Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices

Register your FREE account to unlock additional features at WindowsBBS.com
 
 
LinkBack Thread Tools
Old 20th March 2010   #1
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

[Resolved] Ebay login malware


Brand new user of the forum and a complete beginner.

Issue 1: The Ebay login maleware requesting personal information

I followed instructons posted by broni (February) and I'm having issues running the GMER.net exe

Currently on my computer: Spybot - S&D, AVG Anti-virus free ediion, and Malewarebytes Anti-Maleware. These are recent additions after I received the Blue Screen of Death and enough **** to supply most of North America.

Issue 2: Th computer is now extremey s l o w...painfully slow.

What do I do???

jform is offline  
Old 20th March 2010   #2
Staff
 
PeteC's Avatar
 
Profile:
Join Date: May 2002
Location: Staffordshire, UK
Posts: 27,969
Computer Experience:
Usually not enough
PeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation LevelPeteC Reputation Level

My System
Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread.

PeteC is offline  
Old 20th March 2010   #3
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

I got the gmer.exe to run. Here is the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-20 09:45:00
Windows 5.1.2600 Service Pack 3
Running: 2txy2ofb[1].exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\pgtoapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Here is the DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 9:49:20.00 on Sat 03/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.270 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\0BKN6DP4\2txy2ofb[1].exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/arthur/games/artstudio/paint.html"
mRun: [QBCD Autorun] D:\autorun.exe restart QB_SEQUENCE first
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [tuoactho] c:\documents and settings\john\local settings\application data\jmkolb\ituwsftav.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://automobiles.honda.com/models/...&noreloadredir
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://quickplace02.geextranet.com/qp2.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155340497015
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://gianteagle.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/downloads/gamemanager/DIGGameManager.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/html - {b62f322a-fe12-4d49-b1c1-e2f8924e2786} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-9 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-9 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-9 242696]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2007-8-15 110304]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-2 583640]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-26 18560]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-11-30 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-11-30 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-11-30 23680]

=============== Created Last 30 ================


==================== Find3M ====================

2010-03-16 20:15:58 70520 ----a-w- c:\docume~1\john\applic~1\GDIPFONTCACHEV1.DAT
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2005-12-05 23:28:30 3673932 ------w- c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-05 23:28:04 1358864 ------w- c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 23:28:02 86925 ------w- c:\program files\Oct2005_xinput_x64.cab
2005-12-05 23:28:02 46247 ------w- c:\program files\Oct2005_xinput_x86.cab
2005-12-05 23:28:02 41888 ------w- c:\program files\dxdllreg_x86.cab
2005-12-05 23:28:00 916806 ------w- c:\program files\Dec2005_MDX1_x86.cab
2005-12-05 23:27:58 1080344 ------w- c:\program files\Dec2005_d3dx9_28_x86.cab

============= FINISH: 9:50:29.90 ===============


Last edited by jform; 20th March 2010 at 17:23. Reason: Added: DDS
jform is offline  
Old 20th March 2010   #4
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,081
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Second part of DDS log is missing...

broni is offline  
Old 20th March 2010   #5
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

That's all that on the log. Are you talking abut the Attach?

jform is offline  
Old 20th March 2010   #6
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,081
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Yes....

broni is offline  
Old 20th March 2010   #7
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

I'm not sure how to attach the zip....???

jform is offline  
Old 20th March 2010   #8
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,081
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Paste the content into your next reply.

broni is offline  
Old 20th March 2010   #9
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2005 12:22:22 PM
System Uptime: 3/20/2010 8:44:01 AM (1 hours ago)

Motherboard: Intel Corporation | | D845PT
Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | J1E1 | 1594/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 38.454 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&1351887D&0&60F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&1351887D&0&60F0
Service: RT61

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&268D196D&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&268D196D&0
Service: i8042prt

