Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirect to different websites or false ad


  • This topic is locked This topic is locked
13 replies to this topic

#1 kpasawuey

kpasawuey

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:46 AM

Posted 30 May 2010 - 01:19 PM

Hi everyone, about a week ago I started noticing that Google links redirects me to different websites or ads. I takes about 3-4 tries to open the intended site. I ran my AVG anti virus scan and Microsoft malware removal tool to see if it can spot the problem but they keep coming up clean. But problem is still occurring. I ran a Hijackthis scan, can someone please take a look at the HijackThis Log and see if they can help me, I would really appreciate it?




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:37 AM, on 5/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\HJK\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9125 bytes

Edited by kpasawuey, 30 May 2010 - 01:20 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:46 PM

Posted 01 June 2010 - 02:19 PM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • ---


    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #3 kpasawuey

    kpasawuey
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:08:46 AM

    Posted 01 June 2010 - 06:47 PM

    Here is the logs you asked for

    DDS.txt


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 14:47:50.71 on Tue 06/01/2010
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1107 [GMT -7:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Documents and Settings\Administrator\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\osujsn6i.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\osujsn6i.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-5 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-5 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-5 216200]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-5 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-5 242896]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-5 308064]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-5-31 2331544]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-5 5888008]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-5 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-5 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-5 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-5 26120]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2010-5-5 231424]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-5 369920]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-5 30104]

    =============== Created Last 30 ================

    2010-05-30 18:32:22 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb0026718432bc.mof
    2010-05-30 07:13:27 0 d-----w- c:\program files\HJK
    2010-05-27 20:45:56 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-05-27 20:45:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-05-27 20:45:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-27 02:08:02 0 d--h--w- C:\$AVG
    2010-05-10 06:16:52 0 d-----w- c:\program files\jZip
    2010-05-09 22:25:44 0 d-----w- c:\program files\uTorrent
    2010-05-09 22:24:57 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
    2010-05-08 04:25:59 0 d-----w- c:\windows\system32\LogFiles
    2010-05-08 04:00:46 0 d-----w- c:\docume~1\admini~1\applic~1\AVG9
    2010-05-08 00:11:28 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
    2010-05-07 03:44:00 0 d-----w- c:\windows\All Users
    2010-05-07 03:12:48 3023 ----a-w- c:\windows\system32\spupdsvc.inf
    2010-05-07 02:56:32 0 d-----w- c:\windows\system32\scripting
    2010-05-07 02:56:29 0 d-----w- c:\windows\l2schemas
    2010-05-07 02:56:00 0 d-----w- c:\windows\system32\en
    2010-05-07 02:55:59 0 d-----w- c:\windows\system32\bits
    2010-05-07 02:19:21 0 d-----w- c:\windows\network diagnostic
    2010-05-06 07:37:10 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2010-05-06 07:37:10 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-05-06 07:37:10 133616 ------w- c:\windows\system32\pxafs.dll
    2010-05-06 07:36:27 0 d-----w- c:\program files\common files\DivX Shared
    2010-05-06 07:33:34 0 d-----w- c:\program files\DivX
    2010-05-06 07:32:50 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-05-06 07:01:52 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
    2010-05-06 07:01:51 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
    2010-05-06 07:01:48 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
    2010-05-06 07:01:47 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
    2010-05-06 07:01:46 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
    2010-05-06 07:01:45 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
    2010-05-06 07:01:10 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
    2010-05-06 07:01:09 95424 ------w- c:\windows\system32\drivers\slnthal.sys
    2010-05-06 07:01:08 404990 ------w- c:\windows\system32\drivers\slntamr.sys
    2010-05-06 07:01:08 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
    2010-05-06 07:00:59 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
    2010-05-06 07:00:55 13776 ------w- c:\windows\system32\drivers\recagent.sys
    2010-05-06 07:00:40 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
    2010-05-06 07:00:38 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
    2010-05-06 07:00:26 67866 ------w- c:\windows\system32\drivers\netwlan5.img
    2010-05-06 07:00:22 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
    2010-05-06 07:00:21 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2010-05-06 07:00:21 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
    2010-05-06 06:59:12 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
    2010-05-06 06:59:11 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
    2010-05-06 06:59:11 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
    2010-05-06 06:58:20 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
    2010-05-06 06:08:31 0 d-----w- c:\program files\MSXML 4.0
    2010-05-06 05:56:30 0 d-----w- c:\windows\ServicePackFiles
    2010-05-06 04:38:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-05-06 04:38:27 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-05-06 04:37:55 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-05-06 04:37:34 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-05-06 04:37:33 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-05-06 04:36:46 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-05-06 04:35:46 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-05-06 04:34:01 0 d-----w- c:\windows\system32\KARLA
    2010-05-06 04:32:07 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-05-06 04:32:05 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-05-06 04:28:04 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-05-06 04:26:23 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-05-06 04:26:02 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-05-06 04:24:08 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-05-06 04:19:41 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-05-06 04:07:06 0 d-----w- c:\windows\system32\PreInstall
    2010-05-06 04:01:46 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-05-06 04:01:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-05-06 04:01:02 0 d-----w- c:\windows\system32\drivers\Avg
    2010-05-06 04:00:58 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2010-05-06 03:59:13 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-05-06 03:59:13 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-05-06 03:59:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-05-06 03:59:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-05-06 03:58:39 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-05-06 03:58:39 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-05-06 03:56:49 0 d-----w- c:\program files\AVG
    2010-05-06 03:56:16 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-05-06 03:43:34 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2010-05-06 03:39:21 0 d-----w- c:\windows\SHELLNEW
    2010-05-06 03:31:05 0 d-----w- c:\program files\DAEMON Tools Toolbar
    2010-05-06 03:30:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-05-06 03:30:41 0 d-----w- c:\program files\DAEMON Tools Lite
    2010-05-06 03:30:35 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
    2010-05-06 03:30:31 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
    2010-05-06 03:29:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-05-06 03:29:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-05-06 03:29:17 0 d-----w- c:\program files\iPod
    2010-05-06 03:29:13 0 d-----w- c:\program files\iTunes
    2010-05-06 03:29:13 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-05-06 03:27:39 0 d-----w- c:\program files\Bonjour
    2010-05-06 03:18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-05-06 03:18:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-06 03:15:54 0 d-----w- c:\windows\system32\appmgmt
    2010-05-06 03:01:22 0 d--h--w- c:\windows\$hf_mig$
    2010-05-06 03:00:33 47104 ----a-w- c:\windows\system32\WACntlPnl.cpl
    2010-05-06 02:57:00 0 d-----w- c:\program files\common files\TiVo Shared
    2010-05-06 02:56:10 0 d-----w- c:\program files\common files\SureThing Shared
    2010-05-06 02:55:30 0 d-----w- c:\program files\Sonic
    2010-05-06 0

    Edited by kpasawuey, 01 June 2010 - 06:54 PM.


