Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 musicaf

musicaf

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 23 August 2012 - 08:51 AM

Hi,

I use Windows 7
I have the redirecting virus problem when using the search engine.
I have already download Combofix.
I ran Combofix, but it mentioned that AVG Anti Virus still active in my computer, even though I have already disable the AVG.

What should I do?

Thank you very much.

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:14 AM

Posted 26 August 2012 - 12:25 PM

Hello and welcome to BleepingComputer! :)



I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce.


As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us.

If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature).
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.



Please generate another DDS log (download it from http://download.bleepingcomputer.com/sUBs/dds.com'>here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.



Thank you very much for your patience.




Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 musicaf

musicaf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 27 August 2012 - 01:37 PM

Hi Elle,

Thank you for your reply.
What is DOS Log? How can I know that my computer already has DOS Log?

Regards,

#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:14 AM

Posted 27 August 2012 - 04:32 PM

Hi there,



DDS is a tool meant to help us see what is wrong with your system. Please download the file by clicking here and run it by double-clicking it.

After the scan is done, it should produce two logs. Please copy/paste them both within your next reply.





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 musicaf

musicaf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 27 August 2012 - 11:18 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by Windows_7 at 11:09:01 on 2012-08-28
Microsoft Windows 7 Ultimate 6.1.7600.0.874.66.1033.18.3063.1494 [GMT 7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\nalserv.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\GT4T Professional Edition\gt4t.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\Windows_7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Windows_7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Windows_7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Windows_7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Windows_7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=41648006&gct=hp
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
mURLSearchHooks: H - No File
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [protect_autorun] c:\users\windows_7\desktop\CPE17AntiAutorun1330.exe /start
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Google Translate for Translators] c:\program files\gt4t professional edition\gt4t.exe -silent
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\window~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sdlmul~1.lnk - c:\program files\sdl\sdl multiterm\multiterm9\MultiTerm Widget.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B598BD77-E89D-47CA-A17F-C8BB8732CC93} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\windows_7\appdata\roaming\mozilla\firefox\profiles\rr0gfkk9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66604
