Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 KennyMc

KennyMc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 31 October 2010 - 06:46 PM

I think this virus has somehow hijacked my "Hosts" file.
When I browse to the folder C:\Windows\System32\drivers\etc and open the Hosts file with Notepad, everything has been remarked out.
There is a hidden file in the same folder also called "Hosts". I can't edit or delete this Hosts file.
The only difference is that it contains the following after the last line of the normal file:

74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
89.248.160.148 www.google.com
89.248.160.148 google.com
89.248.160.148 google.com.au
89.248.160.148 www.google.com.au
89.248.160.148 google.be
89.248.160.148 www.google.be
89.248.160.148 google.com.br
89.248.160.148 www.google.com.br
89.248.160.148 google.ca
89.248.160.148 www.google.ca
89.248.160.148 google.ch
89.248.160.148 www.google.ch
89.248.160.148 google.de
89.248.160.148 www.google.de
89.248.160.148 google.dk
89.248.160.148 www.google.dk
89.248.160.148 google.fr
89.248.160.148 www.google.fr
89.248.160.148 google.ie
89.248.160.148 www.google.ie
89.248.160.148 google.it
89.248.160.148 www.google.it
89.248.160.148 google.co.jp
89.248.160.148 www.google.co.jp
89.248.160.148 google.nl
89.248.160.148 www.google.nl
89.248.160.148 google.no
89.248.160.148 www.google.no
89.248.160.148 google.co.nz
89.248.160.148 www.google.co.nz
89.248.160.148 google.pl
89.248.160.148 www.google.pl
89.248.160.148 google.se
89.248.160.148 www.google.se
89.248.160.148 google.co.uk
89.248.160.148 www.google.co.uk
89.248.160.148 google.co.za
89.248.160.148 www.google.co.za
89.248.160.148 www.google-analytics.com
89.248.160.148 www.bing.com
89.248.160.148 search.yahoo.com
89.248.160.148 www.search.yahoo.com
89.248.160.148 uk.search.yahoo.com
89.248.160.148 ca.search.yahoo.com
89.248.160.148 de.search.yahoo.com
89.248.160.148 fr.search.yahoo.com
89.248.160.148 au.search.yahoo.com
89.248.160.148 www.youtube.com

________________________________________________________________________________________

DDS (Ver_10-10-31.01) - NTFS_AMD64
Run by Ken at 16:29:54.37 on Sun 10/31/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.5935 [GMT -7:00]