    #4 kpasawuey

    kpasawuey
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:08:46 AM

    Posted 01 June 2010 - 06:48 PM

    Attach.txt




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/5/2010 7:04:36 PM
    System Uptime: 6/1/2010 2:29:23 PM (0 hours ago)

    Motherboard: Hewlett-Packard | | 30AE
    Processor: AMD Turion™ 64 Mobile Technology ML-34 | U23 | 1578/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 135 GiB total, 120.877 GiB free.
    D: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 5/5/2010 7:07:15 PM - System Checkpoint
    RP2: 5/5/2010 7:20:52 PM - Installed Athlon 64 Processor Driver
    RP3: 5/5/2010 7:22:22 PM - Installed Windows Media Player 10
    RP4: 5/5/2010 7:23:46 PM - Installed TIPCI
    RP5: 5/5/2010 7:24:39 PM - Installed REALTEK Gigabit and Fast Ethernet NIC Driver
    RP6: 5/5/2010 7:31:35 PM - Installed Windows XP KB888111WXPSP2.
    RP7: 5/5/2010 7:31:46 PM - Installed Windows XP KB883667.
    RP8: 5/5/2010 7:31:56 PM - Installed Windows XP KB884575.
    RP9: 5/5/2010 7:32:03 PM - Installed Windows XP KB885464.
    RP10: 5/5/2010 7:32:10 PM - Installed Windows XP KB885855.
    RP11: 5/5/2010 7:32:17 PM - Installed Windows XP KB888239.
    RP12: 5/5/2010 7:32:24 PM - Installed Windows XP KB888402.
    RP13: 5/5/2010 7:32:31 PM - Installed Windows XP KB889673.
    RP14: 5/5/2010 7:32:43 PM - Installed Windows XP KB892559.
    RP15: 5/5/2010 7:32:51 PM - Installed Windows XP KB896256.
    RP16: 5/5/2010 7:41:24 PM - Installed HP User Guides 0025
    RP17: 5/5/2010 7:42:09 PM - Installed HP User Guides--System Recovery
    RP18: 5/5/2010 7:42:27 PM - Installed HP Software Update
    RP19: 5/5/2010 7:43:10 PM - Installed HP Help and Support
    RP20: 5/5/2010 7:50:31 PM - Installed Windows Media Format Runtime
    RP21: 5/5/2010 7:50:58 PM - Installed muvee autoProducer 4.5
    RP22: 5/5/2010 7:54:45 PM - Printer Driver Amyuni Document Converter 2.50 Installed
    RP23: 5/5/2010 7:59:19 PM - Installed Wireless Home Network Setup
    RP24: 5/5/2010 8:00:32 PM - Installed HP Wireless Assistant
    RP25: 5/5/2010 8:01:26 PM - Installed Windows XP KB873333.
    RP26: 5/5/2010 8:01:37 PM - Installed Windows XP KB885250.
    RP27: 5/5/2010 8:01:47 PM - Installed Windows XP KB885884.
    RP28: 5/5/2010 8:01:55 PM - Installed Windows XP KB886185.
    RP29: 5/5/2010 8:02:03 PM - Installed Windows XP KB887472.
    RP30: 5/5/2010 8:02:12 PM - Installed Windows XP KB888113.
    RP31: 5/5/2010 8:02:21 PM - Installed Windows XP KB891781.
    RP32: 5/5/2010 8:02:30 PM - Installed Windows XP KB893066.
    RP33: 5/5/2010 8:02:40 PM - Installed Windows XP KB894391.
    RP34: 5/5/2010 8:02:50 PM - Installed Windows XP KB896358.
    RP35: 5/5/2010 8:03:01 PM - Installed Windows XP KB896422.
    RP36: 5/5/2010 8:03:10 PM - Installed Windows XP KB896423.
    RP37: 5/5/2010 8:03:23 PM - Installed Windows XP KB896727.
    RP38: 5/5/2010 8:03:38 PM - Installed Windows XP KB901214.
    RP39: 5/5/2010 8:03:49 PM - Installed Windows XP KB903235.
    RP40: 5/5/2010 8:15:30 PM - Removed Quicken 2006
    RP41: 5/5/2010 8:18:40 PM - Installed Java™ 6 Update 20
    RP42: 5/5/2010 8:29:05 PM - Installed iTunes
    RP43: 5/5/2010 8:30:47 PM - SPTD setup V1.62
    RP44: 5/5/2010 8:38:29 PM - Installed Microsoft Office Enterprise 2007
    RP45: 5/5/2010 8:43:31 PM - Printer Driver Send To Microsoft OneNote Driver Installed
    RP46: 5/5/2010 8:56:16 PM - Installed AVG 9.0
    RP47: 5/5/2010 9:02:40 PM - Avg Update
    RP48: 5/5/2010 9:06:46 PM - Software Distribution Service 3.0
    RP49: 5/5/2010 10:02:24 PM - Software Distribution Service 3.0
    RP50: 5/5/2010 10:39:54 PM - Software Distribution Service 3.0
    RP51: 5/5/2010 11:34:55 PM - Installed Windows XP WgaNotify.
    RP52: 5/5/2010 11:40:00 PM - Installed Microsoft Windows Theme Nunavut
    RP53: 5/6/2010 12:29:36 AM - Software Distribution Service 3.0
    RP54: 5/6/2010 12:33:11 AM - Software Distribution Service 3.0
    RP55: 5/6/2010 7:04:20 PM - Software Distribution Service 3.0
    RP56: 5/6/2010 9:07:55 PM - Software Distribution Service 3.0
    RP57: 5/6/2010 9:13:46 PM - Software Distribution Service 3.0
    RP58: 5/7/2010 5:14:41 PM - Software Distribution Service 3.0
    RP59: 5/8/2010 10:52:14 PM - System Checkpoint
    RP60: 5/12/2010 12:38:06 AM - Software Distribution Service 3.0
    RP61: 5/13/2010 1:11:34 AM - System Checkpoint
    RP62: 5/15/2010 10:52:39 AM - System Checkpoint
    RP63: 5/23/2010 7:37:01 PM - System Checkpoint
    RP64: 5/30/2010 12:13:26 AM - Installed HiJackThis
    RP65: 5/31/2010 11:04:27 AM - Avg Update
    RP66: 6/1/2010 11:27:41 AM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    Adobe Flash Player 10 Plugin
    Adobe Reader 6.0.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Athlon 64 Processor Driver
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AVG 9.0
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    Conexant AC-Link Audio
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CueTour
    DAEMON Tools Toolbar
    Destinations
    DeviceManagementQFolder
    DivX Setup
    FullDPAppQFolder
    HiJackThis
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB979306)
    HP Help and Support
    HP Imaging Device Functions 6.0
    HP Photosmart Premier Software 6.0
    HP QuickPlay 2.0
    HP Software Update
    HP User Guides--System Recovery
    HP User Guides 0025
    HP Wireless Assistant 2.00 C1
    InstantShareDevices
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java™ 6 Update 20
    jZip
    LightScribe 1.4.56.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Theme Nunavut
    Mozilla Firefox (3.6.3)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 4.5
    Octoshape add-in for Adobe Flash Player
    OptionalContentQFolder
    PhotoGallery
    Quick Launch Buttons 5.20 G1
    QuickTime
    RandMap
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    SkinsHP1
    Soft Data Fax Modem with SmartCP
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sonic_PrimoSDK
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Unload
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Wireless Home Network Setup

