Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect / malware


  • This topic is locked This topic is locked
8 replies to this topic

#1 nyrangerfan

nyrangerfan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 28 December 2010 - 10:11 AM

Greetings all,

I have had the toughest time trying to get rid of this bug. When running mozilla firefox and using google, the browser continues to get redirected to other sites, many of which AVG will end up blocking. Also, during random times a browser will pop open with a site that I am not familiar with.

I have run many of the usual malware-removal tools including Malwarebytes' Anti-Malware, CCleaner, and Ad-Aware. As requested in the "preparation guide for use before requesting help" thread I have attached the logs from DDS and GMER.

I thank you in advance for any help or advice you can give.

Mike


DDS (Ver_10-12-12.02) - NTFSx86
Run by Michael Taylor at 9:31:21.07 on Tue 12/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.866 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

D:\PROGRA~1\AVG\avg10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\AVG\avg10\avgwdsvc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
D:\Program Files\AVG\avg10\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
D:\Program Files\AVG\avg10\avgtray.exe
D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SpamPal\spampal.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
D:\Program Files\AVG\avg10\Identity Protection\agent\bin\avgidsmonitor.exe
D:\Program Files\AVG\avg10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
D:\PROGRA~1\AVG\avg10\avgrsx.exe
D:\Program Files\AVG\avg10\avgcsrvx.exe
D:\download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.search.msn.com
mCustomizeSearch =
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
{24f61a22-a2ae-4d05-889f-19ffb00ff764}
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: {7f52a90e-6353-416f-97b6-db45b0e7cfb2} -
{83b76017-8731-4ba0-9b9b-e48a192a476d}
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {c45f5d97-057b-437f-8312-9f0e5d9631e6} - No File
BHO: {D454EA22-C0A8-45C3-96B2-2DCA04C4E977} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - d:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S57.tmp" /EF "HKCU"
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [setup2kSetup2k] c:\program files\installshield installation information\{028ec2af-f501-4567-9cea-140030de8544}\setup2kispnickel.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [AVG_TRAY] d:\program files\avg\avg10\avgtray.exe
mRun: [Monitor] "d:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRunServices: [setup] c:\windows\temp\fmvj.tmp\setup.exe
mRunServices: [QuickTimeQuickTimeResources7.0.4] c:\program files\quicktime\qtsystem\quicktime.resources\quicktimeresourcesquicktime.exe
mRunServices: [PhotoMedia2500] c:\program files\sony\photo server\appsrv\vaiovaio25015100.exe
mRunServices: [EpmtfresMatching] c:\program files\epson software\event manager\assistants\scan assistant\local\0409\matchingplugin.exe
mRunServices: [InstallShieldSetup] c:\program files\installshield installation information\{7c2f71b2-6c73-11d6-b659-00c04f790f76}\installshieldsetup610.exe
mRunServices: [MoneyMoney] c:\program files\msn\msncorefiles\money\moneypnmnydb.exe
mRunServices: [HelpAdobe] c:\program files\adobe\adobe help viewer\1.0\adobeviewer.exe
mRunServices: [installerplugininstallerplugin] c:\program files\divx\installerplugininstallerplugin.exe
mRunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktime3gpp.resources\ja.lproj\quicktimequicktimeresources7.0.4.exe
dRun: [rqncg5uwdl8f] c:\windows\temp\m.278.tmp.exe
dRun: [SecurityCenter] c:\documents and settings\networkservice\application data\desktop security\securitycenter.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\michae~1\startm~1\programs\startup\spampal.lnk - d:\program files\spampal\spampal.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: RemindU - file://c:\program files\upromiseremindu\system\temp\upromise_script0.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {205FF73B-CA67-11D5-99DD-444553540002} - hxxp://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/14acdae06abab0fcd705/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580649343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229556842281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - hxxp://hotsearchbar.com/toolbar2/winhot32.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38027.8390740741
DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - hxxp://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = c:\windows\system32\votojoye.dll scecli
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\fuvkjyd2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.type - 0
FF - component: d:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: d:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: d:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: d:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: d:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\michael taylor\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\michael taylor\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\michael taylor\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint_03000F10.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: d:\program files\firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\firefox\plugins\NPJinit13122.dll
FF - plugin: d:\program files\firefox\plugins\npmozax.dll
FF - plugin: d:\program files\firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\firefox\plugins\npsnapfish.dll
FF - plugin: d:\program files\firefox\plugins\npunagi2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\real\netscape6\nppl3260.dll
FF - plugin: d:\program files\real\netscape6\nprjplug.dll
FF - plugin: d:\program files\real\netscape6\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - d:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.023.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - d:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;d:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2005-7-1 2560]
R2 SDPASVC;SDPAUMS server service;c:\windows\system32\sdpasvc.exe -service --> c:\windows\system32\sdpasvc.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 mrtRate;mrtRate; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-17 517448]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-26 18560]
S3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [2004-7-11 96256]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 merger;merger;c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe [2005-9-27 49152]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-2-28 42512]
S3 OMAWGU(Belkin Corporation);My Essential G USB Adapter(Belkin Corporation);c:\windows\system32\drivers\omawgu.sys --> c:\windows\system32\drivers\OMAWGU.sys [?]
S4 aawservice;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

