKnowledge] c:\program files\relevantknowledge\rlvknlg.exe -boot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SDFix] c:\sdfix\RUNTHIS.BAT /second
mRun: [sysLDtray] c:\windows\ld08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\amanda\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mary(m~1\applic~1\mozilla\firefox\profiles\b91a8h9d.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\relevantknowledge\components\rlxg.dll
FF - HiddenExtension: *xg.dll: {998B0A2E-1475-4318-8BE9-383A0E70DD2E} - c:\program files\RelevantKnowledge
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\RelevantKnowledge

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-26 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-26 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-26 107272]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-13 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-13 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-22 1251720]

=============== Created Last 30 ================

2009-04-28 00:34 10,752 a------- c:\windows\system32\iehelper.dll
2009-04-28 00:25 15,360 a------- c:\windows\system32\dll32.exe
2009-04-28 00:24 <DIR> --d----- c:\windows\system32\796525
2009-04-28 00:24 292,368 a------- c:\windows\sysguard.exe
2009-04-28 00:24 13,824 ----h--- c:\windows\ld08.exe
2009-04-27 17:02 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-04-27 17:00 <DIR> --d----- c:\windows\ERUNT
2009-04-27 16:54 <DIR> --d----- C:\SDFix
2009-04-27 12:37 <DIR> --d----- c:\program files\common files\HP
2009-04-27 12:33 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-04-27 12:31 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-27 12:31 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-27 12:31 21,744 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-27 12:29 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-04-27 12:29 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-04-27 12:29 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-04-27 12:29 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-04-27 12:29 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-04-27 12:29 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-04-27 11:48 <DIR> --d----- c:\program files\HP
2009-04-27 11:45 112,911 a------- c:\windows\hpoins07.dat
2009-04-27 11:45 21,124 -------- c:\windows\hpomdl07.dat
2009-04-27 04:01 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-27 04:00 <DIR> --d----- c:\documents and settings\mary(mom)\.housecall6.6
2009-04-25 08:27 <DIR> --d----- c:\docume~1\mary(m~1\applic~1\IObit
2009-04-25 08:27 <DIR> --d----- c:\program files\IObit
2009-04-21 20:59 <DIR> --dsh--- C:\FOUND.002
2009-04-19 13:04 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-19 13:04 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-19 13:04 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-19 13:04 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-19 13:04 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 13:04 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 13:04 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 13:04 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-19 13:04 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-19 13:03 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-19 13:03 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 13:03 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-13 15:41 <DIR> --dsh--- C:\FOUND.001

==================== Find3M ====================

2009-04-13 15:47 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-13 15:47 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-13 15:47 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-10-26 19:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat

============= FINISH: 9:17:07.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 April 2009 - 10:06 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 dodgesrb

dodgesrb
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 April 2009 - 11:42 AM

I have ran ComboFix and it seemed to have disconnected my internet connection, now i cannot use explorer and firefox says "firefox is configured to use a proxy server that is refusing connections" I went to options, advanced, settings, and changed the check from "manual proxy configuration" to Automatic, but i have not fixed explorer yet, I will try to use firefox to post the log, (had to go to another computer to reply)

Edited by dodgesrb, 28 April 2009 - 11:42 AM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 April 2009 - 11:48 AM

Reboot your computer.. and then try the internet connection..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 dodgesrb

dodgesrb
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 April 2009 - 11:48 AM