==== System Restore Points ===================

RP1545: 12/21/2009 12:33:24 AM - System Checkpoint
RP1546: 12/22/2009 12:47:59 AM - System Checkpoint
RP1547: 12/23/2009 1:18:12 AM - System Checkpoint
RP1548: 12/24/2009 2:31:15 AM - System Checkpoint
RP1549: 12/25/2009 3:08:20 AM - System Checkpoint
RP1550: 12/26/2009 3:42:43 AM - System Checkpoint
RP1551: 12/27/2009 3:47:06 AM - System Checkpoint
RP1552: 12/28/2009 4:47:05 AM - System Checkpoint
RP1553: 12/29/2009 5:47:04 AM - System Checkpoint
RP1554: 12/30/2009 6:46:51 AM - System Checkpoint
RP1555: 12/31/2009 7:46:56 AM - System Checkpoint
RP1556: 1/1/2010 8:46:51 AM - System Checkpoint
RP1557: 1/2/2010 9:47:56 AM - System Checkpoint
RP1558: 1/3/2010 10:13:21 AM - System Checkpoint
RP1559: 1/4/2010 10:21:50 AM - System Checkpoint
RP1560: 1/5/2010 11:57:50 AM - System Checkpoint
RP1561: 1/6/2010 12:09:44 PM - System Checkpoint
RP1562: 1/7/2010 12:20:06 PM - System Checkpoint
RP1563: 1/8/2010 12:37:07 PM - System Checkpoint
RP1564: 1/9/2010 1:19:01 PM - System Checkpoint
RP1565: 1/10/2010 2:31:34 PM - System Checkpoint
RP1566: 1/11/2010 2:41:14 PM - System Checkpoint
RP1567: 1/12/2010 4:10:48 PM - System Checkpoint
RP1568: 1/13/2010 3:00:21 AM - Software Distribution Service 3.0
RP1569: 1/14/2010 3:25:57 AM - System Checkpoint
RP1570: 1/15/2010 3:38:28 AM - System Checkpoint
RP1571: 1/16/2010 3:51:00 AM - System Checkpoint
RP1572: 1/17/2010 3:56:25 AM - System Checkpoint
RP1573: 1/18/2010 4:56:24 AM - System Checkpoint
RP1574: 1/19/2010 5:11:00 AM - System Checkpoint
RP1575: 1/19/2010 9:15:28 PM - Software Distribution Service 3.0
RP1576: 1/20/2010 10:12:45 PM - System Checkpoint
RP1577: 1/21/2010 11:12:45 PM - System Checkpoint
RP1578: 1/23/2010 12:12:45 AM - System Checkpoint
RP1579: 1/23/2010 3:00:19 AM - Software Distribution Service 3.0
RP1580: 1/24/2010 3:23:11 AM - System Checkpoint
RP1581: 1/25/2010 4:23:10 AM - System Checkpoint
RP1582: 1/26/2010 5:23:16 AM - System Checkpoint
RP1583: 1/27/2010 6:09:04 AM - System Checkpoint
RP1584: 1/28/2010 7:46:47 AM - System Checkpoint
RP1585: 1/29/2010 11:31:25 AM - System Checkpoint
RP1586: 1/30/2010 11:51:47 AM - System Checkpoint
RP1587: 1/31/2010 3:08:40 PM - System Checkpoint
RP1588: 2/1/2010 5:53:14 PM - System Checkpoint
RP1589: 2/2/2010 3:00:20 AM - Software Distribution Service 3.0
RP1590: 2/3/2010 3:00:21 AM - Software Distribution Service 3.0
RP1591: 2/4/2010 3:16:09 AM - System Checkpoint
RP1592: 2/5/2010 4:16:06 AM - System Checkpoint
RP1593: 2/6/2010 5:16:06 AM - System Checkpoint
RP1594: 2/7/2010 6:16:09 AM - System Checkpoint
RP1595: 2/8/2010 6:48:00 AM - System Checkpoint
RP1596: 2/9/2010 9:35:47 AM - System Checkpoint
RP1597: 2/10/2010 6:56:28 AM - Software Distribution Service 3.0
RP1598: 2/11/2010 12:17:36 PM - System Checkpoint
RP1599: 2/12/2010 2:08:11 PM - System Checkpoint
RP1600: 2/13/2010 4:16:26 PM - System Checkpoint
RP1601: 2/14/2010 5:11:30 PM - System Checkpoint
RP1602: 2/16/2010 1:28:23 AM - System Checkpoint
RP1603: 2/17/2010 1:44:23 AM - System Checkpoint
RP1604: 2/18/2010 2:44:23 AM - System Checkpoint
RP1605: 2/19/2010 3:44:23 AM - System Checkpoint
RP1606: 2/20/2010 4:14:16 AM - System Checkpoint
RP1607: 2/21/2010 4:55:49 AM - System Checkpoint
RP1608: 2/22/2010 5:04:07 AM - System Checkpoint
RP1609: 2/23/2010 5:55:49 AM - System Checkpoint
RP1610: 2/24/2010 3:00:21 AM - Software Distribution Service 3.0
RP1611: 2/25/2010 3:55:39 AM - System Checkpoint
RP1612: 2/26/2010 4:55:37 AM - System Checkpoint
RP1613: 2/27/2010 5:55:37 AM - System Checkpoint
RP1614: 2/28/2010 7:55:19 AM - System Checkpoint
RP1615: 3/8/2010 7:07:46 PM - System Checkpoint
RP1616: 3/8/2010 11:28:04 PM - Installed AVG Free 9.0
RP1617: 3/9/2010 5:54:32 PM - Avg8 Update
RP1618: 3/10/2010 9:43:21 PM - System Checkpoint
RP1619: 3/11/2010 3:00:30 AM - Software Distribution Service 3.0
RP1620: 3/12/2010 3:12:40 AM - System Checkpoint
RP1621: 3/13/2010 3:57:06 AM - System Checkpoint
RP1622: 3/13/2010 8:30:27 AM - Avg8 Update
RP1623: 3/13/2010 8:36:07 AM - Avg Update
RP1624: 3/13/2010 2:35:40 PM - Removed TurboTax ItsDeductible 2006
RP1625: 3/14/2010 4:04:50 PM - System Checkpoint
RP1626: 3/15/2010 4:36:35 PM - System Checkpoint
RP1627: 3/16/2010 5:13:13 PM - System Checkpoint
RP1628: 3/17/2010 8:29:07 AM - Avg Update
RP1629: 3/18/2010 9:04:22 AM - System Checkpoint
RP1630: 3/19/2010 10:55:42 AM - System Checkpoint

