Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe Error


  • This topic is locked This topic is locked
12 replies to this topic

#1 heman87

heman87

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 05 June 2011 - 04:48 AM

Hello.

My problem is that svchost.exe is taking up 100% of my CPU it will start doing this anywhere from 1 min to 1 hour after i have connected to the internet.I cannot connect to the microsoft update webpage to try and fix this as i think it is an microsoft update error.

Steps i have taken.
1.Ran full MBAM scan and removed any malware (a few days ago)

2.Ran SuperAntiSpyware Full scan and removed any errors

3.Ran full scan with AVG Anti virus


Attached File  Gmer.log   19.89KB   1 downloads

Attached File  attach.txt.txt   13.89KB   1 downloads

and here is DDS log
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Ben b at 10:08:40 on 2011-06-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.354 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
mSearchAssistant =
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\documents and settings\ben b\local settings\application data\conduitengine\ldrConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Fast Search by Surf Canyon: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB08577 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\william hill toolbar\tbcore3.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: WilliamHill Toolbar: {3c4a28a6-35d6-482d-8a9e-ffc843e00bb6} - c:\program files\william hill toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\ben b\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [A9YA3MI1CF] c:\windows\temp\Ftl.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ibm\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {3C4A28A6-35D6-482D-8A9E-FFC843E00BB6} - {3C4A28A6-35D6-482D-8A9E-FFC843E00BB6} - c:\program files\william hill toolbar\tbcore3.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {640044E9-92A3-4B89-A615-1F65354D3A65} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - hxxps://s.userzoom.com/s/UserZoom.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{611F35DD-ACDB-4181-ABB2-C48A34A61428} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ben b\application data\mozilla\firefox\profiles\6z7qdsgm.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\ben b\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-3-8 54760]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-1-28 2304]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-1-14 33792]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S1 MpKsl080a4d2b;MpKsl080a4d2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2dc36a96-534e-469a-b4a1-6776a43518c6}\mpksl080a4d2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2dc36a96-534e-469a-b4a1-6776a43518c6}\MpKsl080a4d2b.sys [?]
S1 MpKsl13a6c51c;MpKsl13a6c51c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e84b-4758-4c77-b223-d8fb57f46a2e}\mpksl13a6c51c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e84b-4758-4c77-b223-d8fb57f46a2e}\MpKsl13a6c51c.sys [?]
S1 MpKsl32beab4e;MpKsl32beab4e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a5eb5d-81b5-40a1-b653-52c8257b1132}\mpksl32beab4e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a5eb5d-81b5-40a1-b653-52c8257b1132}\MpKsl32beab4e.sys [?]
S1 MpKsl3ce45e39;MpKsl3ce45e39;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61f7480d-f7a3-49e7-9cd6-ef939d2fdd82}\mpksl3ce45e39.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61f7480d-f7a3-49e7-9cd6-ef939d2fdd82}\MpKsl3ce45e39.sys [?]
S1 MpKsl3e299d49;MpKsl3e299d49;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a5eb5d-81b5-40a1-b653-52c8257b1132}\mpksl3e299d49.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a5eb5d-81b5-40a1-b653-52c8257b1132}\MpKsl3e299d49.sys [?]
S1 MpKsl4148ff06;MpKsl4148ff06;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{840cb57f-736a-4e94-8b5d-899aab7d5e53}\mpksl4148ff06.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{840cb57f-736a-4e94-8b5d-899aab7d5e53}\MpKsl4148ff06.sys [?]
S1 MpKsl4f16a618;MpKsl4f16a618;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0fc2ed9-4534-4bf4-8505-ef6691771412}\mpksl4f16a618.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0fc2ed9-4534-4bf4-8505-ef6691771412}\MpKsl4f16a618.sys [?]