fire fox works after the setting changes, here is the combofix log


ComboFix 09-04-27.04 - Mary(mom) 04/28/2009 11:31.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.405 [GMT -4:00]
Running from: c:\documents and settings\Mary(mom)\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ld08.exe
c:\windows\sysguard.exe
c:\windows\system32\796525
c:\windows\system32\796525\796525.dll
c:\windows\system32\dll32.exe
c:\windows\system32\iehelper.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-28 13:47 . 2009-04-28 13:47 1 ---h--w c:\windows\f23567.dat
2009-04-28 13:47 . 2009-04-28 13:47 33792 ---h--w c:\windows\freddy41.exe
2009-04-28 13:47 . 2009-04-28 13:47 2 ---h--w c:\windows\t55ft2667f44.dat
2009-04-28 04:10 . 2009-04-28 04:10 -------- d-----w c:\documents and settings\Mary(mom)\Application Data\Move Networks
2009-04-27 21:02 . 2009-04-27 21:02 578560 ----a-w c:\windows\system32\dllcache\user32.dll
2009-04-27 21:00 . 2009-04-27 21:00 -------- d-----w c:\windows\ERUNT
2009-04-27 20:54 . 2008-11-06 06:03 -------- d-----w C:\SDFix
2009-04-27 16:38 . 2009-04-27 16:38 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-27 16:37 . 2009-04-27 16:37 -------- d-----w c:\program files\Common Files\HP
2009-04-27 16:35 . 2009-04-27 16:35 -------- d-----w c:\program files\Hewlett-Packard
2009-04-27 16:33 . 2009-04-27 16:33 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-27 16:31 . 2005-03-08 04:43 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-27 16:31 . 2005-03-08 04:43 51120 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-27 16:31 . 2005-03-08 04:43 21744 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-27 16:29 . 2004-09-29 16:08 61440 ----a-w c:\windows\system32\HPZinw12.exe
2009-04-27 16:29 . 2004-09-29 16:14 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-04-27 16:29 . 2004-09-29 16:09 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-04-27 16:29 . 2004-09-29 16:09 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-04-27 16:29 . 2004-09-29 16:15 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-04-27 16:29 . 2004-09-29 16:12 278584 ----a-w c:\windows\system32\HPZidr12.dll
2009-04-27 15:48 . 2009-04-27 15:48 -------- d-----w c:\program files\HP
2009-04-27 15:45 . 2009-04-27 16:48 112911 ----a-w c:\windows\hpoins07.dat
2009-04-27 15:45 . 2005-05-24 06:52 21124 ------w c:\windows\hpomdl07.dat
2009-04-27 15:45 . 2009-04-27 15:45 -------- d-----w c:\documents and settings\Mary(mom)\Application Data\HP
2009-04-27 08:01 . 2009-04-27 08:00 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-27 08:00 . 2009-04-27 08:00 -------- d-----w c:\documents and settings\Mary(mom)\.housecall6.6
2009-04-26 13:15 . 2009-04-26 13:15 -------- d-----w c:\documents and settings\Mary(mom)\Local Settings\Application Data\Identities
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w c:\documents and settings\Mary(mom)\Local Settings\Application Data\MTV Networks
2009-04-25 12:27 . 2009-04-25 12:27 -------- d-----w c:\documents and settings\Mary(mom)\Application Data\IObit
2009-04-25 12:27 . 2009-04-25 12:27 -------- d-----w c:\program files\IObit
2009-04-24 12:41 . 2009-04-24 12:41 -------- d-----w c:\documents and settings\Mary(mom)\Local Settings\Application Data\PCHealth
2009-04-22 00:59 . 2009-04-22 00:59 -------- d-sh--w C:\FOUND.002
2009-04-19 17:04 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 17:04 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 17:04 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 17:04 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 17:04 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 17:04 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 17:04 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 17:04 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 17:04 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 17:03 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 17:03 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 19:41 . 2009-04-13 19:41 -------- d-sh--w C:\FOUND.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 21:33 . 2006-09-22 22:11 12 ----a-w c:\windows\bthservsdp.dat
2009-04-13 19:47 . 2008-10-27 00:11 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-13 19:47 . 2008-10-27 00:11 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-13 19:47 . 2008-10-27 00:11 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-06 14:22 . 2004-08-11 00:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-01-09 15:02 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-11 00:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-11 00:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 00:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 00:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-11 00:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-11 00:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-11 00:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-09-28 21:04 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 00:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2005-09-28 20:35 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-11 00:00 56832 ----a-w c:\windows\system32\secur32.dll
2007-05-22 23:14 . 2007-01-01 14:21 8784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-22 23:17 . 2007-01-01 14:21 245408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
2009-04-25 11:59 . 2006-12-27 16:08 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-04-25 11:59 . 2006-12-27 16:08 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-25 11:59 . 2006-12-27 16:08 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-04-25 11:59 . 2006-12-27 16:08 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-04-25 11:59 . 2006-12-27 16:08 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-01 346112]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 208896]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 442368]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-16 766041]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 479232]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-13 1601304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"SDFix"="c:\sdfix\RUNTHIS.BAT" [2008-11-06 964661]
"sysfbtray"="c:\windows\freddy41.exe" [2009-04-28 33792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-08-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-8-3 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-13 19:47 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\program files\\relevantknowledge\\rlvknlg.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-13 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-13 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-13 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-13 298264]