==== Installed Programs ======================

3ivx MPEG-4 5.0.3 (remove only)
5500
5500_Help
5500Tour
5500Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AiO_Scan
AIOMinimal
AiOSoftware
AnswerWorks 4.0 Runtime - English
Armada Tanks
AVG Free 9.0
Backup Dell-Installed Programs
BUM
CCleaner
Construction Zone
Copy
CreativeProjects
Debugging Tools for Windows (x86)
Diagnostic Tool for the Microsoft VM
Director
DocProc
Dora Saves the Crystal Kingdom!
Facebook Plug-In
Fax
FlipShare
Garmin City Navigator North America NT 2010.40
Garmin WebUpdater
GdiplusUpgrade
getPlus(R) for Adobe
GoGear VIBE Device Manager
Google Earth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
hpmdtab
HPSystemDiagnostics
InstantShare
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KODAK EASYSHARE Gallery Easy Upload, v2.0
KODAK EASYSHARE Gallery Upload ActiveX Control
KODAK Picture CD Volume 3 Issue 2
LeapFrog Connect
LeapFrog Tag Plugin
LG USB Modem driver
Linksys EasyLink Advisor 1.5 (1010)
Linksys Wireless-G PCI Adapter
Macromedia Flash Player
Malwarebytes' Anti-Malware
Media Converter for Philips
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Small Business
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Music Assistant
MSXML 6 Service Pack 2 (KB954459)
muvee Plugin 1.0
Overland
PhotoGallery
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Registry Mechanic 9.0
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB975561)
SkinsHP1
SkinsHP2
Sony USB Driver
Spybot - Search & Destroy
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
WebFldrs XP
WebReg
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Works Suite OS Pack
Works Synchronization