=============== Created Last 30 ================

2010-12-27 05:06:58 -------- d-----w- c:\program files\ESET
2010-12-25 00:33:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 00:24:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-22 00:24:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-19 14:27:03 -------- d-----w- c:\windows\system32\scripting
2010-12-19 14:26:55 -------- d-----w- c:\windows\l2schemas
2010-12-19 14:26:54 -------- d-----w- c:\windows\system32\en
2010-12-19 14:10:59 92168 ----a-w- c:\windows\system32\dllcache\rdpdd.dll
2010-12-18 19:45:12 1409 ----a-w- c:\windows\QTFont.for
2010-12-17 21:45:33 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\AVG Security Toolbar
2010-12-17 08:06:59 -------- d-----w- c:\docume~1\michae~1\applic~1\AVG10
2010-12-17 07:57:13 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-17 07:56:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-12-17 07:51:57 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-17 07:51:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-16 23:17:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-12-28 14:00:50 833 --sha-w- c:\windows\system32\mmf.sys
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-04 01:29:36 833 --sha-w- c:\windows\system32\mmf(2).sys
2006-08-05 11:47:39 774144 -c--a-w- c:\program files\RngInterstitial.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1203N rev.TL100-23 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A694EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89225872; SUB DWORD [EBP-0x4], 0x8922512e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A724AB8]
3 CLASSPNP[0xF765805B] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006f[0x8A732EB0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A728940]
[0x8A63D858] -> IRP_MJ_CREATE -> 0x8A694EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [SI], CH; JL 0x2d; JNZ 0x3b; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP1203N_________________________TL100-23#30535130314a5730323731353933202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A694AEA
user & kernel MBR OK
sectors 234493054 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 9:34:28.06 ===============

Attached Files


Edited by Noviciate, 28 December 2010 - 03:00 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:00 PM

Posted 28 December 2010 - 03:06 PM

Good evening. :)

You are going to need to uninstall your anti-virus program, AVG, at least temporarily as it incorrectly targets the tool that you are going to run. You can reinstall it once the tool has run, or go with a different AV if you wish - there are other free ones, if you'd like links.

If you still have the AVG installation file then, if you are going to keep that one, you can reinstall it that way. If you don't, you should download a fresh copy of the file BEFORE you uninstall it. That way you can reinstall without needing to go online without an active AV. (AVG download linky)

Once you've sorted that out, go with the rest:

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#3 nyrangerfan

nyrangerfan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 28 December 2010 - 10:37 PM

Thanks for your help! I ran the tool and attached the log. I don't seem to be having the issue any longer, but will continue to see if it repeats.

Any other AV software would be highly appreciated - I heard Avast is good.

Happy holidays!