S1 MpKsl78cc8d49;MpKsl78cc8d49;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67b6c38a-6df4-4b1d-9b1b-61a1946e4a99}\mpksl78cc8d49.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67b6c38a-6df4-4b1d-9b1b-61a1946e4a99}\MpKsl78cc8d49.sys [?]
S1 MpKsl93d68306;MpKsl93d68306;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0fc2ed9-4534-4bf4-8505-ef6691771412}\mpksl93d68306.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0fc2ed9-4534-4bf4-8505-ef6691771412}\MpKsl93d68306.sys [?]
S1 MpKslcdeafe71;MpKslcdeafe71;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e84b-4758-4c77-b223-d8fb57f46a2e}\mpkslcdeafe71.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e84b-4758-4c77-b223-d8fb57f46a2e}\MpKslcdeafe71.sys [?]
S1 MpKsle24081d8;MpKsle24081d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dfaa29aa-c2ee-4ec7-90d0-7f347fbe2bb7}\mpksle24081d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dfaa29aa-c2ee-4ec7-90d0-7f347fbe2bb7}\MpKsle24081d8.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\ibm\desktop\vcdrom.sys --> c:\documents and settings\ibm\desktop\VCdRom.sys [?]
S2 AMService;AMService;c:\windows\temp\nbds\setup.exe run --> c:\windows\temp\nbds\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 135664]
S2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 135664]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva365;XDva365;\??\c:\windows\system32\xdva365.sys --> c:\windows\system32\XDva365.sys [?]
S3 XDva380;XDva380;c:\windows\system32\XDva380.sys [2011-5-3 76104]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2011-1-14 27904]
.
=============== Created Last 30 ================
.
2011-06-03 12:18:52 -------- d-----w- c:\documents and settings\ben b\application data\DDMSettings
2011-06-03 09:09:20 -------- d-----w- c:\documents and settings\ben b\local settings\application data\Spotify
2011-06-03 09:09:20 -------- d-----w- c:\documents and settings\ben b\application data\Spotify
2011-06-03 08:46:51 -------- d-----w- c:\documents and settings\ben b\application data\SUPERAntiSpyware.com
2011-06-03 08:46:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-03 05:44:01 -------- d-----w- c:\documents and settings\ben b\local settings\application data\ConduitEngine
2011-06-03 05:44:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-03 05:44:00 -------- d-----w- c:\program files\ConduitEngine
2011-06-03 05:43:26 -------- d-----w- c:\documents and settings\ben b\application data\PriceGong
2011-06-03 05:43:17 -------- d-----w- c:\documents and settings\ben b\local settings\application data\Conduit
2011-06-03 05:42:00 -------- d-sh--w- c:\documents and settings\ben b\PrivacIE
2011-06-03 04:54:47 -------- d-----w- c:\documents and settings\ben b\application data\DriverCure
2011-06-03 04:54:45 -------- d-----w- c:\documents and settings\ben b\application data\ParetoLogic
2011-06-03 04:50:50 -------- d-----w- c:\program files\ParetoLogic
2011-06-03 03:27:08 -------- d-----w- c:\program files\DriverFinder
2011-06-03 03:26:47 -------- d-----w- c:\documents and settings\ben b\application data\DriverFinder
2011-06-03 03:23:27 -------- d-----w- c:\documents and settings\ben b\local settings\application data\AskToolbar
2011-06-03 03:23:25 -------- d-----w- c:\documents and settings\ben b\local settings\application data\Google
2011-06-03 03:22:58 -------- d-----w- c:\documents and settings\ben b\application data\Toolbar4
2011-06-03 03:22:49 -------- d-----w- c:\documents and settings\ben b\local settings\application data\uTorrentBar
2011-06-03 03:05:07 -------- d-----w- c:\documents and settings\ben b\local settings\application data\Mozilla
2011-06-03 03:04:13 -------- d-----w- c:\documents and settings\ben b\application data\AVG10
2011-06-03 03:03:17 -------- d-sh--w- c:\documents and settings\ben b\IETldCache
2011-06-03 02:18:03 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-06-02 12:11:24 -------- d-----w- c:\program files\common files\DivX Shared
2011-06-01 01:28:23 -------- d-----w- c:\program files\LucasArts
2011-06-01 01:27:46 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-06-01 01:27:46 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-06-01 01:27:46 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-06-01 01:27:46 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-06-01 01:27:43 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-05-24 17:59:14 40960 ----a-w- c:\windows\system32\eax.dll
