Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
27 replies to this topic

#1 CA_2007

CA_2007

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 27 July 2011 - 03:22 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:23 PM, on 7/27/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\MSN Gaming Zone\Windows\CHKRZM.EXE"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C60782C-5521-4AFF-A994-2C0281E59CC1}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9cc3da20a781a) (gupdate1c9cc3da20a781a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)

--
End of file - 8230 bytes

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:50 PM

Posted 06 August 2011 - 01:32 PM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:50 PM

Posted 11 August 2011 - 08:46 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:50 PM

Posted 14 August 2011 - 10:45 AM

This topic has been re-opened at the request of the person who originally posted.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CA_2007

CA_2007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 14 August 2011 - 04:45 PM

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02
Run by bob at 23:53:31 on 2011-08-13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.sbc.com/dsl
mStart Page =
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = "c:\program files\msn gaming zone\windows\CHKRZM.EXE"
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [PDUiP6600DMon] c:\program files\canon\memory card utility\ip6600d\PDUiP6600DMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38031.7579398148
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{2C60782C-5521-4AFF-A994-2C0281E59CC1} : NameServer = 68.94.156.1,68.94.157.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\wdazdaru.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 gupdate1c9cc3da20a781a;Google Update Service (gupdate1c9cc3da20a781a);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-14 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
.
=============== File Associations ===============
.
JSEFile=notepad.exe "%1" %*
VBEFile=notepad.exe "%1" %*
VBSFile=notepad.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-08-03 19:50:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 23:23:51 388096 ----a-r- c:\documents and settings\bob\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-24 23:23:49 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
.
============= FINISH: 23:56:31.37 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2004 8:50:24 PM
System Uptime: 8/13/2011 2:34:33 PM (9 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1549
Processor: Intel® Pentium® 4 CPU 2.53GHz | Microprocessor | 2524/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 19.073 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP854: 5/17/2011 8:44:09 AM - System Checkpoint
RP855: 5/21/2011 8:59:27 AM - System Checkpoint
RP856: 5/22/2011 9:20:06 AM - System Checkpoint
RP857: 5/24/2011 1:12:15 PM - System Checkpoint
RP858: 5/26/2011 9:26:49 PM - System Checkpoint
RP859: 5/28/2011 9:10:21 AM - System Checkpoint
RP860: 6/1/2011 1:26:09 PM - System Checkpoint
RP861: 6/2/2011 8:45:41 PM - System Checkpoint
RP862: 6/4/2011 1:23:12 PM - System Checkpoint
RP863: 6/6/2011 7:20:11 AM - System Checkpoint
RP864: 6/10/2011 12:51:48 PM - System Checkpoint
RP865: 6/11/2011 4:31:34 PM - System Checkpoint
RP866: 6/13/2011 1:44:08 PM - System Checkpoint
RP867: 6/17/2011 7:29:18 AM - Software Distribution Service 3.0
RP868: 6/19/2011 11:18:01 AM - System Checkpoint
RP869: 6/20/2011 8:15:20 PM - System Checkpoint
RP870: 6/24/2011 8:31:42 AM - System Checkpoint
RP871: 7/1/2011 7:36:01 PM - System Checkpoint
RP872: 7/4/2011 9:18:14 PM - System Checkpoint
RP873: 7/7/2011 11:07:02 PM - System Checkpoint
RP874: 7/10/2011 9:16:46 AM - System Checkpoint
RP875: 7/12/2011 7:47:53 AM - System Checkpoint
RP876: 7/12/2011 10:48:45 PM - Software Distribution Service 3.0
RP877: 7/15/2011 7:42:29 AM - System Checkpoint
RP878: 7/16/2011 9:15:50 PM - System Checkpoint
RP879: 7/18/2011 9:44:15 PM - System Checkpoint
RP880: 7/20/2011 10:38:40 PM - System Checkpoint
RP881: 7/22/2011 9:40:44 PM - System Checkpoint
RP882: 7/24/2011 12:30:53 AM - System Checkpoint
RP883: 7/24/2011 4:23:45 PM - Installed HiJackThis
RP884: 7/30/2011 2:51:53 PM - System Checkpoint
RP885: 8/2/2011 1:49:32 PM - System Checkpoint
RP886: 8/6/2011 8:34:09 PM - System Checkpoint
RP887: 8/8/2011 9:41:27 PM - System Checkpoint
RP888: 8/10/2011 8:08:18 AM - Software Distribution Service 3.0
RP889: 8/11/2011 6:41:36 PM - System Checkpoint
RP890: 8/13/2011 11:12:46 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
AVG 2011
Axence NetTools Pro 4.0
Banctec Service Agreement
Broadcom Management Programs
BroadJump Client Foundation
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon iP6600D
Canon iP6600D Memory Card Utility
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner (remove only)
Conexant SmartHSFi V.9x 56K DF PCI Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Digital Line Detect
DS21Patch
Easy-WebPrint
eMusic - 50 Free MP3 offer
ERUNT 1.1j
FLV Player 1.3.3
Folder Lock
Google Earth
Google Update Helper
Google Updater
Help and Support Customization
HiJackThis
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 2
Learn2 Player (Uninstall Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
MovieEdit Task
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoStitch
Python 2.5.1
QuickTime
RAW Image Task 1.2
RealPlayer
RemoteCapture Task 1.1
SBC Yahoo! Applications
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SSH Secure Shell
TBS WMP Plug-in
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Media Player
WebCopier Pro
WebFldrs XP
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinSCP 3.7.6
WinZip 14.5
WordPerfect Office 11
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/9/2011 9:20:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
8/8/2011 9:34:28 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
.
==== End Of File ===========================