    ==== Event Viewer Messages From Past Week ========

    5/31/2010 8:22:34 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A57C0480. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    5/28/2010 10:45:56 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    5/28/2010 10:45:56 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    5/27/2010 12:10:16 PM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 0014A57C0480 has been denied by the DHCP server 128.111.1.13 (The DHCP Server sent a DHCPNACK message).
    5/26/2010 7:00:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0014A57C0480 has been denied by the DHCP server 128.111.1.13 (The DHCP Server sent a DHCPNACK message).
    5/25/2010 9:45:23 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

    ==== End Of File ===========================

    Edited by kpasawuey, 01 June 2010 - 06:53 PM.


    #5 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:46 PM

    Posted 01 June 2010 - 11:55 PM

    Hi,

    Were you able to run GMER?

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #6 kpasawuey

    kpasawuey
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:08:46 AM

    Posted 02 June 2010 - 02:35 AM

    Yes here is the log.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-01 16:47:44
    Windows 5.1.2600 Service Pack 3
    Running: 07nk9547.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\afdyipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT spuo.sys ZwCreateKey [0xF72940E0]
    SSDT spuo.sys ZwEnumerateKey [0xF72ACDA4]
    SSDT spuo.sys ZwEnumerateValueKey [0xF72AD132]
    SSDT spuo.sys ZwOpenKey [0xF72940C0]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF68CC670]
    SSDT spuo.sys ZwQueryKey [0xF72AD20A]
    SSDT spuo.sys ZwQueryValueKey [0xF72AD08A]
    SSDT spuo.sys ZwSetValueKey [0xF72AD29C]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF68CC720]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF68CC7C0]
    SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF68CC860]

    INT 0x62 ? 8A5AABF8
    INT 0x73 ? 8A37DBF8
    INT 0x73 ? 8A37DBF8
    INT 0x73 ? 8A37DBF8
    INT 0x73 ? 8A37DBF8
    INT 0x82 ? 8A5AABF8

    Code 804886E1 IoReportHalResourceUsage

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spuo.sys The system cannot find the file specified. !
    .rsrc C:\WINDOWS\system32\DRIVERS\wmiacpi.sys entry point in ".rsrc" section [0xF7968C94]
    .text USBPORT.SYS!DllUnload F6C918AC 5 Bytes JMP 8A37D1D8
    .text adcveopl.SYS F6912386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text adcveopl.SYS F69123AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text adcveopl.SYS F69123C4 3 Bytes [00, 80, 02]
    .text adcveopl.SYS F69123C9 1 Byte [30]
    .text adcveopl.SYS F69123C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
    .text C:\WINDOWS\Explorer.EXE[352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A8000A
    .text C:\WINDOWS\Explorer.EXE[352] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
    .text C:\WINDOWS\System32\svchost.exe[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006C000A
    .text C:\WINDOWS\System32\svchost.exe[1624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006D000A
    .text C:\WINDOWS\System32\svchost.exe[1624] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006B000C
    .text C:\WINDOWS\System32\svchost.exe[1624] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01C1000A
    .text C:\WINDOWS\System32\svchost.exe[1624] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00C4000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FC000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2888] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FA000C

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spuo.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spuo.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spuo.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spuo.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spuo.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72A4B90] spuo.sys
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!KfRaiseIrql] 00001CB1
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!KfLowerIrql] 0E798366
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
    IAT \SystemRoot\System32\Drivers\adcveopl.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A5A91F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

    Device \Driver\usbohci \Device\USBPDO-0 8A3501F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6171F8
    Device \Driver\dmio \Device\DmControl\DmConfig 8A6171F8
    Device \Driver\dmio \Device\DmControl\DmPnP 8A6171F8
    Device \Driver\dmio \Device\DmControl\DmInfo 8A6171F8
    Device \Driver\usbohci \Device\USBPDO-1 8A3501F8
    Device \Driver\usbehci \Device\USBPDO-2 8A373348

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\PCI_PNP5566 \Device\00000049 spuo.sys
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5AB1F8
    Device \Driver\Cdrom \Device\CdRom0 8A44B500
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5AB1F8
    Device \Driver\Cdrom \Device\CdRom1 8A44B500
    Device \Driver\atapi \Device\Ide\IdePort0 [F71E8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F71E8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F71E8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5AB1F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3A1500
    Device \Driver\NetBT \Device\NetbiosSmb 8A3A1500
    Device \Driver\sptd \Device\2473631816 spuo.sys

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbohci \Device\USBFDO-0 8A3501F8
    Device \Driver\usbohci \Device\USBFDO-1 8A3501F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2E2500
    Device \Driver\usbehci \Device\USBFDO-2 8A373348
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2E2500
    Device \Driver\Ftdisk \Device\FtControl 8A5AB1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{F7B9E0B3-C021-41C2-9F4E-6FB835B54177} 8A3A1500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{0AFDB26D-C636-4EE9-A060-53E68391E487} 8A3A1500
    Device \Driver\adcveopl \Device\Scsi\adcveopl1Port2Path0Target0Lun0 8A386500
    Device \Driver\adcveopl \Device\Scsi\adcveopl1 8A386500
    Device \FileSystem\Cdfs \Cdfs 8A36C500
    Device -> \Driver\atapi \Device\Harddisk0\DR0 8A3B2D01

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x91 0x7C 0xF5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB6 0xC0 0x97 0x07 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x36 0xB8 0xED 0x15 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x91 0x7C 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB6 0xC0 0x97 0x07 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x36 0xB8 0xED 0x15 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x91 0x7C 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB6 0xC0 0x97 0x07 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x36 0xB8 0xED 0x15 ...