============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\Ken\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Ken\Downloads\HijackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ken\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {8BC7446D-BEDE-476F-B34C-CE1664FDB330} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [\\Den\EPSON Stylus Photo RX580 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBPA.EXE /FU "C:\Users\Ken\AppData\Local\Temp\E_S9A05.tmp" /EF "HKCU"
uRun: [SansaDispatch] C:\Users\Ken\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [EPSON Stylus Photo RX580 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBPA.EXE /FU "C:\Windows\TEMP\E_SCF04.tmp" /EF "HKCU"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\Users\Ken\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
Trusted Zone: download%20.com
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: PCANotify - PCANotify.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
IFEO: image file execution options - svchost.exe
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {8BC7446D-BEDE-476F-B34C-CE1664FDB330} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\n9uzvciq.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-3 52856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-10-23 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-10-23 221232]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [2010-10-2 954928]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-10-23 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101028.001\IDSviA64.sys [2010-10-19 476720]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-10-23 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-10-23 451120]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2010-10-23 126392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-6-26 119296]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-6-4 202776]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-6-4 94744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-23 132656]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\System32\drivers\MarvinAVS64.sys [2007-5-9 484736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-4 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-6-4 202776]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-6-4 94744]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-10-30 23:43:12 -------- d--h--w- C:\$AVG
2010-10-30 23:08:34 -------- d-----w- C:\Users\Ken\AppData\Roaming\AVG10
2010-10-30 23:06:36 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-10-30 23:06:36 -------- d-----w- C:\PROGRA~3\AVG10
2010-10-30 22:45:00 -------- d-----w- C:\PROGRA~3\MFAData
2010-10-27 01:24:58 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2010-10-26 18:02:36 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-26 18:02:36 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-26 18:02:36 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-26 18:02:36 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-26 18:02:36 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-26 18:02:36 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-26 18:02:36 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 18:02:31 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-26 00:52:48 -------- d-----w- C:\Windows\pss
2010-10-25 00:09:24 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-10-25 00:09:24 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-10-25 00:09:23 899072 ----a-w- C:\Windows\System32\d2d1.dll
2010-10-25 00:09:23 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-10-25 00:09:23 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-10-25 00:09:23 1543168 ----a-w- C:\Windows\System32\DWrite.dll
2010-10-25 00:09:23 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-10-25 00:09:23 1137664 ----a-w- C:\Windows\System32\FntCache.dll
2010-10-25 00:09:23 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-10-25 00:08:51 466432 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-10-25 00:08:51 279552 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-10-25 00:08:51 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-10-25 00:08:51 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-10-25 00:07:51 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2010-10-25 00:07:51 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2010-10-25 00:07:45 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2010-10-24 19:43:03 -------- d-----w- C:\Windows\en
2010-10-24 19:39:55 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-24 19:38:38 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-10-24 19:38:14 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-10-24 19:38:03 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-24 19:38:03 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-24 19:38:03 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-24 19:38:03 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-10-24 19:37:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\da1587401cb73b214\MeshBetaRemover.exe
2010-10-24 19:37:10 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d840a0301cb73b213\InstallManager_WLE_WLE.exe
2010-10-24 19:37:05 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d60c5b101cb73b212\DXSETUP.exe
2010-10-24 19:37:04 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d60c5b101cb73b212\DSETUP.dll
2010-10-24 19:37:04 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d60c5b101cb73b212\dsetup32.dll
2010-10-24 19:37:02 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d421c9201cb73b211\DSETUP.dll
2010-10-24 19:37:02 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d421c9201cb73b211\DXSETUP.exe
2010-10-24 19:37:02 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d421c9201cb73b211\dsetup32.dll
2010-10-24 19:36:21 -------- d-----w- C:\Users\Ken\AppData\Local\Windows Live
2010-10-24 19:35:07 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-24 19:35:06 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-24 19:35:06 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-24 19:35:06 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-24 19:35:06 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-24 19:35:05 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-24 19:35:04 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-23 19:57:08 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys
2010-10-23 19:57:08 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys
2010-10-23 19:57:08 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys
2010-10-23 19:57:08 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys
2010-10-23 19:57:08 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys
2010-10-23 19:57:08 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys
2010-10-23 19:57:08 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys
2010-10-23 19:57:02 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005
2010-10-23 18:21:52 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-10-23 18:21:52 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2010-10-23 18:21:52 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2010-10-23 18:21:50 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-10-23 18:21:50 -------- d-----w- C:\Program Files\Symantec
2010-10-23 18:21:50 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-10-23 18:21:16 -------- d-----w- C:\Windows\System32\drivers\N360x64
2010-10-23 18:21:14 -------- d-----w- C:\Program Files (x86)\Norton 360
2010-10-23 18:21:14 -------- d-----w- C:\PROGRA~3\Norton
2010-10-23 18:17:55 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2010-10-23 18:17:55 -------- d-----w- C:\PROGRA~3\NortonInstaller
2010-10-23 00:21:29 -------- d-----w- C:\Users\Ken\AppData\Local\Macroplant
2010-10-23 00:19:29 -------- d-----w- C:\Program Files (x86)\iPhone Explorer
2010-10-20 04:30:26 99384 ----a-w- C:\Users\Ken\AppData\Roaming\inst.exe
2010-10-20 04:30:26 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2010-10-20 04:30:26 82816 ----a-w- C:\Users\Ken\AppData\Roaming\pcouffin.sys
2010-10-20 04:30:11 -------- d-----w- C:\Program Files (x86)\LG Software Innovations
2010-10-19 21:39:52 -------- d-sh--w- C:\Users\Ken\AppData\Roaming\Smart Engine
2010-10-19 21:39:52 -------- d-sh--w- C:\PROGRA~3\SMSNVPLKE
2010-10-19 21:39:36 -------- d-sh--w- C:\PROGRA~3\4cb8f2
2010-10-02 23:03:20 -------- d-----w- C:\Program Files (x86)\Epson Software
2010-10-02 23:02:13 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2010-10-02 23:02:13 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2010-10-02 23:02:13 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2010-10-02 23:02:13 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2010-10-02 23:02:13 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2010-10-02 21:44:32 93184 ----a-w- C:\Windows\System32\esxcwiad.dll
2010-10-02 21:44:32 -------- d-----w- C:\Program Files (x86)\epson
2010-10-02 21:43:26 -------- d-----w- C:\Program Files (x86)\Common Files\FreeCause
2010-10-02 21:43:18 -------- d-----w- C:\Program Files (x86)\Oregon State Beavers Toolbar

==================== Find3M ====================

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 07:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 07:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-13 23:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-07 10:48:58 381008 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-09-07 10:48:56 41040 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-09-07 10:48:52 305232 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-09-07 10:48:50 30288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-09-01 07:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2010-09-01 07:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-01 07:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-01 07:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-01 07:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-09-01 07:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-01 07:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-01 07:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-01 07:43:10 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2010-09-01 07:43:10 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2010-09-01 07:43:02 448512 ----a-w- C:\Windows\System32\html.iec
2010-09-01 07:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll
2010-09-01 07:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx
2010-09-01 07:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 16:52:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-20 04:42:38 35920 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2010-08-20 04:42:38 157264 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys

============= FINISH: 16:30:27.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 PM

Posted 08 November 2010 - 05:48 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 PM

Posted 12 November 2010 - 08:59 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users