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-14 08:39:25
-----------------------------
08:39:25.125 OS Version: Windows 5.1.2600 Service Pack 2
08:39:25.125 Number of processors: 1 586 0x209
08:39:25.125 ComputerName: D99GM649 UserName: bob
08:39:32.296 Initialize success
08:40:11.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:40:11.859 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
08:40:13.890 Disk 0 MBR read successfully
08:40:13.890 Disk 0 MBR scan
08:40:13.890 Disk 0 Windows XP default MBR code
08:40:13.890 Disk 0 scanning sectors +78156225
08:40:13.968 Disk 0 scanning C:\WINDOWS\system32\drivers
08:40:47.437 Service scanning
08:40:48.281 Modules scanning
08:40:48.375 Disk 0 trace - called modules:
08:40:48.406 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:40:48.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x833a8030]
08:40:48.406 3 CLASSPNP.SYS[f751205b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8339e4e0]
08:40:48.406 Scan finished successfully
08:41:27.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bob\Desktop\MBR.dat"
08:41:27.656 The log file has been saved successfully to "C:\Documents and Settings\bob\Desktop\aswMBR.txt"

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:50 PM

Posted 14 August 2011 - 05:08 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CA_2007

CA_2007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 14 August 2011 - 06:04 PM

Bleepin' curls!, thank you for your fast reply! I was just wondering: are you recommending ComboFix because you did spot a problem in my posted log files?

Thank you,
CA_2007

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:50 PM

Posted 14 August 2011 - 06:11 PM

there are indicators of some minor adware, orphaned files and some event log errors that need further investigating

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 CA_2007

CA_2007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 15 August 2011 - 12:20 AM

Bleepin' curls!,

First off, it might be important: the reason I started the topic is because my Firefox browser had been crashing every time I tried to use Google maps. It started a happening a couple of weeks ago.

Now I have run ComboFix, as you requested, including installing Recovery console. Unfortunately I got the Blue Screen of Death. It basically said: Plug and Play detected an error most likely caused by a faulty driver. At the bottom of the screen there was "technical information" - some hexadecimal addresses (?). I am wondering if the crash was caused by AVG. I mean, I disabled AVG before I started ComboFix, but it could have kicked back in after 15 minutes - I am not sure as I wasn't watching the scan. Anyway, I have restarted my PC now and examined the C: drive. I see that it has a new ComboFix folder which seems to have a copy of all my system.