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\DRIVERS\wmiacpi.sys suspicious modification
    File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----


    #7 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:46 PM

    Posted 02 June 2010 - 05:09 AM

    Hi,

    uTorrent

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers.
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #8 kpasawuey

    kpasawuey
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:08:46 AM

    Posted 02 June 2010 - 11:38 PM

    DDS log

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 21:35:44.18 on Wed 06/02/2010
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1303 [GMT -7:00]

    AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\osujsn6i.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\osujsn6i.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-5 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-5 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-5 216200]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-5 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-5 242896]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-5 308064]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-5-31 2331544]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-5 30104]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2010-5-5 231424]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-5 369920]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-5 30104]
    S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-5 5888008]
    S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-5 122376]
    S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-5 30216]
    S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-5 26120]

    =============== Created Last 30 ================

    2010-06-03 04:22:41 0 d-sha-r- C:\cmdcons
    2010-06-03 04:20:34 98816 ----a-w- c:\windows\sed.exe
    2010-06-03 04:20:34 77312 ----a-w- c:\windows\MBR.exe
    2010-06-03 04:20:34 256512 ----a-w- c:\windows\PEV.exe
    2010-06-03 04:20:34 161792 ----a-w- c:\windows\SWREG.exe
    2010-06-02 18:43:34 20 ----a-w- c:\documents and settings\administrator\defogger_reenable
    2010-05-30 18:32:22 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb0026718432bc.mof
    2010-05-30 07:13:27 0 d-----w- c:\program files\HJK
    2010-05-27 20:45:56 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-05-27 20:45:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-05-27 20:45:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-27 02:08:02 0 d-----w- C:\$AVG
    2010-05-10 06:16:52 0 d-----w- c:\program files\jZip
    2010-05-09 22:24:57 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
    2010-05-08 04:25:59 0 d-----w- c:\windows\system32\LogFiles
    2010-05-08 04:00:46 0 d-----w- c:\docume~1\admini~1\applic~1\AVG9
    2010-05-08 00:11:28 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
    2010-05-07 03:44:00 0 d-----w- c:\windows\All Users
    2010-05-07 03:12:48 3023 ----a-w- c:\windows\system32\spupdsvc.inf
    2010-05-07 02:56:32 0 d-----w- c:\windows\system32\scripting
    2010-05-07 02:56:29 0 d-----w- c:\windows\l2schemas
    2010-05-07 02:56:00 0 d-----w- c:\windows\system32\en
    2010-05-07 02:55:59 0 d-----w- c:\windows\system32\bits
    2010-05-07 02:19:21 0 d-----w- c:\windows\network diagnostic
    2010-05-06 07:37:10 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2010-05-06 07:37:10 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-05-06 07:37:10 133616 ------w- c:\windows\system32\pxafs.dll
    2010-05-06 07:36:27 0 d-----w- c:\program files\common files\DivX Shared
    2010-05-06 07:33:34 0 d-----w- c:\program files\DivX
    2010-05-06 07:32:50 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-05-06 07:01:52 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
    2010-05-06 07:01:51 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
    2010-05-06 07:01:48 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
    2010-05-06 07:01:47 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
    2010-05-06 07:01:46 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
    2010-05-06 07:01:45 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
    2010-05-06 07:01:10 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
    2010-05-06 07:01:09 95424 ------w- c:\windows\system32\drivers\slnthal.sys
    2010-05-06 07:01:08 404990 ------w- c:\windows\system32\drivers\slntamr.sys
    2010-05-06 07:01:08 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
    2010-05-06 07:00:59 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
    2010-05-06 07:00:55 13776 ------w- c:\windows\system32\drivers\recagent.sys
    2010-05-06 07:00:40 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
    2010-05-06 07:00:38 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
    2010-05-06 07:00:26 67866 ------w- c:\windows\system32\drivers\netwlan5.img
    2010-05-06 07:00:22 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
    2010-05-06 07:00:21 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2010-05-06 07:00:21 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
    2010-05-06 06:59:12 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
    2010-05-06 06:59:11 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
    2010-05-06 06:59:11 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
    2010-05-06 06:58:20 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
    2010-05-06 06:08:31 0 d-----w- c:\program files\MSXML 4.0
    2010-05-06 05:56:30 0 d-----w- c:\windows\ServicePackFiles
    2010-05-06 04:38:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-05-06 04:38:27 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-05-06 04:37:55 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-05-06 04:37:34 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-05-06 04:37:33 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-05-06 04:36:46 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-05-06 04:35:46 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-05-06 04:34:01 0 d-----w- c:\windows\system32\KARLA
    2010-05-06 04:32:07 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-05-06 04:32:05 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-05-06 04:28:04 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-05-06 04:26:23 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-05-06 04:26:02 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-05-06 04:24:08 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-05-06 04:19:41 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-05-06 04:07:06 0 d-----w- c:\windows\system32\PreInstall
    2010-05-06 04:01:46 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-05-06 04:01:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-05-06 04:01:02 0 d-----w- c:\windows\system32\drivers\Avg
    2010-05-06 04:00:58 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2010-05-06 03:59:13 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-05-06 03:59:13 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-05-06 03:59:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-05-06 03:59:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-05-06 03:58:39 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-05-06 03:58:39 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-05-06 03:56:49 0 d-----w- c:\program files\AVG
    2010-05-06 03:56:16 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-05-06 03:43:34 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2010-05-06 03:39:21 0 d-----w- c:\windows\SHELLNEW
    2010-05-06 03:31:05 0 d-----w- c:\program files\DAEMON Tools Toolbar
    2010-05-06 03:30:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-05-06 03:30:41 0 d-----w- c:\program files\DAEMON Tools Lite
    2010-05-06 03:30:35 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
    2010-05-06 03:30:31 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
    2010-05-06 03:29:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-05-06 03:29:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-05-06 03:29:17 0 d-----w- c:\program files\iPod
    2010-05-06 03:29:13 0 d-----w- c:\program files\iTunes
    2010-05-06 03:29:13 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-05-06 03:27:39 0 d-----w- c:\program files\Bonjour
    2010-05-06 03:18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-05-06 03:18:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-06 03:15:54 0 d-----w- c:\windows\system32\appmgmt
    2010-05-06 03:01:22 0 d--h--w- c:\windows\$hf_mig$
    2010-05-06 03:00:33 47104 ----a-w- c:\windows\system32\WACntlPnl.cpl
    2010-05-06 02:57:00 0 d-----w- c:\program files\common files\TiVo Shared
    2010-05-06 02:56:10 0 d-----w- c:\program files\common files\SureThing Shared
    2010-05-06 02:55:30 0 d-----w- c:\program files\Sonic
    2010-05-06 02:54:27 0 d-----w- c:\program files\Quicken
    2010-05-06 02:54:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
    2010-05-06 02:54:20 0 d-----w- c:\program files\Quickensetup
    2010-05-06 02:51:04 0 d-----w- c:\program files\muvee Technologies
    2010-05-06 02:51:03 0 d-----w- c:\program files\common files\muvee Technologies
    2010-05-06 02:39:04 0 d-----w- c:\program files\common files\Sonic Shared
    2010-05-06 02:38:22 0 d-----w- c:\program files\common files\HP
    2010-05-06 02:37:50 0 d-----w- c:\program files\HP
    2010-05-06 02:33:36 0 d-----w- c:\program files\WildTangent
    2010-05-06 02:29:11 0 d-----w- c:\program files\HPQ
    2010-05-06 02:28:14 0 d-----w- c:\program files\music_now
    2010-05-06 02:27:32 0 d-----w- c:\program files\Broadcom
    2010-05-06 02:25:49 0 d-----w- c:\program files\ATI Technologies
    2010-05-06 02:25:06 0 d-----w- c:\program files\Synaptics
    2010-05-06 02:21:29 0 d-----w- c:\program files\CONEXANT
    2010-05-06 02:20:52 0 d-----w- c:\program files\AMD
    2010-05-06 02:01:40 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-05-06 02:01:19 0 d--h--w- c:\program files\WindowsUpdate
    2010-05-06 02:00:12 0 d-----w- c:\program files\common files\MSSoap
    2010-05-06 01:58:37 0 d-----w- c:\program files\Online Services
    2010-05-06 01:58:31 0 d-----w- c:\program files\Messenger
    2010-05-06 01:58:26 0 d-----w- c:\program files\MSN Gaming Zone
    2010-05-06 01:57:33 0 d-----w- c:\program files\Windows NT
    2010-05-05 18:52:05 0 d-----w- c:\program files\common files\ODBC
    2010-05-05 18:52:01 0 d-----w- c:\program files\common files\SpeechEngines
    2010-05-05 18:49:18 0 d-----r- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2010-05-06 02:40:53 87275 ----a-w- c:\windows\hpqins69.dat
    2010-05-06 02:33:00 1575 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv5000 (ET800UA#ABA)_YN_0Pavi_QCND61513RG_EU_46_I30AE_SHP_V49.38_BF.33_T060224_WXP2_L409_M1919_J160_7AMD_8Turion 64 Technology ML-34_91.79_#100505_N10EC8139_(ET800UA#ABA)_XMOBILE_CN10.MRK
    2010-05-06 01:59:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
    2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll

    ============= FINISH: 21:35:51.73 ===============

    Combofix log

    ComboFix 10-06-02.02 - Administrator 06/02/2010 21:26:22.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1425 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\system32\drivers\wmiacpi.sys was found and disinfected
    Restored copy from - Kitty had a snack tongue.gif
    .
    ((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
    .

    2010-06-01 09:21 . 2010-06-01 09:21 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-05-31 18:04 . 2010-05-31 18:04 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
    2010-05-31 18:04 . 2010-05-31 18:04 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-05-30 07:13 . 2010-05-30 07:13 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-05-30 07:13 . 2010-05-30 07:13 -------- d-----w- c:\program files\HJK
    2010-05-27 20:45 . 2010-05-27 20:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-05-27 20:45 . 2010-05-27 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-27 20:45 . 2010-05-30 07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-27 02:08 . 2010-05-27 02:08 -------- d-----w- C:\$AVG
    2010-05-23 23:51 . 2010-05-23 23:51 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d10429a-n\decora-sse.dll
    2010-05-23 23:51 . 2010-05-23 23:51 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d10429a-n\decora-d3d.dll
    2010-05-23 23:51 . 2010-05-23 23:51 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d682758-n\msvcp71.dll
    2010-05-23 23:51 . 2010-05-23 23:51 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d682758-n\jmc.dll
    2010-05-23 23:51 . 2010-05-23 23:51 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d682758-n\msvcr71.dll
    2010-05-18 02:51 . 2010-05-18 02:51 666112 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll
    2010-05-18 02:50 . 2010-05-18 02:50 319488 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    2010-05-12 05:17 . 2010-05-12 05:17 -------- d-----w- c:\windows\Sun
    2010-05-12 03:09 . 2010-05-12 03:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
    2010-05-12 03:09 . 2010-05-12 03:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2010-05-12 03:08 . 2010-05-12 03:08 -------- d-----w- c:\program files\Common Files\Adobe
    2010-05-10 06:17 . 2010-05-10 06:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\jZip
    2010-05-10 06:16 . 2010-05-10 06:17 -------- d-----w- c:\program files\jZip
    2010-05-09 22:24 . 2010-06-02 18:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
    2010-05-09 04:33 . 2010-02-23 21:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2010-05-08 18:55 . 2010-06-03 03:13 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
    2010-05-08 04:25 . 2010-05-08 04:25 -------- d-----w- c:\windows\system32\LogFiles
    2010-05-08 04:00 . 2010-05-08 04:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG9
    2010-05-08 00:11 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
    2010-05-07 03:44 . 2010-05-07 03:44 -------- d-----w- c:\windows\All Users
    2010-05-07 02:56 . 2010-05-07 03:09 -------- d-----w- c:\windows\system32\scripting
    2010-05-07 02:56 . 2010-05-07 02:56 -------- d-----w- c:\windows\l2schemas
    2010-05-07 02:56 . 2010-05-07 02:56 -------- d-----w- c:\windows\system32\en
    2010-05-07 02:55 . 2010-05-07 03:08 -------- d-----w- c:\windows\system32\bits
    2010-05-06 07:38 . 2010-05-06 07:38 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-05-06 07:38 . 2010-05-06 07:38 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-05-06 07:38 . 2010-05-06 07:33 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-05-06 07:38 . 2010-05-06 07:28 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-05-06 07:38 . 2010-05-06 07:38 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-05-06 07:38 . 2010-05-06 07:38 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
    2010-05-06 07:38 . 2010-05-06 07:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-05-06 07:37 . 2010-05-06 07:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
    2010-05-06 07:37 . 2010-05-06 07:37 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
    2010-05-06 07:37 . 2010-03-31 01:58 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2010-05-06 07:37 . 2010-03-31 01:58 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-05-06 07:37 . 2010-03-31 01:58 133616 ------w- c:\windows\system32\pxafs.dll
    2010-05-06 07:37 . 2010-05-06 07:37 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-05-06 07:37 . 2010-05-06 07:37 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-05-06 07:37 . 2010-05-06 07:37 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-05-06 07:37 . 2010-05-06 07:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-05-06 07:36 . 2010-05-06 07:36 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-05-06 07:36 . 2010-05-06 07:36 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-05-06 07:33 . 2010-05-06 07:38 -------- d-----w- c:\program files\DivX
    2010-05-06 07:33 . 2010-05-06 07:33 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-05-06 07:32 . 2010-05-06 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-05-06 07:01 . 2004-08-04 05:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
    2010-05-06 07:01 . 2004-08-04 05:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
    2010-05-06 07:01 . 2004-08-04 05:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
    2010-05-06 07:01 . 2004-08-04 05:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
    2010-05-06 07:01 . 2004-08-04 05:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
    2010-05-06 07:01 . 2004-08-04 05:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
    2010-05-06 07:01 . 2004-08-04 05:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
    2010-05-06 07:01 . 2004-08-04 05:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
    2010-05-06 07:01 . 2004-08-04 05:41 404990 ------w- c:\windows\system32\drivers\slntamr.sys
    2010-05-06 07:01 . 2004-08-04 05:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
    2010-05-06 07:00 . 2004-08-04 05:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
    2010-05-06 07:00 . 2004-08-04 05:41 13776 ------w- c:\windows\system32\drivers\recagent.sys
    2010-05-06 07:00 . 2004-08-04 05:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
    2010-05-06 07:00 . 2004-08-04 05:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
    2010-05-06 07:00 . 2004-08-04 05:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
    2010-05-06 07:00 . 2004-08-04 05:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
    2010-05-06 07:00 . 2004-08-04 05:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2010-05-06 06:59 . 2004-08-04 05:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
    2010-05-06 06:59 . 2004-08-04 05:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
    2010-05-06 06:59 . 2004-08-04 05:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
    2010-05-06 06:08 . 2010-05-06 06:08 -------- d-----w- c:\program files\MSXML 4.0
    2010-05-06 05:56 . 2010-05-07 02:29 -------- d-----w- c:\windows\ServicePackFiles
    2010-05-06 04:38 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-05-06 04:38 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-05-06 04:37 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-05-06 04:37 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-05-06 04:37 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-05-06 04:36 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-05-06 04:35 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-05-06 04:34 . 2010-06-02 19:19 -------- d-----w- c:\windows\system32\KARLA
    2010-05-06 04:32 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-05-06 04:32 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-05-06 04:30 . 2010-05-06 04:30 -------- d-s---w- c:\documents and settings\Karla\UserData
    2010-05-06 04:29 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2010-05-06 04:29 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2010-05-06 04:29 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2010-05-06 04:29 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2010-05-06 04:29 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-05-06 04:29 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2010-05-06 04:29 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2010-05-06 04:29 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2010-05-06 04:29 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2010-05-06 04:29 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-05-06 04:29 . 2010-02-17 16:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-05-06 04:29 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-05-06 04:28 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-05-06 04:26 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-05-06 04:26 . 2010-01-29 15:01 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-05-06 04:24 . 2010-05-06 04:24 -------- d-----w- c:\documents and settings\Karla\Local Settings\Application Data\AVG Security Toolbar
    2010-05-06 04:24 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-05-06 04:23 . 2010-05-06 04:23 -------- d-----w- c:\documents and settings\Karla\Local Settings\Application Data\Mozilla
    2010-05-06 04:21 . 2010-05-06 04:21 -------- d-----w- c:\documents and settings\Karla\Local Settings\Application Data\IsolatedStorage
    2010-05-06 04:20 . 2010-05-06 04:20 -------- d-----w- c:\documents and settings\Karla\Local Settings\Application Data\HP
    2010-05-06 04:20 . 2010-05-06 04:22 -------- d-----w- c:\documents and settings\Karla\Application Data\Apple Computer
    2010-05-06 04:20 . 2010-05-06 04:20 128 ----a-w- c:\documents and settings\Karla\Local Settings\Application Data\fusioncache.dat
    2010-05-06 04:20 . 2010-05-06 04:20 107256 ----a-w- c:\documents and settings\Karla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-06 04:20 . 2010-05-06 04:22 -------- d-----w- c:\documents and settings\Karla\Local Settings\Application Data\Apple Computer
    2010-05-06 04:20 . 2010-05-06 04:22 -------- d-----w- c:\documents and settings\Karla\Local Settings\Application Data\ApplicationHistory
    2010-05-06 04:19 . 2004-08-04 20:00 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-05-06 04:07 . 2010-05-06 04:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
    2010-05-06 04:01 . 2010-05-06 04:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-05-06 04:01 . 2010-05-31 18:04 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-05-06 04:01 . 2010-06-03 03:32 -------- d-----w- c:\windows\system32\drivers\Avg