2011-05-24 17:59:14 -------- d-----w- c:\program files\Creative Labs
2011-05-24 17:58:06 -------- d-----w- c:\program files\Eidos Interactive
2011-05-20 02:42:35 -------- d-----w- c:\program files\File Type Assistant
2011-05-20 02:40:07 -------- d-----w- c:\program files\Yahoo!
2011-05-20 02:40:05 -------- d-----w- c:\program files\Yontoo Layers Client
2011-05-20 02:40:02 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-05-20 02:39:57 -------- d-----w- c:\program files\Surf Canyon
2011-05-19 23:40:14 -------- d-----w- c:\program files\Square Soft, Inc
2011-05-19 13:14:36 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-05-19 13:14:36 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-18 01:24:35 -------- d-----w- C:\Games
2011-05-17 23:47:06 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-05-17 23:01:25 20 ----a-w- c:\windows\system32\ODBCJI32O.DLL
2011-05-17 02:04:48 -------- d-----w- c:\program files\Final Fantasy 8
2011-05-16 15:20:20 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-05-16 15:20:02 306688 ----a-w- c:\windows\IsUninst.exe
2011-05-16 01:26:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 22:01:42 -------- d-----w- c:\program files\Sony Online Entertainment
2011-05-15 16:12:36 -------- d-----w- C:\UnrealTournament
2011-05-15 00:09:39 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2011-05-15 00:09:39 17212 ----a-w- c:\windows\system32\SIntf32.dll
2011-05-15 00:09:39 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-05-15 00:03:15 94208 ----a-w- c:\windows\DIIUnin.exe
2011-05-15 00:03:15 2829 ----a-w- c:\windows\DIIUnin.pif
2011-05-15 00:01:08 -------- d-----w- c:\program files\Diablo II
2011-05-13 13:49:33 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-13 13:49:32 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-13 13:49:32 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-13 13:49:32 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-13 13:49:32 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-13 13:49:31 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-13 13:49:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-13 13:49:30 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-13 13:11:24 -------- d-----w- c:\program files\CCP
2011-05-09 19:53:37 0 ----a-w- c:\windows\DXT15.tmp
2011-05-09 19:53:37 0 ----a-w- c:\windows\DXT14.tmp
2011-05-09 19:53:37 0 ----a-w- c:\windows\DXT13.tmp
2011-05-09 19:53:37 0 ----a-w- c:\windows\DXT12.tmp
2011-05-09 19:53:37 -------- d-----w- c:\program files\directx
.
==================== Find3M ====================
.
2011-06-03 01:49:43 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-03 06:58:18 76104 ----a-w- c:\windows\system32\XDva380.sys
2011-05-03 03:41:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-03 03:41:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 19:41:20 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx
2011-04-28 23:38:27 258352 ----a-w- C:\unicows.dll
2011-04-28 23:37:57 28672 ----a-w- C:\JPGI.dll
2011-04-28 23:37:50 372736 ----a-w- C:\ijl15.dll
2011-04-23 19:59:11 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-23 19:59:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-23 19:58:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-31 07:27:48 720896 ----a-w- c:\windows\iun6002.exe
2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-14 14:13:39 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-08LSA0 rev.09.01D09 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x864A4439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x864aa7d0]; MOV EAX, [0x864aa84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8652AAB8]
3 CLASSPNP[0xF7686FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007f[0x864FFF18]
5 ACPI[0xF736C620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x864D2D98]
\Driver\atapi[0x864CE998] -> IRP_MJ_CREATE -> 0x864A4439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800JD-08LSA0______________________09.01D09#5&3620fdbb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x864A427F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:10:35.64 ===============