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf7f9f54e-402f-403f-bea5-ebc39aa2ecc2%7D&mid=5f3caa82b65d47d19b710ea6a2c2c395-cbcdb3d54a3842cb2a28b7d5724a122d6d7c80b2&ds=AVG&v=11.1.0.12&lang=us&pr=fr&d=2011-12-08%2018%3A53%3A04&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\pc tools\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - component: c:\users\windows_7\appdata\roaming\mozilla\firefox\profiles\rr0gfkk9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\windows_7\appdata\roaming\mozilla\firefox\profiles\rr0gfkk9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\windows_7\appdata\roaming\mozilla\firefox\profiles\rr0gfkk9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\windows_7\appdata\roaming\mozilla\firefox\profiles\rr0gfkk9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\windows_7\appdata\roaming\mozilla\firefox\profiles\rr0gfkk9.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\windows_7\appdata\roaming\mozilla\firefox\profiles\rr0gfkk9.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Freecorder YouTube Download Wizard: ytvdw@pgport.com - %profile%\extensions\ytvdw@pgport.com
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\avg secure search\11.1.0.12
FF - Ext: Browser Guard Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools\pc tools security\bdt\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/09 05:28:57];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-8-20 575448]
R2 NalServ;Nalpeiron Control Service;c:\windows\system32\nalserv.exe [2012-4-5 135168]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-8-22 66560]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-9-28 236136]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2010-10-8 238248]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-12 41088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-10-15 105576]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192ce.sys [2011-5-17 854632]
S2 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-19 167264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-7-1 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-4 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-11 50688]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-8-20 70768]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-9 27192]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-28 03:56:23 -------- d-----w- c:\users\windows_7\appdata\local\{DD4CA185-0359-4E4D-A290-C37024DF1BBC}
2012-08-27 14:51:29 -------- d-----w- c:\users\windows_7\appdata\local\{362B6D82-F41F-4B1F-A603-1A26FF375B37}
2012-08-27 02:51:04 -------- d-----w- c:\users\windows_7\appdata\local\{9A382745-8944-4139-B8A2-82A5AAD8A3BB}
2012-08-26 08:10:07 -------- d-----w- c:\users\windows_7\appdata\local\{B8313F3B-A72C-469B-9E44-69BFDF51F8E7}
2012-08-25 07:53:45 -------- d-----w- c:\users\windows_7\appdata\local\{64C5704E-48B7-4B32-A4F9-0F158ED91F86}
2012-08-24 02:45:34 -------- d-----w- c:\users\windows_7\appdata\local\{2DF062DA-BB94-42B3-A01E-25B92BD13FA3}
2012-08-23 17:38:03 -------- d-----w- c:\users\windows_7\appdata\local\{E3623B6F-D906-4F31-A847-3BF9AC055016}