==== Event Viewer Messages From Past Week ========

3/13/2010 8:24:54 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000016, parameter2 00000002, parameter3 00000000, parameter4 804dbda3.
3/13/2010 2:36:03 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

jform is offline  
Old 20th March 2010   #10
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,081
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

broni is offline  
Old 20th March 2010   #11
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

Also....I just ran Malwarebytes, full scan. It detected 3 trogans that I removed.

jform is offline  
Old 20th March 2010   #12
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 20,081
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
In that case, please post Malwarebytes log as well.

broni is offline  
Old 20th March 2010   #13
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:12 PM, on 3/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart QB_SEQUENCE first
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/arthur/games/artstudio/paint.html"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...nAxControl.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...&noreloadredir
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://quickplace02.geextranet.com/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155340497015
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/R...hotoOnline.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://gianteagle.lifepics.com/net/U...Uploader45.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/downloads/game...ameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 11796 bytes

jform is offline  
Old 20th March 2010   #14
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

ComboFix 10-03-19.08 - John 03/20/2010 15:32:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.399 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\windows\xobglu16.dll

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-13 13:36 . 2010-03-13 13:36 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-13 13:36 . 2010-03-13 13:36 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-13 13:36 . 2010-03-13 13:36 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-13 13:35 . 2010-03-13 13:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 13:30 . 2010-03-09 04:28 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-13 13:30 . 2010-03-09 04:28 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-13 13:30 . 2010-03-09 04:28 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-13 13:30 . 2010-03-09 04:28 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-11 02:22 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 22:54 . 2010-03-09 04:28 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-09 22:54 . 2010-03-09 04:28 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-03-09 22:44 . 2010-03-10 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-09 22:44 . 2010-03-10 01:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-09 22:34 . 2010-03-09 22:34 -------- d-----w- c:\program files\CCleaner
2010-03-09 22:32 . 2010-03-09 22:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-09 04:29 . 2010-03-09 22:51 -------- d-----w- C:\$AVG
2010-03-09 04:28 . 2010-03-13 13:35 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-09 04:28 . 2010-03-13 13:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 04:28 . 2010-03-13 13:35 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-09 04:28 . 2010-03-20 13:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-09 04:28 . 2010-03-09 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-09 04:28 . 2010-03-09 04:28 -------- d-----w- c:\program files\AVG
2010-03-09 04:28 . 2010-03-09 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-02 20:57 . 2010-03-02 20:57 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-02 17:31 . 2010-03-02 17:31 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2010-03-02 17:15 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 17:15 . 2010-03-02 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-02 17:15 . 2010-03-02 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 17:15 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 02:55 . 2010-03-01 02:55 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-03-01 02:55 . 2010-03-01 02:55 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-03-01 02:55 . 2010-03-01 02:55 -------- d-----w- c:\documents and settings\HelpAssistant\Shared