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:39 PM

Posted 05 June 2011 - 03:18 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully", which takes less than a minute on my system, click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#3 heman87

heman87
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 05 June 2011 - 07:07 PM

Hello,

The log you requested.

Attached File  aswMBR.txt   1.73KB   1 downloads

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-06 01:05:30
-----------------------------
01:05:30.531 OS Version: Windows 5.1.2600 Service Pack 3
01:05:30.531 Number of processors: 2 586 0x403
01:05:30.531 ComputerName: IBM-PC UserName: Ben b
01:05:32.421 Initialize success
01:05:38.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
01:05:38.515 Disk 0 Vendor: WDC_WD800JD-08LSA0 09.01D09 Size: 76324MB BusType: 3
01:05:38.515 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800JD-08LSA0______________________09.01D09#5&3620fdbb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
01:05:38.515 Device \Driver\atapi -> DriverStartIo 864a427f
01:05:38.515 Disk 0 MBR read error 0
01:05:38.515 Disk 0 MBR scan
01:05:38.515 Disk 0 unknown MBR code
01:05:38.515 MBR BIOS signature not found 0
01:05:38.515 Disk 0 scanning sectors +156296385
01:05:38.515 Disk 0 scanning C:\WINDOWS\system32\drivers
01:05:42.953 Service scanning
01:05:43.937 Disk 0 trace - called modules:
01:05:43.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x864a4439]<<
01:05:43.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864fdab8]
01:05:43.937 3 CLASSPNP.SYS[f7686fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8651ff18]
01:05:43.937 5 ACPI.sys[f736c620] -> nt!IofCallDriver -> [0x8651dd98]
01:05:43.937 \Driver\atapi[0x864fe930] -> IRP_MJ_CREATE -> 0x864a4439
01:05:43.937 Scan finished successfully
01:06:11.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ben b\Desktop\MBR.dat"
01:06:11.515 The log file has been saved successfully to "C:\Documents and Settings\Ben b\Desktop\aswMBR.txt"

Edited by Noviciate, 06 June 2011 - 01:49 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:39 PM

Posted 06 June 2011 - 01:50 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 heman87

heman87
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 06 June 2011 - 02:08 PM

Hi, :)

here the log

Attached File  TDSSKiller.2.5.3.0_06.06.2011_19.59.26_log.txt   40.74KB   1 downloads

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:39 PM

Posted 06 June 2011 - 02:12 PM

If you haven't already, reboot and then take the PC for a spin and tell me how it's behaving.

So long, and thanks for all the fish.

 

 


#7 heman87

heman87
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 06 June 2011 - 03:37 PM

Hi.
Iv been testing my computer for around an hour and it seems to be perfect i can also connect to the microsoft update webpage.
Thanks alot for all your help in removing this problem it was driving me crazy :P

Edited by heman87, 06 June 2011 - 03:37 PM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:39 PM

Posted 06 June 2011 - 03:40 PM

Glad that i've got one success this evening! I'd like a scan for leftovers and then a quick tidy-up after that and you'll be on your way tout sweet.

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#9 heman87

heman87
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 06 June 2011 - 06:27 PM

Hi,

As i said before my computer now seems to be fine svchost.exe is working perfectly and i can connect to the microsoft update website.

Here is all that ESET found.

C:\Sandbox\IBM\DefaultBox\drive\C\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL a variant of Win32/Toolbar.MyWebSearch.I application

And here is DDS log and Attach.