2012-08-23 14:08:52 -------- d-s---w- C:\ComboFix
2012-08-23 05:16:26 -------- d-----w- c:\users\windows_7\appdata\local\{C8C6265D-EAFB-4C16-A4CB-4F69B2B5FB94}
2012-08-22 02:57:27 -------- d-----w- c:\users\windows_7\appdata\local\{42EF5865-F0FB-4460-A74A-C56FC911E42D}
2012-08-21 17:05:15 -------- d-----w- c:\users\windows_7\appdata\local\Threat Expert
2012-08-21 12:32:36 -------- d-----w- c:\users\windows_7\appdata\local\{A0A49DE2-F4D2-448E-B924-A3A70B9F126F}
2012-08-21 00:30:17 -------- d-----w- c:\users\windows_7\appdata\local\{2A7C6BCA-BA6E-4783-84A8-712E6F343159}
2012-08-20 09:28:20 98816 ----a-w- c:\windows\sed.exe
2012-08-20 09:28:20 518144 ----a-w- c:\windows\SWREG.exe
2012-08-20 09:28:20 256000 ----a-w- c:\windows\PEV.exe
2012-08-20 09:28:20 208896 ----a-w- c:\windows\MBR.exe
2012-08-20 06:46:18 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-08-20 06:46:17 767960 ----a-w- c:\windows\BDTSupport.dll
2012-08-20 06:46:17 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-08-20 06:46:17 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-08-20 06:46:17 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-08-20 06:45:34 -------- d-----w- c:\program files\PC Tools
2012-08-20 06:40:32 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-08-20 06:40:32 -------- d-----w- c:\program files\common files\PC Tools
2012-08-20 06:40:15 -------- d-----w- c:\users\windows_7\appdata\roaming\TestApp
2012-08-20 06:40:15 -------- d-----w- c:\programdata\PC Tools
2012-08-20 05:05:02 -------- d-----w- c:\users\windows_7\appdata\local\{EC33485D-3DC6-494F-8EEE-83F866A0C142}
2012-08-19 17:04:37 -------- d-----w- c:\users\windows_7\appdata\local\{07C76CCE-06AA-4387-A642-934DDF964965}
2012-08-19 02:28:34 -------- d-----w- c:\users\windows_7\appdata\local\{798CAF24-AA0F-4A6C-A52B-D8171B745357}
2012-08-18 16:43:42 -------- d-----w- c:\users\windows_7\appdata\local\{0FA7AA12-14FD-40B3-8F50-CCB7C6A3C0D3}
2012-08-18 16:43:31 -------- d-----w- c:\users\windows_7\appdata\local\{1E1CEF16-4872-4D60-B846-DC46FCA2B00E}
2012-08-18 06:17:36 -------- d-----w- c:\users\windows_7\appdata\local\{E9F88FDA-632E-45BC-8E7E-5C3ED2F22FD1}
2012-08-18 06:17:24 -------- d-----w- c:\users\windows_7\appdata\local\{3769D993-60B2-4125-B719-7343073DD492}
2012-08-17 19:01:49 -------- d-----w- c:\users\windows_7\appdata\local\{E68286D3-BEC9-4F96-BE31-71E826E9B7F7}
2012-08-17 19:01:37 -------- d-----w- c:\users\windows_7\appdata\local\{8BC24A83-C3CC-4C6A-831C-C22DB9C3D0E1}
2012-08-17 16:54:50 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-08-17 16:54:50 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-17 16:48:17 -------- d-----w- c:\users\windows_7\appdata\local\conduitEngine
2012-08-17 16:46:21 -------- d-----w- c:\users\windows_7\appdata\local\Jaksta_Technologies_Pty_L
2012-08-17 16:45:25 -------- d-----w- c:\users\windows_7\appdata\roaming\Replay Media Catcher 4
2012-08-17 16:45:25 -------- d-----w- c:\programdata\Applian
2012-08-17 16:38:54 -------- d-----w- c:\program files\Applian Technologies
2012-08-17 16:37:53 -------- d-----w- c:\users\windows_7\appdata\local\APN
2012-08-17 16:35:17 -------- d-----w- c:\users\windows_7\appdata\roaming\PriceGong