2010-03-01 02:55 . 2010-03-01 02:55 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-03-01 02:06 . 2010-03-01 02:06 -------- d-----w- c:\documents and settings\HelpAssistant\LocalLow
2010-03-01 01:42 . 2010-03-01 01:42 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-03-01 01:42 . 2010-03-01 01:42 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-03-01 01:42 . 2008-12-13 17:37 61224 ----a-w- c:\documents and settings\HelpAssistant\GoToAssistDownloadHelper.exe
2010-02-28 13:27 . 2010-03-09 22:52 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\jmkolb
2010-02-24 18:14 . 2010-02-24 18:14 -------- d-----w- c:\program files\Garmin
2010-02-24 18:14 . 2010-02-24 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2010-02-24 17:10 . 2010-02-24 17:50 -------- d-----w- c:\documents and settings\John\Application Data\Download Manager
2010-02-24 15:15 . 2010-02-24 18:13 -------- d-----w- c:\documents and settings\John\Application Data\GARMIN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 19:37 . 2005-10-27 18:49 -------- d-----w- c:\program files\Yahoo!
2010-03-13 19:32 . 2009-11-13 12:52 -------- d-----w- c:\program files\Microsoft
2010-03-13 19:29 . 2007-09-16 22:07 -------- d-----w- c:\program files\LEGO Company
2010-03-03 00:38 . 2009-03-12 16:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-02 20:33 . 2005-10-19 16:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-02 20:33 . 2005-10-19 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-02 17:50 . 2008-10-30 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-27 12:02 . 2009-03-12 21:08 -------- d-----w- c:\documents and settings\John\Application Data\PlayFirst
2010-02-22 19:35 . 2006-10-08 19:52 -------- d-----w- c:\documents and settings\John\Application Data\U3
2010-02-06 13:52 . 2010-02-06 13:52 50354 ----a-w- c:\documents and settings\John\Application Data\Facebook\uninstall.exe
2010-02-06 13:52 . 2010-02-06 13:52 -------- d-----w- c:\documents and settings\John\Application Data\Facebook
2010-02-05 21:36 . 2010-02-05 21:36 -------- d-----w- c:\program files\Nick Jr. Arcade
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\John\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\John\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-20 05:08 . 2008-08-24 11:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-31 16:50 . 2001-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 16:12 . 2009-12-26 16:12 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-26 16:12 . 2009-12-26 16:12 6106960 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe
2009-12-21 19:14 . 2004-01-08 20:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 13:48 . 2009-12-21 13:48 118272 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\cache\6.0\53\6061d535-489cb3ac-n\WinVideo.dll
2009-12-21 13:48 . 2009-12-21 13:48 90624 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\cache\6.0\56\4d4f6cf8-31c1ddb7-n\JINECELP.dll
2009-12-21 13:48 . 2009-12-21 13:48 68096 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\cache\6.0\56\4d4f6cf8-31c1ddb7-n\JIWAudio.dll
2009-12-21 13:48 . 2009-12-21 13:48 64000 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\cache\6.0\56\4d4f6cf8-31c1ddb7-n\JIWMixer.dll
2009-12-21 13:48 . 2009-12-21 13:48 61440 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\cache\6.0\15\306e94cf-562c8928-n\WinPlatform.dll
2005-12-05 23:28 . 2005-12-05 23:28 3673932 ------w- c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-05 23:28 . 2005-12-05 23:28 1358864 ------w- c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 23:28 . 2005-12-05 23:28 86925 ------w- c:\program files\Oct2005_xinput_x64.cab
2005-12-05 23:28 . 2005-12-05 23:28 46247 ------w- c:\program files\Oct2005_xinput_x86.cab
2005-12-05 23:28 . 2005-12-05 23:28 41888 ------w- c:\program files\dxdllreg_x86.cab
2005-12-05 23:28 . 2005-12-05 23:28 916806 ------w- c:\program files\Dec2005_MDX1_x86.cab
2005-12-05 23:27 . 2005-12-05 23:27 1080344 ------w- c:\program files\Dec2005_d3dx9_28_x86.cab
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2001-09-04 19:31 . 2001-09-04 19:31 655360 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe

2001-08-17 04:41 . 2001-08-17 04:41 28738 c:\program files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

2006-01-01 14:40 . 2006-01-01 14:40 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2007-07-17 00:43 . 2007-07-17 00:43 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

