My Father-in-law's computer has been slow. When trying to surf the web his initial Firefox window usually pops open to his homepage "Google". But then he is unable to open other windows or change to other websites. I ran AVG, MBAM, Spybot, SuperAnti-Virus, HJT, and a couple other freeware virus protections. I also tried ESET online scanner without any success. I will post the logs that are requested. Thank you in advance for any help you can give.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5234
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/2/2010 3:50:36 PM
mbam-log-2010-12-02 (15-50-36).txt
Scan type: Full scan (C:\|)
Objects scanned: 187513
Time elapsed: 1 hour(s), 8 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
==============================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-27.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/2/2005 6:31:00 PM
System Uptime: 12/2/2010 1:13:16 PM (3 hours ago)
Motherboard: Dell Computer Corp. | | 0R8060
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 70 GiB total, 58.687 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Apple Application Support
Apple Software Update
AVG 2011
Banctec Service Agreement
BellSouth Application Management
Big City Adventure - Sydney Australia
Blue Coat® K9 Web Protection 4.0.296
CCleaner
Championship Mah Jongg
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Photo AIO Printer 962
Dell Picture Studio v3.0
Dell Support Center
Dell System Restore
DellSupport
Foxit Creator
Foxit Reader
Frontline Registry Cleaner
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hoyle Casino 6
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 22
LogMeIn
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Photo Story 2 LE
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multi Virus Cleaner 2009
Print to Fax
QuickTime
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Spybot - Search & Destroy
SUPERAntiSpyware
Sweet Tooth To Go 1.1
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinPoker 6
Works Upgrade
YOU DON'T KNOW JACK Volume 2
==== Event Viewer Messages From Past Week ========
12/2/2010 8:31:28 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
12/2/2010 12:17:55 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
12/2/2010 12:05:45 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Lavasoft Ad-Aware Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/2/2010 12:05:29 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/2/2010 1:14:53 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
12/2/2010 1:14:34 PM, error: SRService [104] - The System Restore initialization process failed.
12/1/2010 9:30:04 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The dlbx_device service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The Blue Coat K9 Web Protection service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:11 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/1/2010 6:39:26 PM, error: Print [6161] - The document Test Page owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 1035464. Number of bytes printed: 1035464. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
12/1/2010 3:02:45 PM, error: Print [6161] - The document Owner Link - Pay Online Rec... owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 357984. Number of bytes printed: 357984. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
12/1/2010 3:00:44 PM, error: Print [6161] - The document Owner Link - Pay Online Rec... owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 357772. Number of bytes printed: 357772. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
11/28/2010 9:54:16 AM, error: Print [6161] - The document https://www.spservicing.com/services/customer/ezpay/EZPayReceip owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 549357. Number of bytes printed: 549357. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
11/28/2010 9:48:27 AM, error: Print [6161] - The document https://www.spservicing.com/services/customer/ezpay/EZPayReceip owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 560128. Number of bytes printed: 560128. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
==== End Of File ===========================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:22:21 PM, on 12/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
--
End of file - 2659 bytes
DDS (Ver_10-11-27.01) - NTFSx86
Run by Barbara at 16:22:19.40 on Thu 12/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.151 [GMT -5:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Barbara\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\barbara\applic~1\mozilla\firefox\profiles\s7ugm6t7.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-12-11 74088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-12-11 1078632]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-4 47640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2010-12-02 18:49:35 -------- d-----w- c:\program files\AxBx
2010-12-02 18:30:21 -------- d-----w- c:\program files\IObit
2010-12-02 18:30:21 -------- d-----w- c:\docume~1\barbara\applic~1\IObit
2010-12-02 05:34:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner
2010-12-02 05:33:47 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-01 17:00:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2010-12-01 16:57:04 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Apple
2010-12-01 16:56:30 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Apple Computer
2010-12-01 16:42:26 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-01 16:29:02 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Mozilla
2010-12-01 15:19:20 -------- d-----w- c:\docume~1\barbara\applic~1\AVG10
2010-12-01 15:15:07 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-01 15:10:28 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-01 15:10:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-01 15:04:26 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-12-01 14:49:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-01 14:45:00 -------- d-----w- c:\docume~1\barbara\applic~1\SUPERAntiSpyware.com
2010-11-29 20:14:21 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Temp
2010-11-10 03:20:58 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
==================== Find3M ====================
2010-09-29 22:31:14 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-29 22:31:14 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-09-29 22:31:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-29 22:31:13 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
============= FINISH: 16:23:25.34 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-02 19:41:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
Running: p8lk4luq.exe; Driver: C:\DOCUME~1\Barbara\LOCALS~1\Temp\fgroapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEF5746C0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEBC57620]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEF574810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEF5748B0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 25E 804E4AB8 2 Bytes [C0, 46]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7E8CF80]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat B9838D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5234