2012-08-17 16:35:01 -------- d-----w- c:\users\windows_7\appdata\local\Freecorder
2012-08-17 03:45:37 -------- d-----w- c:\users\windows_7\appdata\local\{05107255-CE86-408D-B643-CF98FDA48C36}
2012-08-17 03:45:25 -------- d-----w- c:\users\windows_7\appdata\local\{0AFFD883-C7F0-4361-8228-80A472B148E3}
2012-08-16 23:52:06 -------- d-----w- c:\users\windows_7\appdata\local\{B5DF5108-E703-415D-AD69-43DAD07A6FCB}
2012-08-16 23:51:54 -------- d-----w- c:\users\windows_7\appdata\local\{97F8F424-5240-4049-9801-1540D5F248AC}
2012-08-16 00:19:08 -------- d-----w- c:\users\windows_7\appdata\local\{7E01B9F6-F303-4A1A-9756-8D8491082619}
2012-08-16 00:18:56 -------- d-----w- c:\users\windows_7\appdata\local\{A1448E7F-D81A-4EAA-B4DA-2E372B1A1EEA}
2012-08-15 03:57:22 -------- d-----w- c:\users\windows_7\appdata\local\{9D081647-629C-4E97-A111-44BD7615732D}
2012-08-15 03:56:49 -------- d-----w- c:\users\windows_7\appdata\local\{E1040C07-BCBB-411F-B657-866DC1B2C340}
2012-08-14 19:43:40 -------- d-----w- c:\users\windows_7\appdata\local\{574D9B06-9A61-47B1-8362-9A8D8BA92920}
2012-08-14 19:43:28 -------- d-----w- c:\users\windows_7\appdata\local\{ED6ACBB6-22B5-4A52-BEEC-E6E3320EA57B}
2012-08-14 06:04:59 -------- d-----w- c:\users\windows_7\appdata\local\{C94CC664-3727-4F0E-9A5D-328C94668FC6}
2012-08-14 06:04:47 -------- d-----w- c:\users\windows_7\appdata\local\{54133A71-5531-4C01-80A5-D35141E8AEDB}
2012-08-13 23:23:48 -------- d-----w- c:\users\windows_7\appdata\local\{AFC5FE30-3F87-4E20-849E-6FEA53594578}
2012-08-13 23:23:36 -------- d-----w- c:\users\windows_7\appdata\local\{A3FD998E-E82E-49BC-A68F-B35FB6A0C3BB}
2012-08-13 07:55:51 -------- d-----w- c:\users\windows_7\appdata\local\{AEA0B884-EE2F-4B88-8C70-D5C24A9D9D3E}
2012-08-13 07:55:42 -------- d-----w- c:\users\windows_7\appdata\local\{8BF2072A-3002-49E0-B35E-B85F57CC699B}
2012-08-13 06:35:32 5115584 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-08-12 16:10:17 -------- d-----w- c:\users\windows_7\appdata\local\{A5024CBF-D495-464F-953C-887523B2CFE0}
2012-08-12 16:10:08 -------- d-----w- c:\users\windows_7\appdata\local\{7B04F956-9AAE-4641-8957-0D0C86DE61AE}
2012-08-11 16:51:12 -------- d-----w- c:\users\windows_7\appdata\local\{D831C6A8-A5AD-4A47-8307-0A78C19B6B25}
2012-08-11 16:51:00 -------- d-----w- c:\users\windows_7\appdata\local\{C9981C51-DCB1-4E5A-9700-7FC690DC0F50}
2012-08-11 01:54:32 -------- d-----w- c:\users\windows_7\appdata\local\{248AAAB2-B3A7-44D5-BC10-FBFC3ECCC427}
2012-08-11 01:54:20 -------- d-----w- c:\users\windows_7\appdata\local\{689A261B-4177-4FCD-93A1-5E0FAF6F9FEC}
2012-08-10 07:42:41 -------- d-----w- c:\users\windows_7\appdata\local\{2E4D5D30-A28B-486C-A296-3AC2980FC436}
2012-08-10 07:42:29 -------- d-----w- c:\users\windows_7\appdata\local\{27DB6A4B-D3B3-4C95-B44B-1E7DDB79B158}
2012-08-10 01:12:39 -------- d-----w- c:\users\windows_7\appdata\local\{D72980CD-D80F-45A2-8B09-1534B3A99332}
2012-08-10 01:12:27 -------- d-----w- c:\users\windows_7\appdata\local\{125EC841-5BD1-476E-9740-94A89E8DC46F}
2012-08-09 06:23:10 -------- d-----w- c:\users\windows_7\appdata\local\{6943DF3C-D9BB-4F9B-91E7-4205D6691964}
2012-08-09 06:22:57 -------- d-----w- c:\users\windows_7\appdata\local\{9009BBB9-88B0-4A89-91C8-EF5AC2D1CEA1}