.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-04-25 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-25 22:15]
.
- - - - ORPHANS REMOVED - - - -

BHO-{E7F15AC4-E0A9-43F0-921B-70DFEA621220} - c:\windows\system32\796525\796525.dll
HKLM-Run-LaunchApp - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Amanda\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Mary(mom)\Application Data\Mozilla\Firefox\Profiles\b91a8h9d.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\RelevantKnowledge\components\rlxg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 11:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-28 11:33
ComboFix-quarantined-files.txt 2009-04-28 15:33

Pre-Run: 25,803,882,496 bytes free
Post-Run: 26,157,711,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

228 --- E O F --- 2009-04-19 17:50




here is a new dds log



DDS (Ver_09-03-16.01) - FAT32x86
Run by Mary(mom) at 12:16:22.81 on Tue 04/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.442 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\freddy41.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
SVCHOST.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
SVCHOST.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\MARY(M~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Mary(mom)\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SDFix] c:\sdfix\RUNTHIS.BAT /second
mRun: [sysfbtray] c:\windows\freddy41.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\amanda\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mary(m~1\applic~1\mozilla\firefox\profiles\b91a8h9d.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\relevantknowledge\components\rlxg.dll
FF - HiddenExtension: *xg.dll: {998B0A2E-1475-4318-8BE9-383A0E70DD2E} - c:\program files\RelevantKnowledge
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\RelevantKnowledge

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-26 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-26 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-26 107272]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-13 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-13 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-22 1251720]

=============== Created Last 30 ================

2009-04-28 11:44 <DIR> --dsh--- C:\FOUND.003
2009-04-28 11:30 <DIR> a-dshr-- C:\cmdcons
2009-04-28 11:29 161,792 a------- c:\windows\SWREG.exe
2009-04-28 11:29 98,816 a------- c:\windows\sed.exe
2009-04-28 11:29 <DIR> --d----- C:\ComboFix
2009-04-28 09:47 33,792 ----h--- c:\windows\freddy41.exe
2009-04-28 09:47 2 ----h--- c:\windows\t55ft2667f44.dat
2009-04-28 09:47 1 ----h--- c:\windows\f23567.dat
2009-04-27 17:02 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-04-27 17:00 <DIR> --d----- c:\windows\ERUNT
2009-04-27 16:54 <DIR> --d----- C:\SDFix
2009-04-27 12:37 <DIR> --d----- c:\program files\common files\HP
2009-04-27 12:33 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-04-27 12:31 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-27 12:31 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-27 12:31 21,744 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-27 12:29 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-04-27 12:29 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-04-27 12:29 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-04-27 12:29 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-04-27 12:29 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-04-27 12:29 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-04-27 11:48 <DIR> --d----- c:\program files\HP
2009-04-27 11:45 112,911 a------- c:\windows\hpoins07.dat
2009-04-27 11:45 21,124 -------- c:\windows\hpomdl07.dat
2009-04-27 04:01 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-27 04:00 <DIR> --d----- c:\documents and settings\mary(mom)\.housecall6.6
2009-04-25 08:27 <DIR> --d----- c:\docume~1\mary(m~1\applic~1\IObit
2009-04-25 08:27 <DIR> --d----- c:\program files\IObit
2009-04-21 20:59 <DIR> --dsh--- C:\FOUND.002
2009-04-19 13:04 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-19 13:04 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-19 13:04 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-19 13:04 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-19 13:04 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 13:04 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 13:04 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 13:04 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-19 13:04 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-19 13:03 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-19 13:03 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 13:03 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-13 15:41 <DIR> --dsh--- C:\FOUND.001