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/2/2010 3:50:36 PM
mbam-log-2010-12-02 (15-50-36).txt
Scan type: Full scan (C:\|)
Objects scanned: 187513
Time elapsed: 1 hour(s), 8 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
==============================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-27.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/2/2005 6:31:00 PM
System Uptime: 12/2/2010 1:13:16 PM (3 hours ago)
Motherboard: Dell Computer Corp. | | 0R8060
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 70 GiB total, 58.687 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Apple Application Support
Apple Software Update
AVG 2011
Banctec Service Agreement
BellSouth Application Management
Big City Adventure - Sydney Australia
Blue Coat® K9 Web Protection 4.0.296
CCleaner
Championship Mah Jongg
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Photo AIO Printer 962
Dell Picture Studio v3.0
Dell Support Center
Dell System Restore
DellSupport
Foxit Creator
Foxit Reader
Frontline Registry Cleaner
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hoyle Casino 6
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 22
LogMeIn
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Photo Story 2 LE
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multi Virus Cleaner 2009
Print to Fax
QuickTime
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Spybot - Search & Destroy
SUPERAntiSpyware
Sweet Tooth To Go 1.1
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinPoker 6
Works Upgrade
YOU DON'T KNOW JACK Volume 2
==== Event Viewer Messages From Past Week ========
12/2/2010 8:31:28 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
12/2/2010 12:17:55 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
12/2/2010 12:05:45 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Lavasoft Ad-Aware Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/2/2010 12:05:29 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/2/2010 1:14:53 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
12/2/2010 1:14:34 PM, error: SRService [104] - The System Restore initialization process failed.
12/1/2010 9:30:04 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The dlbx_device service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The Blue Coat K9 Web Protection service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 8:17:11 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/1/2010 6:39:26 PM, error: Print [6161] - The document Test Page owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 1035464. Number of bytes printed: 1035464. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
12/1/2010 3:02:45 PM, error: Print [6161] - The document Owner Link - Pay Online Rec... owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 357984. Number of bytes printed: 357984. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
12/1/2010 3:00:44 PM, error: Print [6161] - The document Owner Link - Pay Online Rec... owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 357772. Number of bytes printed: 357772. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
11/28/2010 9:54:16 AM, error: Print [6161] - The document https://www.spservicing.com/services/customer/ezpay/EZPayReceip owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 549357. Number of bytes printed: 549357. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
11/28/2010 9:48:27 AM, error: Print [6161] - The document https://www.spservicing.com/services/customer/ezpay/EZPayReceip owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 560128. Number of bytes printed: 560128. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
==== End Of File ===========================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:22:21 PM, on 12/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
--
End of file - 2659 bytes
DDS (Ver_10-11-27.01) - NTFSx86
Run by Barbara at 16:22:19.40 on Thu 12/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.151 [GMT -5:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Barbara\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\barbara\applic~1\mozilla\firefox\profiles\s7ugm6t7.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-12-11 74088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-12-11 1078632]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-4 47640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2010-12-02 18:49:35 -------- d-----w- c:\program files\AxBx
2010-12-02 18:30:21 -------- d-----w- c:\program files\IObit
2010-12-02 18:30:21 -------- d-----w- c:\docume~1\barbara\applic~1\IObit
2010-12-02 05:34:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner
2010-12-02 05:33:47 -------- d-----w- c:\program files\Frontline Registry Cleaner
2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2010-12-01 17:00:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2010-12-01 16:57:04 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Apple
2010-12-01 16:56:30 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Apple Computer
2010-12-01 16:42:26 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-01 16:29:02 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Mozilla
2010-12-01 15:19:20 -------- d-----w- c:\docume~1\barbara\applic~1\AVG10
2010-12-01 15:15:07 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-01 15:10:28 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-01 15:10:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-01 15:04:26 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-12-01 14:49:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-01 14:45:00 -------- d-----w- c:\docume~1\barbara\applic~1\SUPERAntiSpyware.com
2010-11-29 20:14:21 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Temp
2010-11-10 03:20:58 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
==================== Find3M ====================
2010-09-29 22:31:14 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-29 22:31:14 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-09-29 22:31:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-29 22:31:13 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
============= FINISH: 16:23:25.34 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-02 19:41:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
Running: p8lk4luq.exe; Driver: C:\DOCUME~1\Barbara\LOCALS~1\Temp\fgroapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEF5746C0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEBC57620]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEF574810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEF5748B0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 25E 804E4AB8 2 Bytes [C0, 46]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7E8CF80]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat B9838D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----