Attached File  attach.txt   15.98KB   1 downloads

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Ben b at 0:21:23 on 2011-06-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.490 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
mSearchAssistant =
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\documents and settings\ben b\local settings\application data\conduitengine\ldrConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Fast Search by Surf Canyon: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB08577 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\william hill toolbar\tbcore3.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo0.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: WilliamHill Toolbar: {3c4a28a6-35d6-482d-8a9e-ffc843e00bb6} - c:\program files\william hill toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\ben b\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [A9YA3MI1CF] c:\windows\temp\Ftl.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ibm\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {3C4A28A6-35D6-482D-8A9E-FFC843E00BB6} - {3C4A28A6-35D6-482D-8A9E-FFC843E00BB6} - c:\program files\william hill toolbar\tbcore3.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {640044E9-92A3-4B89-A615-1F65354D3A65} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - hxxps://s.userzoom.com/s/UserZoom.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{611F35DD-ACDB-4181-ABB2-C48A34A61428} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ben b\application data\mozilla\firefox\profiles\6z7qdsgm.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\ben b\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-3-8 54760]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-1-28 2304]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-1-14 33792]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S1 MpKsl080a4d2b;MpKsl080a4d2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2dc36a96-534e-469a-b4a1-6776a43518c6}\mpksl080a4d2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2dc36a96-534e-469a-b4a1-6776a43518c6}\MpKsl080a4d2b.sys [?]
S1 MpKsl13a6c51c;MpKsl13a6c51c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e84b-4758-4c77-b223-d8fb57f46a2e}\mpksl13a6c51c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e84b-4758-4c77-b223-d8fb57f46a2e}\MpKsl13a6c51c.sys [?]
S1 MpKsl32beab4e;MpKsl32beab4e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a5eb5d-81b5-40a1-b653-52c8257b1132}\mpksl32beab4e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a5eb5d-81b5-40a1-b653-52c8257b1132}\MpKsl32beab4e.sys [?]
S1 MpKsl3ce45e39;MpKsl3ce45e39;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61f7480d-f7a3-49e7-9cd6-ef939d2fdd82}\mpksl3ce45e39.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61f7480d-f7a3-49e7-9cd6-ef939d2fdd82}\MpKsl3ce45e39.sys [?]
S1 MpKsl3e299d49;MpKsl3e299d49;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a5eb5d-81b5-40a1-b653-52c8257b1132}\mpksl3e299d49.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73a5eb5d-81b5-40a1-b653-52c8257b1132}\MpKsl3e299d49.sys [?]
S1 MpKsl4148ff06;MpKsl4148ff06;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{840cb57f-736a-4e94-8b5d-899aab7d5e53}\mpksl4148ff06.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{840cb57f-736a-4e94-8b5d-899aab7d5e53}\MpKsl4148ff06.sys [?]
S1 MpKsl4f16a618;MpKsl4f16a618;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0fc2ed9-4534-4bf4-8505-ef6691771412}\mpksl4f16a618.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0fc2ed9-4534-4bf4-8505-ef6691771412}\MpKsl4f16a618.sys [?]
S1 MpKsl78cc8d49;MpKsl78cc8d49;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67b6c38a-6df4-4b1d-9b1b-61a1946e4a99}\mpksl78cc8d49.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67b6c38a-6df4-4b1d-9b1b-61a1946e4a99}\MpKsl78cc8d49.sys [?]
S1 MpKsl93d68306;MpKsl93d68306;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0fc2ed9-4534-4bf4-8505-ef6691771412}\mpksl93d68306.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0fc2ed9-4534-4bf4-8505-ef6691771412}\MpKsl93d68306.sys [?]
S1 MpKslcdeafe71;MpKslcdeafe71;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e84b-4758-4c77-b223-d8fb57f46a2e}\mpkslcdeafe71.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e84b-4758-4c77-b223-d8fb57f46a2e}\MpKslcdeafe71.sys [?]