ComboFix 10-12-28.01 - Michael Taylor 12/28/2010 22:09:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1164 [GMT -5:00]
Running from: d:\download\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\Desktop Security
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\nvDrv.sy
c:\windows\ST6UNST.000
c:\windows\system32\_006658_.tmp.dll
c:\windows\system32\_006659_.tmp.dll
c:\windows\system32\_006660_.tmp.dll
c:\windows\system32\_006661_.tmp.dll
c:\windows\system32\_006668_.tmp.dll
c:\windows\system32\_006669_.tmp.dll
c:\windows\system32\_006670_.tmp.dll
c:\windows\system32\_006671_.tmp.dll
c:\windows\system32\_006673_.tmp.dll
c:\windows\system32\_006674_.tmp.dll
c:\windows\system32\_006677_.tmp.dll
c:\windows\system32\_006678_.tmp.dll
c:\windows\system32\_006680_.tmp.dll
c:\windows\system32\_006681_.tmp.dll
c:\windows\system32\_006682_.tmp.dll
c:\windows\system32\_006684_.tmp.dll
c:\windows\system32\_006687_.tmp.dll
c:\windows\system32\_006688_.tmp.dll
c:\windows\system32\_006692_.tmp.dll
c:\windows\system32\_006693_.tmp.dll
c:\windows\system32\_006695_.tmp.dll
c:\windows\system32\_006698_.tmp.dll
c:\windows\system32\_006700_.tmp.dll
c:\windows\system32\_006701_.tmp.dll
c:\windows\system32\_006702_.tmp.dll
c:\windows\system32\_006703_.tmp.dll
c:\windows\system32\_006704_.tmp.dll
c:\windows\system32\_006707_.tmp.dll
c:\windows\system32\_006708_.tmp.dll
c:\windows\system32\_006709_.tmp.dll
c:\windows\system32\_006710_.tmp.dll
c:\windows\system32\_006711_.tmp.dll
c:\windows\system32\_006716_.tmp.dll
c:\windows\system32\_006718_.tmp.dll
c:\windows\system32\_006719_.tmp.dll
c:\windows\system32\42KJE738.ocx
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fsc.txt
c:\windows\system32\ICON.ico
c:\windows\system32\ide.txt
c:\windows\system32\klgd.bmp
c:\windows\system32\Oeminfo.ini
c:\windows\system32\orange-install.ico
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SOCKETX.DLL
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\wiaserviv.log

Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-29 00:36 . 2010-12-29 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-12-28 15:26 . 2010-12-28 17:00 -------- d-----w- c:\documents and settings\Michael Taylor\Application Data\mIRC
2010-12-27 05:06 . 2010-12-27 05:06 -------- d-----w- c:\program files\ESET
2010-12-25 00:33 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 00:24 . 2010-12-22 00:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-19 14:27 . 2010-12-19 14:45 -------- d-----w- c:\windows\system32\scripting
2010-12-19 14:26 . 2010-12-19 14:45 -------- d-----w- c:\windows\l2schemas
2010-12-19 14:26 . 2010-12-19 14:47 -------- d-----w- c:\windows\system32\en
2010-12-19 14:10 . 2009-10-12 13:54 112128 ----a-w- c:\windows\system32\dllcache\rastls.dll
2010-12-19 11:55 . 2010-12-19 11:55 -------- d-----w- c:\documents and settings\Samantha\Application Data\AVG10
2010-12-18 19:45 . 2010-12-18 19:45 1409 ----a-w- c:\windows\QTFont.for
2010-12-17 21:45 . 2010-12-17 21:45 -------- d-----w- c:\documents and settings\Michael Taylor\Local Settings\Application Data\AVG Security Toolbar
2010-12-17 08:06 . 2010-12-17 08:06 -------- d-----w- c:\documents and settings\Michael Taylor\Application Data\AVG10
2010-12-17 07:57 . 2010-12-17 07:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-17 07:51 . 2010-12-28 14:07 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-17 07:51 . 2010-12-17 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-12-16 23:17 . 2010-12-16 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2008-12-08 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2008-12-08 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-12 21:34 . 2007-06-15 02:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 18:19 . 2010-11-10 03:20 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-10-24 16:34 . 2010-10-24 16:34 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2006-08-05 11:47 . 2006-08-05 11:47 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Epson Software\FAX Utility\FUFAXSTM .exe
c:\program files\support.com\bin\tgcmd .exe
c:\windows\SONYSYS\VAIO Recovery\PartSeal .exe
c:\windows\system32\Ati2mdxx .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [N/A]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-02-28 1843200]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 88107]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"setup2kSetup2k"="c:\program files\installshield installation information\{028ec2af-f501-4567-9cea-140030de8544}\setup2kispnickel.exe" [N/A]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"Monitor"="d:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-12-25 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\Michael Taylor\Start Menu\Programs\Startup\
SpamPal.lnk - d:\program files\SpamPal\spampal.exe [2005-10-24 387616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf d:\program files\iolo\System Mechanic 5\\0lsdelete\0d:\progra~1\AVG\avg10\avgchsvx.exe /sync\0d:\progra~1\AVG\avg10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACD mPower Tools]
c:\program files\ACD Systems\mPower Tools\1.0\mPowerTools.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-10 03:55 342848 -c--a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoffeeCup Spam Blocker]
d:\program files\CoffeeCup Software\Spam Blocker\SpamBlocker.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
2003-07-08 07:00 99840 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule31]
c:\program files\GetModule\GetModule31.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iinl]
c:\documents and settings\Michael Taylor\Application Data\iptl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
c:\program files\ISTsvc\istsvc.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
2002-06-13 22:01 49152 -c--a-w- c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-12-10 08:06 7311360 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
c:\documents and settings\Michael Taylor\Application Data\SpeedRunner\SpeedRunner.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 09:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"IntuitUpdateService"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"d:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Easy-Hide-IP\\easy-hide-ip.exe"=
"c:\\Documents and Settings\\Michael Taylor\\Desktop\\shortcuts\\mirc.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 25680]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 10:20 PM 299984]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/1/2005 1:00 PM 2560]
R2 SDPASVC;SDPAUMS server service;c:\windows\System32\sdpasvc.exe -service --> c:\windows\System32\sdpasvc.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:37 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 26192]
S2 AVGIDSAgent;AVGIDSAgent;"d:\program files\AVG\avg10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> d:\program files\AVG\avg10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"d:\program files\AVG\avg10\avgwdsvc.exe" --> d:\program files\AVG\avg10\avgwdsvc.exe [?]
S2 mrtRate;mrtRate; [x]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2009 4:02 PM 18560]
S3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/11/2004 7:50 PM 96256]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 merger;merger;c:\program files\Microsoft Application Compatibility Toolkit\Application Analyzer\merger.exe [9/27/2005 10:33 AM 49152]
S3 OMAWGU(Belkin Corporation);My Essential G USB Adapter(Belkin Corporation);c:\windows\system32\DRIVERS\OMAWGU.sys --> c:\windows\system32\DRIVERS\OMAWGU.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: RemindU - file://c:\program files\UpromiseRemindU\System\Temp\upromise_script0.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - hxxp://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
FF - ProfilePath - c:\documents and settings\Michael Taylor\Application Data\Mozilla\Firefox\Profiles\fuvkjyd2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 4021
FF - prefs.js: network.proxy.type - 0
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Easy-Hide-IP Firefox Plugin: support@easy-hide-ip.com - d:\program files\Easy-Hide-IP\ff-extension
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
.
- - - - ORPHANS REMOVED - - - -