So what should I do now? Try to run ComboFix again? BTW, should I also disable the Microscoft FireWall, like I did for DDS, or it doesn't matter?

Thanks!

CA_2007

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:50 PM

Posted 15 August 2011 - 07:59 AM

AVG does appear to be causing problems on your system.

Try uninstalling it completely (you can install another AV for the time being until we are certain you are completely clean, install Microsoft Security Essentials for now: http://www.microsoft.com/security_essentials/)


After uninstalling through Add/Remove programs please use the AVG removal tool:
http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe


The folder that you describe for ComboFix does indeed mean it's run was interrupted, probably from AVG that does not like ComboFix.

so please delete the ComboFix icon from your desktop and download a fresh copy and rerun it


the windows firewall shouldn't make a difference, but turn it off just to be cautious.

ComboFix

Edited by CatByte, 15 August 2011 - 07:59 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CA_2007

CA_2007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 17 August 2011 - 01:10 AM

ComboFix 11-08-16.05 - bob 08/16/2011 19:44:18.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.199 [GMT -7:00]
Running from: c:\documents and settings\bob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\bob\Local Settings\Temporary Internet Files\fbk.sts
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 02:21 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-17 02:21 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-17 02:21 . 2011-08-17 02:21 -------- d-----w- c:\windows\LastGood
2011-08-17 02:21 . 2011-08-17 02:21 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{012766EA-8A5D-4C8E-B696-5793E04B199D}\MpKslb54b2726.sys
2011-08-16 20:58 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{012766EA-8A5D-4C8E-B696-5793E04B199D}\mpengine.dll
2011-08-16 20:57 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-16 06:13 . 2011-08-16 06:14 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-03 19:50 . 2011-08-03 19:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 23:23 . 2011-07-24 23:23 388096 ----a-r- c:\documents and settings\bob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-24 23:23 . 2011-07-24 23:23 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-01-26 77824]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 118784]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"PDUiP6600DMon"="c:\program files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-08 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkzNzA5ODY2LVQxNS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtVEI5KzItRkwrOS1RSVgxKzQtRjEwTTEwRCsyLUxJQysyMi1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1YMjAxMCsyLUZMMTArMS1UVUcrMy1ERFQrMC1MU0QrMg&prod=90&ver=10.0.1392" [?]
.
c:\documents and settings\bob\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Axence\\NetTools\\4.0\\NetTools.exe"=
.
R1 MpKslb54b2726;MpKslb54b2726;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{012766EA-8A5D-4C8E-B696-5793E04B199D}\MpKslb54b2726.sys [8/16/2011 7:21 PM 28752]
S2 gupdate1c9cc3da20a781a;Google Update Service (gupdate1c9cc3da20a781a);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 3:22 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 3:22 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB54B2726
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 22:17]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 22:21]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 22:21]
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
mStart Page =
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = "c:\program files\MSN Gaming Zone\Windows\CHKRZM.EXE"
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: Interfaces\{2C60782C-5521-4AFF-A994-2C0281E59CC1}: NameServer = 68.94.156.1,68.94.157.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\bob\Application Data\Mozilla\Firefox\Profiles\wdazdaru.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
JSEFile=notepad.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sonic RecordNow! - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-HijackThis - c:\docume~1\bob\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 20:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078C5B62435E45"
"lr"="078C6D65415F52"
.
Completion time: 2011-08-16 20:16:09
ComboFix-quarantined-files.txt 2011-08-17 03:16
.
Pre-Run: 20,505,415,680 bytes free
Post-Run: 21,995,298,816 bytes free
.
- - End Of File - - 455D18006B293D07D60F80E40CBFEBCD

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:50 PM

Posted 17 August 2011 - 04:37 AM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT



Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CA_2007

CA_2007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 17 August 2011 - 11:43 PM

CatByte,

The ESET link is not working. When I click on it, I get a page that reads:

"Something went terribly wrong and we had to show you this page, sorry.
Don't panic, there are worse things than this... This is just an error."