S1 MpKsle24081d8;MpKsle24081d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dfaa29aa-c2ee-4ec7-90d0-7f347fbe2bb7}\mpksle24081d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dfaa29aa-c2ee-4ec7-90d0-7f347fbe2bb7}\MpKsle24081d8.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\ibm\desktop\vcdrom.sys --> c:\documents and settings\ibm\desktop\VCdRom.sys [?]
S2 AMService;AMService;c:\windows\temp\nbds\setup.exe run --> c:\windows\temp\nbds\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 135664]
S2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 135664]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva365;XDva365;\??\c:\windows\system32\xdva365.sys --> c:\windows\system32\XDva365.sys [?]
S3 XDva380;XDva380;c:\windows\system32\XDva380.sys [2011-5-3 76104]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2011-1-14 27904]
.
=============== Created Last 30 ================
.
2011-06-06 21:30:26 -------- d-----w- c:\program files\ESET
2011-06-03 12:18:52 -------- d-----w- c:\documents and settings\ben b\application data\DDMSettings
2011-06-03 09:09:20 -------- d-----w- c:\documents and settings\ben b\local settings\application data\Spotify
2011-06-03 09:09:20 -------- d-----w- c:\documents and settings\ben b\application data\Spotify
2011-06-03 08:46:51 -------- d-----w- c:\documents and settings\ben b\application data\SUPERAntiSpyware.com
2011-06-03 08:46:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-03 05:44:01 -------- d-----w- c:\documents and settings\ben b\local settings\application data\ConduitEngine
2011-06-03 05:44:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-03 05:44:00 -------- d-----w- c:\program files\ConduitEngine
2011-06-03 05:43:26 -------- d-----w- c:\documents and settings\ben b\application data\PriceGong
2011-06-03 05:43:17 -------- d-----w- c:\documents and settings\ben b\local settings\application data\Conduit
2011-06-03 05:42:00 -------- d-sh--w- c:\documents and settings\ben b\PrivacIE
2011-06-03 04:54:47 -------- d-----w- c:\documents and settings\ben b\application data\DriverCure
2011-06-03 04:54:45 -------- d-----w- c:\documents and settings\ben b\application data\ParetoLogic
2011-06-03 04:50:50 -------- d-----w- c:\program files\ParetoLogic
2011-06-03 03:27:08 -------- d-----w- c:\program files\DriverFinder
2011-06-03 03:26:47 -------- d-----w- c:\documents and settings\ben b\application data\DriverFinder
2011-06-03 03:23:27 -------- d-----w- c:\documents and settings\ben b\local settings\application data\AskToolbar
2011-06-03 03:23:25 -------- d-----w- c:\documents and settings\ben b\local settings\application data\Google
2011-06-03 03:22:58 -------- d-----w- c:\documents and settings\ben b\application data\Toolbar4
2011-06-03 03:22:49 -------- d-----w- c:\documents and settings\ben b\local settings\application data\uTorrentBar
2011-06-03 03:05:07 -------- d-----w- c:\documents and settings\ben b\local settings\application data\Mozilla
2011-06-03 03:04:13 -------- d-----w- c:\documents and settings\ben b\application data\AVG10
2011-06-03 03:03:17 -------- d-sh--w- c:\documents and settings\ben b\IETldCache
2011-06-03 02:18:03 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-06-02 12:11:24 -------- d-----w- c:\program files\common files\DivX Shared
2011-06-01 01:28:23 -------- d-----w- c:\program files\LucasArts
2011-06-01 01:27:46 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-06-01 01:27:46 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-06-01 01:27:46 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-06-01 01:27:46 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-06-01 01:27:43 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-05-24 17:59:14 40960 ----a-w- c:\windows\system32\eax.dll
2011-05-24 17:59:14 -------- d-----w- c:\program files\Creative Labs
2011-05-24 17:58:06 -------- d-----w- c:\program files\Eidos Interactive
2011-05-20 02:42:35 -------- d-----w- c:\program files\File Type Assistant
2011-05-20 02:40:07 -------- d-----w- c:\program files\Yahoo!
2011-05-20 02:40:05 -------- d-----w- c:\program files\Yontoo Layers Client
2011-05-20 02:40:02 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-05-20 02:39:57 -------- d-----w- c:\program files\Surf Canyon
2011-05-19 23:40:14 -------- d-----w- c:\program files\Square Soft, Inc
2011-05-19 13:14:36 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-05-19 13:14:36 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-05-18 01:24:35 -------- d-----w- C:\Games