2005-02-17 03:11 . 2005-02-17 03:11 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

2005-01-12 18:54 . 2005-01-12 18:54 241664 c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe

2007-03-14 23:05 . 2007-03-14 23:05 257088 c:\program files\iTunes\bak\iTunesHelper.exe

2007-10-16 00:31 . 2007-09-25 05:11 132496 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe

2007-10-20 12:55 . 2006-04-03 00:07 389120 c:\program files\Linksys EasyLink Advisor\bak\LinksysAgent.exe

2001-10-06 00:34 . 2001-10-06 00:34 24576 c:\program files\Microsoft Works\bak\wkfud.exe

2001-08-23 21:52 . 2001-08-23 21:52 331830 c:\program files\Microsoft Works\bak\WksSb.exe

2007-02-16 14:54 . 2007-02-16 14:54 282624 c:\program files\QuickTime\bak\qttask.exe

2005-10-19 22:24 . 2004-01-05 07:27 176128 c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [N/A]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [N/A]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QBCD Autorun"="D:\autorun.exe" [N/A]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2009-9-10 1611152]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 13:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3964:TCP"= 3964:TCP:Services
"2003:TCP"= 2003:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/9/2010 12:28 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/9/2010 12:28 AM 242696]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [8/15/2007 10:41 AM 110304]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 9:34 AM 308064]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/2/2010 4:57 PM 583640]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2009 12:14 PM 18560]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/30/2008 5:25 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/30/2008 5:25 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [11/30/2008 5:25 PM 23680]
.
Contents of the 'Scheduled Tasks' folder

2008-09-20 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-Construction Zone - c:\program files\Mattel Media\Matchbox\Caterpillar Construction Zone\Construction Zone\Data\UninstallCat.isu
AddRemove-UnityWebPlayer - c:\documents and settings\John\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 15:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x872D7B20]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75b3f28
\Driver\ACPI -> 0x872d7b20
\Driver\atapi -> atapi.sys @ 0xf74de852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) #2 -> SendCompleteHandler -> 0x86d6f690
PacketIndicateHandler -> NDIS.sys @ 0xf73e4a21
SendHandler -> NDIS.sys @ 0xf73d9949
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950A600
malicious code @ sector 0x0950A603 !
PE file found in sector at 0x0950A619 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
Completion time: 2010-03-20 15:55:32
ComboFix-quarantined-files.txt 2010-03-20 19:55

Pre-Run: 41,374,679,040 bytes free
Post-Run: 42,229,350,400 bytes free

- - End Of File - - E5C73968606F4B99A0DB83554BFF24C1

jform is offline  
Old 20th March 2010   #15
Inactive
THREAD STARTER
 
Profile:
Join Date: Mar 2010
Posts: 41
Computer Experience:
beginner
jform Reputation Level

Malwarebytes' Anti-Malware 1.44
Database version: 3888
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/20/2010 2:44:56 PM
mbam-log-2010-03-20 (14-44-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 289161
Time elapsed: 1 hour(s), 36 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tuoactho (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jform is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 10 Windows 10
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 10:46.


Recent Discussions
Need help configuring an Audigy Fx .. (2)
Strike the F1 key to continue (8)
Loosing connection with giganews? (7)
Replacement for TFC (7)
Need TV Buying Advice (7)
IE9 crashing (11)
accessed file dates (created, modif.. (3)
Is compacting of email folders esse.. (8)
New Hard drive instals fails to sho.. (3)
[HP Elitebook 2530p: Screen doesn't.. (7)
iPad keeps crashing (3)
Windows Update doesn't work (11)
Slow running Machine (33)
MS Fax and Scan Replacement (6)
Lock screen (10)
What is Hard disk populate. (6)
CD formatting question (9)
Audio Freezing Sounding Like A Robo.. (14)
Write protected USB stick (23)
DistributedCOM error (0)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright 2002 - 2014 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 0.50675 seconds with 7 queries