BHO-{24F61A22-A2AE-4D05-889F-19FFB00FF764} - (no file)
BHO-{7F52A90E-6353-416F-97B6-DB45B0E7CFB2} - (no file)
BHO-{83B76017-8731-4BA0-9B9B-E48A192A476D} - (no file)
BHO-{c45f5d97-057b-437f-8312-9f0e5d9631e6} - (no file)
BHO-{D454EA22-C0A8-45C3-96B2-2DCA04C4E977} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-dimsntfy - (no file)
AddRemove-Adobe Photoshop Elements 2.0 - c:\program files\Adobe\Photoshop Elements 2\Uninst.isu
AddRemove-Canon PhotoStitch 3.1 - c:\program files\Canon\PhotoStitch\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-28 22:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b8,53,60,46,6b,12,28,18,28,8f,06,67,3e,18,85,1c,25,03,8b,e4,2d,
78,0e,2f,f7,5e,23,b0,de,b1,fd,72,d6,ca,13,63,f3,3e,5a,19,36,d6,7c,dc,5c,f2,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,50,94,16,01,b2,17,1a,42
"2"=hex:11,b7,bf,c5,fa,e2,5a,47
"3"=hex:f3,8a,f3,34,92,0b,1b,7a,1f,7c,f4,c0,95,bb,dd,87,e8,ef,33,dd,21,03,c6,
af,b2,a2,d8,9e,d3,63,97,7d,e6,cf,dc,66,c3,bb,21,d8,a8,a6,30,34,6e,e7,91,fb,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,04,de,29,1c,d1,59,b3,b5,1c,3a,e8,07,ed,d8,08,6e,a7,52,c4,be,fd,58,1e,61,\
"8"=hex:4e,76,82,b0,55,a5,5f,45,19,e9,e2,ff,41,37,32,8d,04,93,48,c8,90,e3,70,
e7,31,82,3f,28,9f,11,d4,80,41,41,ca,c1,a3,77,63,a2,3b,6f,05,06,ed,f6,d5,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:3d,7b,8c,93,7f,aa,3a,8c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"er\\xp_inf\\cx_08174.inf\00"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:b8,53,60,46,6b,12,28,18,28,8f,06,67,3e,18,85,1c,25,03,8b,e4,2d,
78,0e,2f,f7,5e,23,b0,de,b1,fd,72,d6,ca,13,63,f3,3e,5a,19,36,d6,7c,dc,5c,f2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sony\Giga Pocket\shwserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
d:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
d:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\System32\sdpasvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sony\VAIO Media Music Server\SSSvr.exe
c:\program files\Sony\Giga Pocket\GPVSvr.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\program files\Sony\Giga Pocket\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2010-12-28 22:32:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-29 03:32

Pre-Run: 350,801,920 bytes free
Post-Run: 467,939,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 98D7575A037FB0CED88B8DD5451A96CD

Attached Files

  • Attached File  log.txt   22.46KB   1 downloads

Edited by Noviciate, 29 December 2010 - 03:48 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:00 PM

Posted 29 December 2010 - 03:51 PM

Good evening. :)

The three other free AVs, besides AVG, that I usually link to are as follows:

avast! 4 Home Edition: Available here
AntiVir Personal Edition Classic : Available here
Microsoft Security Essentials: Available here

While there are others i've used the above at one time or another and had no issues.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I think a little second opinion is never a waste of time:

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log AND a description of how your PC is behaving.

So long, and thanks for all the fish.

 

 


#5 nyrangerfan

nyrangerfan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 29 December 2010 - 07:30 PM

Attached are the text files you requested. Thanks again for all of your help.

Oddities - I uninstalled AVG 11, but it is still listed as an installed program.

I tried installing Avast, but it could not find the server to update.

other than that the computer is running really well now, thank you.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Michael Taylor at 19:24:27.46 on Wed 12/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.971 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE
D:\Program Files\SpamPal\spampal.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
D:\Program Files\firefox\firefox.exe
D:\download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\docume~1\michae~1\locals~1\temp\E_S68.tmp" /EF "HKCU"
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [setup2kSetup2k] c:\program files\installshield installation information\{028ec2af-f501-4567-9cea-140030de8544}\setup2kispnickel.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Monitor] "d:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\michae~1\startm~1\programs\startup\spampal.lnk - d:\program files\spampal\spampal.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: RemindU - file://c:\program files\upromiseremindu\system\temp\upromise_script0.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580649343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229556842281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38027.8390740741
DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - hxxp://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\fuvkjyd2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 4021
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\michael taylor\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\michael taylor\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\michael taylor\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint_03000F10.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: d:\program files\firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\firefox\plugins\NPJinit13122.dll
FF - plugin: d:\program files\firefox\plugins\npmozax.dll
FF - plugin: d:\program files\firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\firefox\plugins\npsnapfish.dll
FF - plugin: d:\program files\firefox\plugins\npunagi2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\real\netscape6\nppl3260.dll
FF - plugin: d:\program files\real\netscape6\nprjplug.dll
FF - plugin: d:\program files\real\netscape6\nprpjplug.dll
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Easy-Hide-IP Firefox Plugin: support@easy-hide-ip.com - d:\program files\easy-hide-ip\ff-extension