2011-05-17 23:47:06 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-05-17 23:01:25 20 ----a-w- c:\windows\system32\ODBCJI32O.DLL
2011-05-17 02:04:48 -------- d-----w- c:\program files\Final Fantasy 8
2011-05-16 15:20:20 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-05-16 15:20:02 306688 ----a-w- c:\windows\IsUninst.exe
2011-05-16 01:26:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 22:01:42 -------- d-----w- c:\program files\Sony Online Entertainment
2011-05-15 16:12:36 -------- d-----w- C:\UnrealTournament
2011-05-15 00:09:39 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2011-05-15 00:09:39 17212 ----a-w- c:\windows\system32\SIntf32.dll
2011-05-15 00:09:39 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-05-15 00:03:15 94208 ----a-w- c:\windows\DIIUnin.exe
2011-05-15 00:03:15 2829 ----a-w- c:\windows\DIIUnin.pif
2011-05-15 00:01:08 -------- d-----w- c:\program files\Diablo II
2011-05-13 13:49:33 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-13 13:49:32 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-13 13:49:32 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-13 13:49:32 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-13 13:49:32 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-13 13:49:31 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-13 13:49:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-13 13:49:30 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-13 13:11:24 -------- d-----w- c:\program files\CCP
2011-05-09 19:53:37 0 ----a-w- c:\windows\DXT15.tmp
2011-05-09 19:53:37 0 ----a-w- c:\windows\DXT14.tmp
2011-05-09 19:53:37 0 ----a-w- c:\windows\DXT13.tmp
2011-05-09 19:53:37 0 ----a-w- c:\windows\DXT12.tmp
2011-05-09 19:53:37 -------- d-----w- c:\program files\directx
.
==================== Find3M ====================
.
2011-06-03 01:49:43 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-03 06:58:18 76104 ----a-w- c:\windows\system32\XDva380.sys
2011-05-03 03:41:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-03 03:41:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 19:41:20 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx
2011-04-28 23:38:27 258352 ----a-w- C:\unicows.dll
2011-04-28 23:37:57 28672 ----a-w- C:\JPGI.dll
2011-04-28 23:37:50 372736 ----a-w- C:\ijl15.dll
2011-04-23 19:59:11 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-23 19:59:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-23 19:58:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-31 07:27:48 720896 ----a-w- c:\windows\iun6002.exe
2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-14 14:13:39 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
.
============= FINISH: 0:22:20.01 ===============

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:39 PM

Posted 07 June 2011 - 02:42 PM

Good evening. :)

You have a couple of entries in your log that point to files on your PC that I would like to have checked - if they are still present.

Please go to Jotti's and click on the Browse... button at the top and navigate to the following files in turn, and then click on Submit:

c:\windows\iun6002.exe
c:\windows\DXT12.tmp
<- there may similarly named files in that folder, (DXT13, DXT14 etc...), so any one will do.

When all the scans have been completed, for each file in turn, please copy and paste the "Permalink" that you'll find in the "Jotti's malware scan" box in the upper left hand part of the page into your next reply.

If this site is busy, try VirusTotal: Click the Browse ... button, navigate to the file and double click it and then click the Send button.

You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here.
* These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after you have done.
*

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Will you also do the following:

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:39 PM

Posted 13 June 2011 - 02:00 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:39 PM

Posted 14 June 2011 - 01:19 PM

Please follow the instructions from the above but one post and let me have the appropriate info/logs.

So long, and thanks for all the fish.

 

 


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:39 PM

Posted 19 June 2011 - 01:35 PM

This topic is being closed for the second time due to a lack of response - it will remain closed this time.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users