Please advise.

CA_2007

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:50 PM

Posted 18 August 2011 - 04:39 AM

That is down for some reason, hopefully it will be back up later, I get the same message, but I was able to find the page for the on-line scanner, by pressing the link for "home" then "on-line scanner"

http://go.eset.com/us/online-scanner

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CA_2007

CA_2007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 18 August 2011 - 03:10 PM

ComboFix 11-08-16.05 - bob 08/17/2011 7:26.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.199 [GMT -7:00]
Running from: c:\documents and settings\bob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bob\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\messenger\msmsgsin.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\rnaph.dll
c:\windows\wiaserviv.log
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 14:11 . 2011-08-17 14:11 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26ED7105-C6C8-42DA-B5CE-3DDA18A2FBA7}\MpKsl4c3d51a5.sys
2011-08-17 14:11 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26ED7105-C6C8-42DA-B5CE-3DDA18A2FBA7}\mpengine.dll
2011-08-17 02:21 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-17 02:21 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-08-16 20:57 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-16 06:13 . 2011-08-16 06:14 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-03 19:50 . 2011-08-03 19:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 23:23 . 2011-07-24 23:23 388096 ----a-r- c:\documents and settings\bob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-24 23:23 . 2011-07-24 23:23 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-01-26 77824]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 118784]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"PDUiP6600DMon"="c:\program files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-08 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkzNzA5ODY2LVQxNS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtVEI5KzItRkwrOS1RSVgxKzQtRjEwTTEwRCsyLUxJQysyMi1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1YMjAxMCsyLUZMMTArMS1UVUcrMy1ERFQrMC1MU0QrMg&prod=90&ver=10.0.1392" [?]
.
c:\documents and settings\bob\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Axence\\NetTools\\4.0\\NetTools.exe"=
.
R1 MpKsl4c3d51a5;MpKsl4c3d51a5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{26ED7105-C6C8-42DA-B5CE-3DDA18A2FBA7}\MpKsl4c3d51a5.sys [8/17/2011 7:11 AM 28752]
S2 gupdate1c9cc3da20a781a;Google Update Service (gupdate1c9cc3da20a781a);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 3:22 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2009 3:22 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL14334FF7
*NewlyCreated* - MPKSL4C3D51A5
*Deregistered* - MpKsl14334ff7
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 22:17]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 22:21]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 22:21]
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
mStart Page =
uInternet Connection Wizard,ShellNext = "c:\program files\MSN Gaming Zone\Windows\CHKRZM.EXE"
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: Interfaces\{2C60782C-5521-4AFF-A994-2C0281E59CC1}: NameServer = 68.94.156.1,68.94.157.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\bob\Application Data\Mozilla\Firefox\Profiles\wdazdaru.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 07:39
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]
"fr"="078C5B62435E45"
"lr"="078C6D65415F52"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2011-08-17 07:42:16
ComboFix-quarantined-files.txt 2011-08-17 14:42
ComboFix2.txt 2011-08-17 03:16
.
Pre-Run: 21,875,019,776 bytes free
Post-Run: 21,860,335,616 bytes free
.
- - End Of File - - A1244FBBFD4FB79F1542347EEE459B78





Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7497

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/17/2011 8:40:07 PM
mbam-log-2011-08-17 (20-40-06).txt

Scan type: Quick scan
Objects scanned: 182157
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





ESETSCAN.txt:

C:\Documents and Settings\bob\Application Data\Sun\Java\Deployment\cache\6.0\32\5710f7a0-7cee6176 multiple threats
C:\Documents and Settings\bob\Application Data\Sun\Java\Deployment\cache\6.0\42\3052e2aa-11ec0336 a variant of Java/Exploit.Agent.NAC trojan
C:\Documents and Settings\bob\Desktop\smitRem\Process.exe Win32/PrcView application
C:\Downloads\smitRem.exe Win32/PrcView application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP891\A0075706.exe a variant of Win32/AdInstaller application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users