2012-08-09 00:45:24 -------- d-----w- c:\users\windows_7\appdata\local\{E655212B-CEC7-4635-8F36-C50CD64D05EF}
2012-08-09 00:45:12 -------- d-----w- c:\users\windows_7\appdata\local\{A29BC4C8-7A16-41E9-BEDD-D46E44130898}
2012-08-08 03:56:50 -------- d-----w- c:\users\windows_7\appdata\local\{5D1103A6-DFA4-416D-BD22-BD0331BEF8CC}
2012-08-08 03:56:38 -------- d-----w- c:\users\windows_7\appdata\local\{39C67680-4F9D-413E-A26A-E078DFC249E7}
2012-08-07 23:42:53 -------- d-----w- c:\users\windows_7\appdata\local\{D8C62C64-0F75-4CA7-AE33-94E21CB115F3}
2012-08-07 23:42:41 -------- d-----w- c:\users\windows_7\appdata\local\{7B1E0ED7-12D0-4EC7-8EEC-D01D308C3804}
2012-08-07 05:42:19 135168 --sha-r- c:\windows\system32\btpanuif.dll
2012-08-07 01:38:03 -------- d-----w- c:\users\windows_7\appdata\local\{0211DCF0-7380-4FA9-843C-9EEA727618A7}
2012-08-07 01:37:51 -------- d-----w- c:\users\windows_7\appdata\local\{9E68A3BD-85B2-40BA-807C-6967DB4A4315}
2012-08-06 04:07:22 -------- d-----w- c:\users\windows_7\appdata\local\{EBA3B611-2162-456B-B57F-55E885A281DF}
2012-08-06 04:07:08 -------- d-----w- c:\users\windows_7\appdata\local\{773CE1E1-AC8E-4934-97D8-79D807FCB6E5}
2012-08-04 12:43:07 -------- d-----w- c:\users\windows_7\appdata\local\{2F81AC8A-D903-4880-8347-9E85D07B3FAB}
2012-08-04 12:42:34 -------- d-----w- c:\users\windows_7\appdata\local\{92118D05-E55B-44D3-97EF-47203E7EE5CC}
2012-08-04 03:19:29 -------- d-----w- c:\users\windows_7\appdata\local\{F79D1E6B-48C3-4BC1-9FDF-EBE92AE398F4}
2012-08-04 03:19:17 -------- d-----w- c:\users\windows_7\appdata\local\{3E2ACF55-7096-4159-868A-A84050856488}
2012-08-03 01:11:04 -------- d-----w- c:\users\windows_7\appdata\local\{A48E95F5-8EBB-4C1D-AF3C-6799CFA8F50D}
2012-08-03 01:10:52 -------- d-----w- c:\users\windows_7\appdata\local\{6A0A274D-A2F0-4EC9-9E82-62F012361273}
2012-08-02 01:16:55 -------- d-----w- c:\users\windows_7\appdata\local\{2F79CC89-3635-4B70-B7FC-D0058036892B}
2012-08-02 01:16:44 -------- d-----w- c:\users\windows_7\appdata\local\{045D92DC-7D40-40E1-9F77-55D75061B69F}
2012-08-01 04:46:14 -------- d-----w- c:\users\windows_7\appdata\local\{24F256E6-A6E1-4E96-9216-0C929CECBBF2}
2012-08-01 04:46:02 -------- d-----w- c:\users\windows_7\appdata\local\{BB58BFAC-F0F1-4B15-A963-8B900EF280BB}
2012-07-31 01:07:56 -------- d-----w- c:\users\windows_7\appdata\local\{FE5D0FDC-6C32-4121-BC5C-1F07C4664B98}
2012-07-31 01:07:45 -------- d-----w- c:\users\windows_7\appdata\local\{4D96C9BC-7BAE-4735-89AD-1DDA8DC9F09E}
2012-07-30 07:16:19 -------- d-----w- c:\users\windows_7\appdata\local\{868EB79D-FE73-415A-9C5A-946E78455F24}
2012-07-30 07:16:07 -------- d-----w- c:\users\windows_7\appdata\local\{25BC67B7-F327-4B22-AE61-42851096E76B}
2012-07-29 13:54:32 -------- d-----w- c:\users\windows_7\appdata\local\{6A94B51D-4EFF-4C62-A649-6D72BA45BD37}
2012-07-29 13:54:18 -------- d-----w- c:\users\windows_7\appdata\local\{AC0EB67E-CE44-4546-8AA2-4103A9274335}
.
==================== Find3M ====================
.
2012-08-15 04:25:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 04:25:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 06:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 11:09:31.86 ===============