==================== Find3M ====================

2009-04-13 15:47 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-13 15:47 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-13 15:47 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-10-26 19:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat

============= FINISH: 12:17:21.92 ===============

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 April 2009 - 11:54 AM

This is important step.. Tell me whether you successfully upload the file or not.. Please zip it first before sending it to the upload channel..

Please show hidden files and folders

Please visit this site and upload below file.. At the comment section, just say "fenzodahl512 asked to upload the file"

c:\windows\freddy41.exe




1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\f23567.dat
c:\windows\freddy41.exe
c:\windows\t55ft2667f44.dat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysfbtray"=-

DirLook::
c:\documents and settings\Mary(mom)\Application Data\Move Networks

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 dodgesrb

dodgesrb
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 April 2009 - 12:06 PM

I followed the instructions and dragged the dfscript file to combofix, but then it came up with a message that says "there is a newer version of ComboFix available, would you like to update?...... should I update or could this be a virus trick.....what should I do???

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 April 2009 - 12:12 PM

Update it..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 dodgesrb

dodgesrb
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 April 2009 - 12:58 PM

I ran the last steps however during the combofix it came up and said "rebooting,,, please wait" but this sat there for 40 mins so I presumed it was stuck and manually rebooted but i did not get any new log, so i ran combofix again and here is the log.


ComboFix 09-04-27.05 - Mary(mom) 04/28/2009 13:38.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.488 [GMT -4:00]
Running from: c:\documents and settings\Mary(mom)\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\f23567.dat
c:\windows\freddy41.exe
c:\windows\t55ft2667f44.dat