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-07 17:35 . 2010-05-06 02:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-07 03:11 . 2010-05-06 02:01 96675 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-05-06 03:31 . 2010-05-06 03:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
    2010-05-06 03:29 . 2010-05-06 03:29 -------- d-----w- c:\program files\iTunes
    2010-05-06 03:29 . 2010-05-06 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-05-06 03:29 . 2010-05-06 03:29 -------- d-----w- c:\program files\iPod
    2010-05-06 03:29 . 2010-05-06 03:27 -------- d-----w- c:\program files\Common Files\Apple
    2010-05-06 03:28 . 2010-05-06 03:28 -------- d-----w- c:\program files\QuickTime
    2010-05-06 03:28 . 2010-05-06 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-05-06 03:28 . 2010-05-06 03:28 -------- d-----w- c:\program files\Apple Software Update
    2010-05-06 03:27 . 2010-05-06 03:27 -------- d-----w- c:\program files\Bonjour
    2010-05-06 03:19 . 2010-05-06 02:58 -------- d-----w- c:\program files\Common Files\Java
    2010-05-06 03:18 . 2010-05-06 02:58 -------- d-----w- c:\program files\Java
    2010-05-06 03:15 . 2010-05-06 02:54 -------- d-----w- c:\program files\Quicken
    2010-05-06 03:01 . 2010-05-06 02:29 -------- d-----w- c:\program files\HPQ
    2010-05-06 03:00 . 2010-05-06 02:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-05-06 02:57 . 2010-05-06 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2010-05-06 02:57 . 2010-05-06 02:20 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-05-06 02:57 . 2010-05-06 02:57 -------- d-----w- c:\program files\Common Files\TiVo Shared
    2010-05-06 02:56 . 2010-05-06 02:56 -------- d-----w- c:\program files\Common Files\SureThing Shared
    2010-05-06 02:56 . 2010-05-06 02:55 -------- d-----w- c:\program files\Sonic
    2010-05-06 02:56 . 2010-05-06 02:39 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-05-06 02:54 . 2010-05-06 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
    2010-05-06 02:54 . 2010-05-06 02:54 -------- d-----w- c:\program files\Quickensetup
    2010-05-06 02:53 . 2010-05-06 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2010-05-06 02:53 . 2010-05-06 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
    2010-05-06 02:53 . 2010-05-06 02:37 -------- d-----w- c:\program files\HP
    2010-05-06 02:52 . 2010-05-06 02:28 -------- d-----w- c:\program files\Hewlett-Packard
    2010-05-06 02:51 . 2010-05-06 02:51 -------- d-----w- c:\program files\muvee Technologies
    2010-05-06 02:51 . 2010-05-06 02:51 -------- d-----w- c:\program files\Common Files\muvee Technologies
    2010-05-06 02:50 . 2010-05-06 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
    2010-05-06 02:48 . 2010-05-06 02:48 -------- d-----w- c:\program files\Common Files\LightScribe
    2010-05-06 02:40 . 2010-05-06 02:37 87275 ----a-w- c:\windows\hpqins69.dat
    2010-05-06 02:39 . 2010-05-06 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
    2010-05-06 02:38 . 2010-05-06 02:38 -------- d-----w- c:\program files\Common Files\HP
    2010-05-06 02:37 . 2010-05-06 02:33 -------- d-----w- c:\program files\WildTangent
    2010-05-06 02:33 . 2010-05-06 02:32 1575 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv5000 (ET800UA#ABA)_YN_0Pavi_QCND61513RG_EU_46_I30AE_SHP_V49.38_BF.33_T060224_WXP2_L409_M1919_J160_7AMD_8Turion 64 Technology ML-34_91.79_#100505_N10EC8139_(ET800UA#ABA)_XMOBILE_CN10.MRK
    2010-05-06 02:28 . 2010-05-06 02:28 -------- d-----w- c:\program files\music_now
    2010-05-06 02:27 . 2010-05-06 02:27 -------- d-----w- c:\program files\Broadcom
    2010-05-06 02:26 . 2010-05-06 02:25 -------- d-----w- c:\program files\ATI Technologies
    2010-05-06 02:25 . 2010-05-06 02:25 -------- d-----w- c:\program files\Synaptics
    2010-05-06 02:24 . 2010-05-06 02:21 -------- d-----w- c:\program files\CONEXANT
    2010-05-06 02:20 . 2010-05-06 02:20 -------- d-----w- c:\program files\AMD
    2010-05-06 02:02 . 2010-05-06 02:02 -------- d-----w- c:\program files\microsoft frontpage
    2010-05-06 01:59 . 2010-05-06 01:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-04-28 22:45 . 2010-04-28 22:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
    2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-03-31 01:58 . 2010-05-06 02:51 125424 ------w- c:\windows\system32\pxinsi64.exe
    2010-03-31 01:58 . 2010-05-06 02:51 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2010-03-31 01:58 . 2005-04-25 09:03 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
    2010-03-25 09:27 . 2010-03-25 09:27 1107264 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\osujsn6i.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
    2010-03-09 11:09 . 2004-08-04 20:00 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-02-23 21:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-05-06 04:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/5/2010 8:59 PM 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/5/2010 8:59 PM 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/5/2010 8:59 PM 216200]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/5/2010 8:59 PM 242896]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/5/2010 8:59 PM 308064]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [5/31/2010 11:03 AM 2331544]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/5/2010 8:58 PM 30104]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/5/2010 7:24 PM 231424]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [5/5/2010 9:00 PM 369920]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/5/2010 8:58 PM 30104]
    S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5/5/2010 8:58 PM 5888008]
    S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/5/2010 8:58 PM 122376]
    S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/5/2010 8:58 PM 30216]
    S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/5/2010 8:58 PM 26120]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/5/2010 8:30 PM 691696]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\osujsn6i.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\osujsn6i.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-02 21:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?7?3?2??`???? ???B?????????????hLC? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1228)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-06-02 21:32:53
    ComboFix-quarantined-files.txt 2010-06-03 04:32