Edited by musicaf, 27 August 2012 - 11:21 PM.


#6 musicaf

musicaf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 27 August 2012 - 11:22 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/4/2010 12:46:20 PM
System Uptime: 8/28/2012 10:55:29 AM (1 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 235 GiB total, 195.83 GiB free.
D: is FIXED (NTFS) - 696 GiB total, 689.347 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ACDSee Pro 3
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Assistant
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InCopy CS5.5
Adobe Linguistics CS4
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.4)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Audacity 1.3.13 (Unicode)
AVG 2011
Bing Bar
Bing Bar Platform
Bonjour
Browser Guard 4.0
CamStudio OSS Desktop Recorder
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
Connect
CutePDF Writer 2.8
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
File Type Assistant
FinalTorrent 2011
FormatFactory 2.70
Freecorder 2.3 (with Skype Call Recording)
Freecorder 4
Freecorder Toolbar
FreeTorrentViewer
GOM Player
Google Chrome
GoToMeeting 5.0.0.799
GT4T Suite version 4.28
HP Integrated Module with Bluetooth wireless technology
iCloud
Intel® Management Engine Components
Intel® Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 25
Junk Mail filter update
K-Lite Codec Pack 4.9.0 (Full)
kuler
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Thai) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Thai) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Thai) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Thai) 2010
Microsoft Office Language Pack 2010 - Thai/ไทย
Microsoft Office O MUI (Thai) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Thai) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Thai) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Thai) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Thai) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Thai) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Thai) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Thai) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Thai) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Thai) 2010
Microsoft Office X MUI (Thai) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 2.0 SP3 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox (3.6.8)
MSVCRT
Nero 7 Premium
Network Recording Player
NVIDIA 3D Vision Controller Driver
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Open XML SDK 2.0 for Microsoft Office
PDF Settings CS4
Photoshop Camera Raw
Professional Tag Editor
QuickTime
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Revo Uninstaller Pro 2.2.0
Safari
Scribus 1.4.0.rc6
SDL MultiTerm 2011 SP2 - Remove suite of products
SDL MultiTerm 2011 SP2 Administrator
SDL MultiTerm 2011 SP2 Convert
SDL MultiTerm 2011 SP2 Core
SDL MultiTerm 2011 SP2 Desktop
SDL MultiTerm 2011 SP2 Widget
SDL MultiTerm 2011 SP2 Word Integration
SDL Passolo Essential 2011 SP6
SDL Trados 2011 SP2 - Remove suite of products
SDL Trados Compatibility module
SDL Trados Studio 2011 SP2
SDLX
SDLX Translation Suite 2004 Build 11 [Full-Version]
Skype Click to Call
Skype? 5.8
Suite Shared Configuration CS4
Winamp (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/28/2012 11:09:21 AM, Error: Service Control Manager [7003] - The PC Tools Browser Defender Driver service depends the following service: PCTCore. This service might not be installed.
8/28/2012 10:55:50 AM, Error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/28/2012 10:55:50 AM, Error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/28/2012 10:55:50 AM, Error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/28/2012 10:55:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG Security Toolbar Service service to connect.
8/28/2012 10:55:48 AM, Error: Service Control Manager [7000] - The AVG Security Toolbar Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2012 8:27:36 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:14 AM

Posted 28 August 2012 - 12:41 PM

Hi there,


Thank you very much for the logs.