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-28 15:44 . 2009-04-28 15:44 -------- d-sh--w C:\FOUND.003
2009-04-28 04:10 . 2009-04-28 04:10 -------- d-----w c:\documents and settings\Mary(mom)\Application Data\Move Networks
2009-04-27 21:02 . 2009-04-27 21:02 578560 ----a-w c:\windows\system32\dllcache\user32.dll
2009-04-27 21:00 . 2009-04-27 21:00 -------- d-----w c:\windows\ERUNT
2009-04-27 20:54 . 2008-11-06 06:03 -------- d-----w C:\SDFix
2009-04-27 16:38 . 2009-04-27 16:38 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-27 16:37 . 2009-04-27 16:37 -------- d-----w c:\program files\Common Files\HP
2009-04-27 16:35 . 2009-04-27 16:35 -------- d-----w c:\program files\Hewlett-Packard
2009-04-27 16:33 . 2009-04-27 16:33 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-27 16:31 . 2005-03-08 04:43 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-27 16:31 . 2005-03-08 04:43 51120 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-27 16:31 . 2005-03-08 04:43 21744 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-27 16:29 . 2004-09-29 16:08 61440 ----a-w c:\windows\system32\HPZinw12.exe
2009-04-27 16:29 . 2004-09-29 16:14 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-04-27 16:29 . 2004-09-29 16:09 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-04-27 16:29 . 2004-09-29 16:09 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-04-27 16:29 . 2004-09-29 16:15 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-04-27 16:29 . 2004-09-29 16:12 278584 ----a-w c:\windows\system32\HPZidr12.dll
2009-04-27 15:48 . 2009-04-27 15:48 -------- d-----w c:\program files\HP
2009-04-27 15:45 . 2009-04-27 16:48 112911 ----a-w c:\windows\hpoins07.dat
2009-04-27 15:45 . 2005-05-24 06:52 21124 ------w c:\windows\hpomdl07.dat
2009-04-27 15:45 . 2009-04-27 15:45 -------- d-----w c:\documents and settings\Mary(mom)\Application Data\HP
2009-04-27 08:01 . 2009-04-27 08:00 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-27 08:00 . 2009-04-27 08:00 -------- d-----w c:\documents and settings\Mary(mom)\.housecall6.6
2009-04-26 13:15 . 2009-04-26 13:15 -------- d-----w c:\documents and settings\Mary(mom)\Local Settings\Application Data\Identities
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w c:\documents and settings\Mary(mom)\Local Settings\Application Data\MTV Networks
2009-04-25 12:27 . 2009-04-25 12:27 -------- d-----w c:\documents and settings\Mary(mom)\Application Data\IObit
2009-04-25 12:27 . 2009-04-25 12:27 -------- d-----w c:\program files\IObit
2009-04-24 12:41 . 2009-04-24 12:41 -------- d-----w c:\documents and settings\Mary(mom)\Local Settings\Application Data\PCHealth
2009-04-22 00:59 . 2009-04-22 00:59 -------- d-sh--w C:\FOUND.002
2009-04-19 17:04 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 17:04 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 17:04 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 17:04 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 17:04 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 17:04 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 17:04 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 17:04 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 17:04 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 17:03 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 17:03 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 19:41 . 2009-04-13 19:41 -------- d-sh--w C:\FOUND.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 15:39 . 2006-09-22 22:11 12 ----a-w c:\windows\bthservsdp.dat
2009-04-13 19:47 . 2008-10-27 00:11 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-13 19:47 . 2008-10-27 00:11 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-13 19:47 . 2008-10-27 00:11 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-06 14:22 . 2004-08-11 00:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-01-09 15:02 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-11 00:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-11 00:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 00:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 00:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-11 00:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-11 00:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-11 00:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-09-28 21:04 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 00:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2005-09-28 20:35 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-11 00:00 56832 ----a-w c:\windows\system32\secur32.dll
2007-05-22 23:14 . 2007-01-01 14:21 8784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-22 23:17 . 2007-01-01 14:21 245408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
2009-04-25 11:59 . 2006-12-27 16:08 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-04-25 11:59 . 2006-12-27 16:08 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-25 11:59 . 2006-12-27 16:08 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-04-25 11:59 . 2006-12-27 16:08 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-04-25 11:59 . 2006-12-27 16:08 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-28_15.33.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 17:27 . 2009-04-28 17:27 16384 c:\windows\Temp\Perflib_Perfdata_c5c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-01 346112]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 208896]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 442368]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-16 766041]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 479232]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-13 1601304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"SDFix"="c:\sdfix\RUNTHIS.BAT" [2008-11-06 964661]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-08-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-8-3 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-13 19:47 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\program files\\relevantknowledge\\rlvknlg.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-13 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-13 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-13 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-13 298264]

.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-04-25 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-25 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Amanda\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Mary(mom)\Application Data\Mozilla\Firefox\Profiles\b91a8h9d.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\RelevantKnowledge\components\rlxg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 13:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4104)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-28 13:41
ComboFix-quarantined-files.txt 2009-04-28 17:41
ComboFix2.txt 2009-04-28 15:33

Pre-Run: 26,094,927,872 bytes free
Post-Run: 26,090,340,352 bytes free

228 --- E O F --- 2009-04-19 17:50




DDS (Ver_09-03-16.01) - FAT32x86
Run by Mary(mom) at 13:48:24.95 on Tue 04/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.521 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
SVCHOST.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
SVCHOST.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mary(mom)\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SDFix] c:\sdfix\RUNTHIS.BAT /second
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\amanda\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mary(m~1\applic~1\mozilla\firefox\profiles\b91a8h9d.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\relevantknowledge\components\rlxg.dll
FF - HiddenExtension: *xg.dll: {998B0A2E-1475-4318-8BE9-383A0E70DD2E} - c:\program files\RelevantKnowledge
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\RelevantKnowledge