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2005-7-1 2560]
R2 SDPASVC;SDPAUMS server service;c:\windows\system32\sdpasvc.exe -service --> c:\windows\system32\sdpasvc.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 AVGIDSAgent;AVGIDSAgent;"d:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> d:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"d:\program files\avg\avg10\avgwdsvc.exe" --> d:\program files\avg\avg10\avgwdsvc.exe [?]
S2 mrtRate;mrtRate; [x]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-26 18560]
S3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [2004-7-11 96256]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 merger;merger;c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe [2005-9-27 49152]
S3 OMAWGU(Belkin Corporation);My Essential G USB Adapter(Belkin Corporation);c:\windows\system32\drivers\omawgu.sys --> c:\windows\system32\drivers\OMAWGU.sys [?]
S4 aawservice;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

=============== Created Last 30 ================

2010-12-29 03:00:54 -------- d-sha-r- C:\cmdcons
2010-12-29 00:36:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-29 00:10:29 98816 ----a-w- c:\windows\sed.exe
2010-12-29 00:10:29 89088 ----a-w- c:\windows\MBR.exe
2010-12-29 00:10:29 256512 ----a-w- c:\windows\PEV.exe
2010-12-29 00:10:29 161792 ----a-w- c:\windows\SWREG.exe
2010-12-28 15:26:27 -------- d-----w- c:\docume~1\michae~1\applic~1\mIRC
2010-12-27 05:06:58 -------- d-----w- c:\program files\ESET
2010-12-25 00:33:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 00:24:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-22 00:24:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-19 14:27:03 -------- d-----w- c:\windows\system32\scripting
2010-12-19 14:26:55 -------- d-----w- c:\windows\l2schemas
2010-12-19 14:26:54 -------- d-----w- c:\windows\system32\en
2010-12-19 14:10:59 92168 ----a-w- c:\windows\system32\dllcache\rdpdd.dll
2010-12-18 19:45:12 1409 ----a-w- c:\windows\QTFont.for
2010-12-17 21:45:33 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\AVG Security Toolbar
2010-12-17 08:06:59 -------- d-----w- c:\docume~1\michae~1\applic~1\AVG10
2010-12-17 07:57:13 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-17 07:51:57 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-17 07:51:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-16 23:17:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2010-12-29 21:26:04 833 --sha-w- c:\windows\system32\mmf.sys
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-04 01:29:36 833 --sha-w- c:\windows\system32\mmf(2).sys
2006-08-05 11:47:39 774144 -c--a-w- c:\program files\RngInterstitial.dll

============= FINISH: 19:26:07.64 ===============

Attached Files


Edited by Noviciate, 30 December 2010 - 02:34 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:00 PM

Posted 30 December 2010 - 02:37 PM

Good evening. :)

Download AppRemover by OPSWAT from here and save it to your Desktop.

Follow the instructions here for partial removals and let the tool take the strain.

I'd like a DDS log that includes an installed AV, so if Avast is still not playing if you reinstall it after running AppRemover, you'll need to pick one of the other two and try that. Once you've got one up and running, please let me have a fresh copy of DDS.txt only.

So long, and thanks for all the fish.

 

 


#7 nyrangerfan

nyrangerfan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 02 January 2011 - 11:37 AM

Here you go! I removed AVG and ran Avast.

Thanks again and I hope you had a great new year!


DDS (Ver_10-12-12.02) - NTFSx86
Run by Michael Taylor at 11:34:16.68 on Sun 01/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1000 [GMT -5:00]

AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
D:\download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\docume~1\michae~1\locals~1\temp\E_S68.tmp" /EF "HKCU"
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [setup2kSetup2k] c:\program files\installshield installation information\{028ec2af-f501-4567-9cea-140030de8544}\setup2kispnickel.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Monitor] "d:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast5] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: RemindU - file://c:\program files\upromiseremindu\system\temp\upromise_script0.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by17fd.bay17.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580649343
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229556842281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38027.8390740741
DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - hxxp://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\fuvkjyd2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\michael taylor\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\michael taylor\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\michael taylor\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint_03000F10.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: d:\program files\firefox\plugins\npbittorrent.dll
FF - plugin: d:\program files\firefox\plugins\NPJinit13122.dll
FF - plugin: d:\program files\firefox\plugins\npmozax.dll
FF - plugin: d:\program files\firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\firefox\plugins\npsnapfish.dll
FF - plugin: d:\program files\firefox\plugins\npunagi2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\real\netscape6\nppl3260.dll
FF - plugin: d:\program files\real\netscape6\nprjplug.dll
FF - plugin: d:\program files\real\netscape6\nprpjplug.dll
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Easy-Hide-IP Firefox Plugin: support@easy-hide-ip.com - d:\program files\easy-hide-ip\ff-extension