Also, please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 musicaf

musicaf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 28 August 2012 - 09:19 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-29 09:18:15
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3FE
Running: 3f2flxj1.exe; Driver: C:\Users\WINDOW~1\AppData\Local\Temp\uwtoquog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x937F47A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x937F4848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x937F48E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x937F4980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83C89579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83CADF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 83CB59E8 4 Bytes [A0, 47, 7F, 93]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 83CB5CB8 4 Bytes [48, 48, 7F, 93] {DEC EAX; DEC EAX; JG 0xffffffffffffff97}
.text ntkrnlpa.exe!RtlSidHashLookup + 7BD 83CB5CBD 3 Bytes [48, 7F, 93] {DEC EAX; JG 0xffffffffffffff96}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 83CB5D2C 4 Bytes [80, 49, 7F, 93] {OR BYTE [ECX+0x7f], 0x93}
.text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0x9F96C000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0x9F98F050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!free 75669894 5 Bytes JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!malloc 75669CEE 5 Bytes JMP 0A93BED0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!??3@YAXPAX@Z 7566B0B9 5 Bytes JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!??2@YAPAXI@Z 7566B0C9 5 Bytes JMP 0A93C140 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!realloc 7566B10D 5 Bytes JMP 0A93BF50 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!calloc 7566C456 5 Bytes JMP 0A93BF10 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_msize 7566F43B 5 Bytes JMP 0A93BF70 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_aligned_free 75685942 5 Bytes JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_aligned_malloc 7569028D 5 Bytes JMP 0A93C080 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_aligned_offset_malloc 756902A9 5 Bytes JMP 0A93C0A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 756BBFC9 5 Bytes JMP 0A93C1D0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_aligned_offset_realloc 756BBFD9 5 Bytes JMP 0A93C0E0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_aligned_realloc 756BC163 5 Bytes JMP 0A93C0C0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_expand 756BC182 5 Bytes JMP 0A93C060 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_heapadd 756BDCFB 5 Bytes JMP 0A93C220 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_heapchk 756BDD0F 5 Bytes JMP 0A93C230 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_heapset + 1 756BDE0E 4 Bytes JMP 0A93C251 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_heapmin 756BDE17 5 Bytes JMP 0A93C320 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_heapused 756BDEFD 5 Bytes JMP 0A93C2F0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[3964] msvcrt.dll!_heapwalk 756BDF10 5 Bytes JMP 0A93C260 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1932] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1932] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1932] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1932] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1932] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1932] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[1988] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[1988] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[1988] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[1988] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[1988] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe[1988] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F55D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B8250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B82494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B65624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B78573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B74D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B78819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B7907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B7E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2092] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B74C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bae9533
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61636f7
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158b87edb
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bae9533 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61636f7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158b87edb (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{33234745-F971-11DE-9047-806E6F6E6963} 9372774688

---- EOF - GMER 1.0.15 ----

#9 musicaf

musicaf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 28 August 2012 - 09:27 PM

Hi Elle,

I can only temporarily disable AVG Protection for 15 min.
I am not sure the AVG was enable while the Gmer was running.

Regards,

#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:14 AM

Posted 30 August 2012 - 12:18 PM

Hi there,




Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.




===============================================================================================================



We shall use ComboFix now, supervised.

Please download ComboFix from one of these locations:
  • Bleepingcomputer
    ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.







Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 musicaf

musicaf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 31 August 2012 - 05:25 AM

Hi,

What should I do?
I ran the Combofix after disable the AVG 2011, but there was the message box as follows,

ComboFix has detected the following real time scanner to be active:

antivirus: AVG Anti-Virus Free Edition 2011
anitspyware: AVG Anti-Virus Free Edition 2011

Antivirus and intrusion prevention programs are known to interfere with ComboFixs running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking OK.

#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:14 AM

Posted 31 August 2012 - 03:28 PM

Hello there,


Please continue the process, if you disabled the Antivirus program it should be safe now.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 musicaf

musicaf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 31 August 2012 - 04:29 PM