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-26 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-26 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-26 107272]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-13 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-13 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-22 1251720]

=============== Created Last 30 ================

2009-04-28 11:44 <DIR> --dsh--- C:\FOUND.003
2009-04-28 11:30 <DIR> a-dshr-- C:\cmdcons
2009-04-28 11:29 161,792 a------- c:\windows\SWREG.exe
2009-04-28 11:29 98,816 a------- c:\windows\sed.exe
2009-04-27 17:02 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-04-27 17:00 <DIR> --d----- c:\windows\ERUNT
2009-04-27 16:54 <DIR> --d----- C:\SDFix
2009-04-27 12:37 <DIR> --d----- c:\program files\common files\HP
2009-04-27 12:33 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-04-27 12:31 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-27 12:31 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-27 12:31 21,744 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-27 12:29 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-04-27 12:29 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-04-27 12:29 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-04-27 12:29 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-04-27 12:29 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-04-27 12:29 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-04-27 11:48 <DIR> --d----- c:\program files\HP
2009-04-27 11:45 112,911 a------- c:\windows\hpoins07.dat
2009-04-27 11:45 21,124 -------- c:\windows\hpomdl07.dat
2009-04-27 04:01 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-27 04:00 <DIR> --d----- c:\documents and settings\mary(mom)\.housecall6.6
2009-04-25 08:27 <DIR> --d----- c:\docume~1\mary(m~1\applic~1\IObit
2009-04-25 08:27 <DIR> --d----- c:\program files\IObit
2009-04-21 20:59 <DIR> --dsh--- C:\FOUND.002
2009-04-19 13:04 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-19 13:04 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-19 13:04 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-19 13:04 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-19 13:04 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 13:04 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 13:04 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 13:04 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-19 13:04 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-19 13:03 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-19 13:03 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 13:03 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-13 15:41 <DIR> --dsh--- C:\FOUND.001

==================== Find3M ====================

2009-04-13 15:47 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-13 15:47 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-13 15:47 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-10-26 19:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat

============= FINISH: 13:48:35.35 ===============

Attached Files



#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 April 2009 - 01:02 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.





Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..

1. Malwarebytes'
2. ESET Online Scanner
3. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 dodgesrb

dodgesrb
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 April 2009 - 01:09 PM

I am unable to get through those links, one says error 404 and the other one says "server not found" I am able to open firefox but not ie explorer and do a google search for malwarebytes but when I click to the link is says that the servier cannot be found and it is looking for www.malwarebytes.org, any suggestions?

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 April 2009 - 01:15 PM

Reboot your computer.. Can you use IE after rebooting?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 dodgesrb

dodgesrb
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 April 2009 - 01:29 PM

rebooting did not fix ie explorer, but when i reboot i get the dos screen that SDfix is finishing and i have deleted that off the desktop, not sure if it is the problem or what, I still cannot get to the malwarebytes site?

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 28 April 2009 - 01:40 PM

Post SDFix log here.. You can find it at C:\report.txt


Try download Malwarebytes' from below..

http://www.malwarebytes.org/mbam-download.php


Then do below...

Please download GMER and unzip it to your Desktop.
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 dodgesrb

dodgesrb
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 April 2009 - 01:54 PM

the file c:/report.txt is not there, it may have been deleted when I did a search and deleted everything that said "SDfix" earlier,

The new link does not work it still says "server not found"

and when i click on the GMER link it says a funny file name "1t51p3u.exe" and it did not rename as you said, and when i clicked on it it to extract as you said, it opened a window and started running, so I deleted it quickly, then clicked the link again and this time it had a totally different name in the little download wndow, is this ok?

and the link to the earlier virus scan also does not work

Edited by dodgesrb, 28 April 2009 - 01:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users