    Pre-Run: 129,619,484,672 bytes free
    Post-Run: 129,849,901,056 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - C9ACC5B6734FBBD52054F6A3ADCFF16B


    #9 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:46 PM

    Posted 03 June 2010 - 12:07 AM

    Hi again,


    Uninstall old Adobe Reader versions and get the latest one (both 9.3 and update 9.3.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Uninstall this old Java:
    J2SE Runtime Environment 5.0 Update 6



    Download ATF (Atribune Temp File) Cleanerİ by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report & a fresh dds.txt log.


    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #10 kpasawuey

    kpasawuey
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:08:46 AM

    Posted 03 June 2010 - 06:11 PM

    KAS Report

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Thursday, June 3, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Thursday, June 03, 2010 20:07:03
    Records in database: 4197620
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\

    Scan statistics:
    Objects scanned: 45090
    Threats found: 1
    Infected objects found: 1
    Suspicious objects found: 0
    Scan duration: 01:21:43


    File name / Threat / Threats count
    C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\wmiacpi.sys.vir Infected: Rootkit.Win32.TDSS.ap 1

    Selected area has been scanned.


    DDS log


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 16:07:24.15 on Thu 06/03/2010
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1080 [GMT -7:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Documents and Settings\Administrator\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
    mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\osujsn6i.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\osujsn6i.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\osujsn6i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-5 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-5 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-5 216200]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-5 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-5 242896]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-5 308064]
    R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-5-31 2331544]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-5 5888008]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-5 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-5 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-5 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-5 26120]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2010-5-5 231424]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-5 430152]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-5 30104]