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-30 165584]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-30 17744]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-12-30 40384]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2005-7-1 2560]
R2 SDPASVC;SDPAUMS server service;c:\windows\system32\sdpasvc.exe -service --> c:\windows\system32\sdpasvc.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-12-30 40384]
R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-12-30 40384]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 AVGIDSAgent;AVGIDSAgent;"d:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> d:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"d:\program files\avg\avg10\avgwdsvc.exe" --> d:\program files\avg\avg10\avgwdsvc.exe [?]
S2 mrtRate;mrtRate; [x]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-26 18560]
S3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [2004-7-11 96256]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 merger;merger;c:\program files\microsoft application compatibility toolkit\application analyzer\merger.exe [2005-9-27 49152]
S3 OMAWGU(Belkin Corporation);My Essential G USB Adapter(Belkin Corporation);c:\windows\system32\drivers\omawgu.sys --> c:\windows\system32\drivers\OMAWGU.sys [?]

=============== Created Last 30 ================

2010-12-30 16:56:09 38848 ----a-w- c:\windows\avastSS.scr
2010-12-30 00:48:50 -------- d-----w- c:\docume~1\michae~1\applic~1\Avira
2010-12-29 03:00:54 -------- d-sha-r- C:\cmdcons
2010-12-29 00:36:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-29 00:10:29 98816 ----a-w- c:\windows\sed.exe
2010-12-29 00:10:29 89088 ----a-w- c:\windows\MBR.exe
2010-12-29 00:10:29 256512 ----a-w- c:\windows\PEV.exe
2010-12-29 00:10:29 161792 ----a-w- c:\windows\SWREG.exe
2010-12-28 15:26:27 -------- d-----w- c:\docume~1\michae~1\applic~1\mIRC
2010-12-27 05:06:58 -------- d-----w- c:\program files\ESET
2010-12-25 00:33:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 00:24:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-22 00:24:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-19 14:27:03 -------- d-----w- c:\windows\system32\scripting
2010-12-19 14:26:55 -------- d-----w- c:\windows\l2schemas
2010-12-19 14:26:54 -------- d-----w- c:\windows\system32\en
2010-12-19 14:10:59 92168 ----a-w- c:\windows\system32\dllcache\rdpdd.dll
2010-12-18 19:45:12 1409 ----a-w- c:\windows\QTFont.for
2010-12-17 21:45:33 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\AVG Security Toolbar
2010-12-17 08:06:59 -------- d-----w- c:\docume~1\michae~1\applic~1\AVG10
2010-12-17 07:57:13 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-17 07:51:57 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-17 07:51:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-16 23:17:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2011-01-02 15:52:14 833 --sha-w- c:\windows\system32\mmf.sys
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-04 01:29:36 833 --sha-w- c:\windows\system32\mmf(2).sys
2006-08-05 11:47:39 774144 -c--a-w- c:\program files\RngInterstitial.dll

============= FINISH: 11:35:56.32 ===============

Attached Files

  • Attached File  DDS.txt   18.46KB   1 downloads

Edited by Noviciate, 02 January 2011 - 03:48 PM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:00 PM

Posted 02 January 2011 - 03:58 PM

Good evening. :)

I can still see some leftovers from the AVG uninstallation and a couple of things that need a tweak or two.
Will you make sure Avast is fully updated and then run a full system scan and let it fix anything that it finds, and then ensure you reboot the machine.
Then will you download a fresh copy of CF, run it as before and post accordingly. We can use that to do most of what needs doing with a little scripting once I see the latest log.

So long, and thanks for all the fish.

 

 


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:00 PM

Posted 07 January 2011 - 02:53 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users