ComboFix 12-08-31.02 - Windows_7 09/01/2012 4:21.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.874.66.1033.18.3063.2072 [GMT 7:00]
Running from: c:\users\Windows_7\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Windows_7\AppData\Roaming\PriceGong
c:\users\Windows_7\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Windows_7\g2mdlhlpx.exe
c:\windows\7Loader.TAG
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 21:25 . 2012-08-31 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 17:05 . 2012-08-21 17:05 -------- d-----w- c:\users\Windows_7\AppData\Local\Threat Expert
2012-08-20 06:46 . 2012-06-22 04:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-08-20 06:46 . 2012-06-22 04:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-08-20 06:46 . 2012-06-22 04:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-08-20 06:46 . 2012-06-22 04:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-08-20 06:46 . 2012-06-22 04:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-08-20 06:45 . 2012-08-20 06:45 -------- d-----w- c:\program files\PC Tools
2012-08-20 06:40 . 2012-08-21 00:35 -------- d-----w- c:\program files\Common Files\PC Tools
2012-08-20 06:40 . 2012-06-22 08:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-08-20 06:40 . 2012-08-21 00:34 -------- d-----w- c:\programdata\PC Tools
2012-08-20 06:40 . 2012-08-20 06:40 -------- d-----w- c:\users\Windows_7\AppData\Roaming\TestApp
2012-08-17 16:54 . 2012-08-17 16:54 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-17 16:54 . 2010-10-23 17:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-08-17 16:48 . 2012-08-17 16:48 -------- d-----w- c:\users\Windows_7\AppData\Local\conduitEngine
2012-08-17 16:46 . 2012-08-17 16:46 -------- d-----w- c:\users\Windows_7\AppData\Local\Jaksta_Technologies_Pty_L
2012-08-17 16:45 . 2012-08-17 16:46 -------- d-----w- c:\users\Windows_7\AppData\Roaming\Replay Media Catcher 4
2012-08-17 16:45 . 2012-08-17 16:45 -------- d-----w- c:\programdata\Applian
2012-08-17 16:38 . 2012-08-17 19:01 -------- d-----w- c:\program files\Applian Technologies
2012-08-17 16:37 . 2012-08-17 16:37 -------- d-----w- c:\users\Windows_7\AppData\Local\APN
2012-08-17 16:35 . 2012-08-17 16:40 -------- d-----w- c:\users\Windows_7\AppData\Local\Freecorder
2012-08-13 06:35 . 2012-08-13 06:35 5115584 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-08-07 05:42 . 2012-08-07 05:42 135168 --sha-r- c:\windows\system32\btpanuif.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 04:25 . 2012-04-03 03:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 04:25 . 2011-08-24 17:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 06:46 . 2011-07-28 19:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 03:43 . 2012-08-20 06:46 3488 ----a-w- c:\windows\UDB.zip
2012-06-22 03:43 . 2012-08-20 06:46 131 ----a-w- c:\windows\IDB.zip
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 18:56 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-26 9808488]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Google Translate for Translators"="c:\program files\GT4T Professional Edition\gt4t.exe" [2011-11-28 877519]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
.
c:\users\Windows_7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SDL MultiTerm 2011 Widget.lnk - c:\program files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe [2012-6-29 402944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 00:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 05:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 08:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 17:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 08:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-05-25 17:35 35328 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/09 05:28];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\system32\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:25]
.
2012-08-31 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2012-03-06 07:24]
.
2012-08-31 c:\windows\Tasks\UNVTHT.job
- c:\windows\system32\btpanuif.dll [2012-08-07 05:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=41648006&gct=hp
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Windows_7\AppData\Roaming\Mozilla\Firefox\Profiles\rr0gfkk9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66604
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf7f9f54e-402f-403f-bea5-ebc39aa2ecc2%7D&mid=5f3caa82b65d47d19b710ea6a2c2c395-cbcdb3d54a3842cb2a28b7d5724a122d6d7c80b2&ds=AVG&v=11.1.0.12&lang=us&pr=fr&d=2011-12-08%2018%3A53%3A04&sap=ku&q=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Freecorder YouTube Download Wizard: ytvdw@pgport.com - %profile%\extensions\ytvdw@pgport.com
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\11.1.0.12
FF - Ext: Browser Guard Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools\PC Tools Security\BDT\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-protect_autorun - c:\users\Windows_7\Desktop\CPE17AntiAutorun1330.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
AddRemove-Freecorder_1.0 - c:\windows\iun6002.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1 - c:\program files\VS Revo Group\Revo Uninstaller Pro\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-01 04:27:08
ComboFix-quarantined-files.txt 2012-08-31 21:27
.
Pre-Run: 210,198,327,296 bytes free
Post-Run: 210,162,860,032 bytes free
.
- - End Of File - - EB6924FCAA3E9A6EE4B666265DD24E6E

#14 musicaf

musicaf
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 02 September 2012 - 04:46 AM

Hi Elle,

There is still redirecting virus when I search Google.

Regards,

#15 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:14 AM

Posted 02 September 2012 - 08:15 AM

We will try to fix that now.




Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users