    =============== Created Last 30 ================

    2010-06-03 04:22:41 0 d-sha-r- C:\cmdcons
    2010-06-03 04:20:34 98816 ----a-w- c:\windows\sed.exe
    2010-06-03 04:20:34 77312 ----a-w- c:\windows\MBR.exe
    2010-06-03 04:20:34 256512 ----a-w- c:\windows\PEV.exe
    2010-06-03 04:20:34 161792 ----a-w- c:\windows\SWREG.exe
    2010-06-02 18:43:34 20 ----a-w- c:\documents and settings\administrator\defogger_reenable
    2010-05-30 18:32:22 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cb0026718432bc.mof
    2010-05-30 07:13:27 0 d-----w- c:\program files\HJK
    2010-05-27 20:45:56 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-05-27 20:45:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-05-27 20:45:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-27 02:08:02 0 d-----w- C:\$AVG
    2010-05-10 06:16:52 0 d-----w- c:\program files\jZip
    2010-05-09 22:24:57 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
    2010-05-08 04:25:59 0 d-----w- c:\windows\system32\LogFiles
    2010-05-08 04:00:46 0 d-----w- c:\docume~1\admini~1\applic~1\AVG9
    2010-05-08 00:11:28 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
    2010-05-07 03:44:00 0 d-----w- c:\windows\All Users
    2010-05-07 03:12:48 3023 ----a-w- c:\windows\system32\spupdsvc.inf
    2010-05-07 02:56:32 0 d-----w- c:\windows\system32\scripting
    2010-05-07 02:56:29 0 d-----w- c:\windows\l2schemas
    2010-05-07 02:56:00 0 d-----w- c:\windows\system32\en
    2010-05-07 02:55:59 0 d-----w- c:\windows\system32\bits
    2010-05-07 02:19:21 0 d-----w- c:\windows\network diagnostic
    2010-05-06 07:37:10 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2010-05-06 07:37:10 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-05-06 07:37:10 133616 ------w- c:\windows\system32\pxafs.dll
    2010-05-06 07:36:27 0 d-----w- c:\program files\common files\DivX Shared
    2010-05-06 07:33:34 0 d-----w- c:\program files\DivX
    2010-05-06 07:32:50 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-05-06 07:01:52 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
    2010-05-06 07:01:51 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
    2010-05-06 07:01:48 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
    2010-05-06 07:01:47 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
    2010-05-06 07:01:46 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
    2010-05-06 07:01:45 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
    2010-05-06 07:01:10 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
    2010-05-06 07:01:09 95424 ------w- c:\windows\system32\drivers\slnthal.sys
    2010-05-06 07:01:08 404990 ------w- c:\windows\system32\drivers\slntamr.sys
    2010-05-06 07:01:08 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
    2010-05-06 07:00:59 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
    2010-05-06 07:00:55 13776 ------w- c:\windows\system32\drivers\recagent.sys
    2010-05-06 07:00:40 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
    2010-05-06 07:00:38 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
    2010-05-06 07:00:26 67866 ------w- c:\windows\system32\drivers\netwlan5.img
    2010-05-06 07:00:22 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
    2010-05-06 07:00:21 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
    2010-05-06 07:00:21 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
    2010-05-06 06:59:12 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
    2010-05-06 06:59:11 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
    2010-05-06 06:59:11 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
    2010-05-06 06:58:20 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
    2010-05-06 06:08:31 0 d-----w- c:\program files\MSXML 4.0
    2010-05-06 05:56:30 0 d-----w- c:\windows\ServicePackFiles
    2010-05-06 04:38:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-05-06 04:38:27 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-05-06 04:37:55 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-05-06 04:37:34 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-05-06 04:37:33 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-05-06 04:36:46 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-05-06 04:35:46 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-05-06 04:34:01 0 d-----w- c:\windows\system32\KARLA
    2010-05-06 04:32:07 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-05-06 04:32:05 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-05-06 04:28:04 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-05-06 04:26:23 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-05-06 04:26:02 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-05-06 04:24:08 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-05-06 04:19:41 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-05-06 04:07:06 0 d-----w- c:\windows\system32\PreInstall
    2010-05-06 04:01:46 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-05-06 04:01:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-05-06 04:01:02 0 d-----w- c:\windows\system32\drivers\Avg
    2010-05-06 04:00:58 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2010-05-06 03:59:13 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-05-06 03:59:13 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-05-06 03:59:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-05-06 03:59:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-05-06 03:58:39 50968 ----a-w- c:\windows\system32\avgfwdx.dll
    2010-05-06 03:58:39 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
    2010-05-06 03:56:49 0 d-----w- c:\program files\AVG
    2010-05-06 03:56:16 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-05-06 03:43:34 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2010-05-06 03:39:21 0 d-----w- c:\windows\SHELLNEW
    2010-05-06 03:31:05 0 d-----w- c:\program files\DAEMON Tools Toolbar
    2010-05-06 03:30:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-05-06 03:30:41 0 d-----w- c:\program files\DAEMON Tools Lite
    2010-05-06 03:30:35 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
    2010-05-06 03:30:31 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
    2010-05-06 03:29:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-05-06 03:29:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-05-06 03:29:17 0 d-----w- c:\program files\iPod
    2010-05-06 03:29:13 0 d-----w- c:\program files\iTunes
    2010-05-06 03:29:13 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-05-06 03:27:39 0 d-----w- c:\program files\Bonjour
    2010-05-06 03:18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-05-06 03:18:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-06 03:15:54 0 d-----w- c:\windows\system32\appmgmt
    2010-05-06 03:01:22 0 d--h--w- c:\windows\$hf_mig$
    2010-05-06 03:00:33 47104 ----a-w- c:\windows\system32\WACntlPnl.cpl
    2010-05-06 02:57:00 0 d-----w- c:\program files\common files\TiVo Shared
    2010-05-06 02:56:10 0 d-----w- c:\program files\common files\SureThing Shared
    2010-05-06 02:55:30 0 d-----w- c:\program files\Sonic
    2010-05-06 02:54:27 0 d-----w- c:\program files\Quicken
    2010-05-06 02:54:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
    2010-05-06 02:54:20 0 d-----w- c:\program files\Quickensetup
    2010-05-06 02:51:04 0 d-----w- c:\program files\muvee Technologies
    2010-05-06 02:51:03 0 d-----w- c:\program files\common files\muvee Technologies
    2010-05-06 02:39:04 0 d-----w- c:\program files\common files\Sonic Shared
    2010-05-06 02:38:22 0 d-----w- c:\program files\common files\HP
    2010-05-06 02:37:50 0 d-----w- c:\program files\HP
    2010-05-06 02:33:36 0 d-----w- c:\program files\WildTangent
    2010-05-06 02:29:11 0 d-----w- c:\program files\HPQ
    2010-05-06 02:28:14 0 d-----w- c:\program files\music_now
    2010-05-06 02:27:32 0 d-----w- c:\program files\Broadcom
    2010-05-06 02:25:49 0 d-----w- c:\program files\ATI Technologies
    2010-05-06 02:25:06 0 d-----w- c:\program files\Synaptics
    2010-05-06 02:21:29 0 d-----w- c:\program files\CONEXANT
    2010-05-06 02:20:52 0 d-----w- c:\program files\AMD
    2010-05-06 02:01:40 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-05-06 02:01:19 0 d--h--w- c:\program files\WindowsUpdate
    2010-05-06 02:00:12 0 d-----w- c:\program files\common files\MSSoap
    2010-05-06 01:58:37 0 d-----w- c:\program files\Online Services
    2010-05-06 01:58:31 0 d-----w- c:\program files\Messenger
    2010-05-06 01:58:26 0 d-----w- c:\program files\MSN Gaming Zone
    2010-05-06 01:57:33 0 d-----w- c:\program files\Windows NT
    2010-05-05 18:52:05 0 d-----w- c:\program files\common files\ODBC
    2010-05-05 18:52:01 0 d-----w- c:\program files\common files\SpeechEngines
    2010-05-05 18:49:18 0 d-----r- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2010-05-06 02:40:53 87275 ----a-w- c:\windows\hpqins69.dat
    2010-05-06 02:33:00 1575 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv5000 (ET800UA#ABA)_YN_0Pavi_QCND61513RG_EU_46_I30AE_SHP_V49.38_BF.33_T060224_WXP2_L409_M1919_J160_7AMD_8Turion 64 Technology ML-34_91.79_#100505_N10EC8139_(ET800UA#ABA)_XMOBILE_CN10.MRK
    2010-05-06 01:59:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
    2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll

    ============= FINISH: 16:08:22.12 ===============

    Edited by kpasawuey, 03 June 2010 - 06:16 PM.


    #11 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:46 PM

    Posted 04 June 2010 - 12:27 AM

    Hi,

    How's the system running now?

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #12 kpasawuey

    kpasawuey
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:08:46 AM

    Posted 04 June 2010 - 10:30 PM

    Hi,
    My system is running great. The virus is gone. Thanks!

    #13 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:46 PM

    Posted 05 June 2010 - 05:40 AM

    You're welcome smile.gif


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis



    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK


    Please download OTC and save it to desktop.
    • Double-click OTC.exe.
    • Click the CleanUp! button.
    • Select Yes when the
      Begin cleanup Process?
      prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


    Make your Internet Explorer more secure

    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.



    The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
    • hosts file:
      • Every version of windows has a hosts file as part of them.
      • In a very basic sense, they are used to locate webpages.
      • We can customize a hosts file so that it blocks certain webpages.
      • However, it can slow down certain computers.
      • This is why using a hosts file is optional!!
      Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
      If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
      1. Click the start button (at the lower left hand corner of your screen)
      2. Click run
      3. In the dialog box, type services.msc
      4. hit enter, then locate dns client
      5. Highlight it, then double-click it.
      6. On the dropdown box, change the setting from automatic to manual.
      7. Click ok
  • Run Secunia vulnerability check here and fix its findings.


  • Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade cool.gif

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #14 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:46 PM

    Posted 11 June 2010 - 02:29 AM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users