TechSpot

Issues w/google searches getting redirected

Inactive
By igneous
Dec 27, 2010
  1. Here are my log files, any help in letting me know what to do would be deeply appreciated...
    1. mbam.log
    2. gmer.log
    3. attach.txt
    4. DDS.txt




    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5406

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    12/27/2010 9:16:43 PM
    mbam-log-2010-12-27 (21-16-43).txt

    Scan type: Quick scan
    Objects scanned: 140026
    Time elapsed: 3 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 1
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{E4BCA08E-97A8-2A48-535A-EEAEABEBB426} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4BCA08E-97A8-2A48-535A-EEAEABEBB426} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4BCA08E-97A8-2A48-535A-EEAEABEBB426} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Agent) -> Value: RTHDBPL -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dskquouiwow.exe (Trojan.TracurW.Gen) -> Value: dskquouiwow.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.S) -> Bad: (C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

    Folders Infected:
    c:\programdata\146591905 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Files Infected:
    c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\programdata\asycfilt32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\A3E4.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\System32\asycfilt32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\System32\migisol32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
    c:\Windows\System32\020000007109f9931076c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\System32\020000007109f9931076o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\System32\020000007109f9931076p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\System32\020000007109f9931076s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\System32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.
     
  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot forums :).

    ====

    You have only posted the MBA-M log.

    Please post the others.
     
  3. igneous

    igneous TS Rookie Topic Starter

    Yes, the other 3 are on my home pc (it's the one with issues). I'll reply to original and post other logs tonite....Thanks and happy holidays!
     
  4. igneous

    igneous TS Rookie Topic Starter

    the rest (labeled)

    (gmer):

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-27 22:00:18
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD3200AAJS-00RYA0 rev.12.01B01
    Running: rw3jzlp6.exe; Driver: C:\Users\bday\AppData\Local\Temp\kxldqpob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E8A599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74122494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74105624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7412250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74118573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74114D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74118819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7411907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7411E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74114C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    (ATTACH.txt):

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/5/2010 10:49:46 PM
    System Uptime: 12/27/2010 9:31:50 PM (1 hours ago)

    Motherboard: Intel Corporation | | D945GCCRG1
    Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz | LGA 775 | 1600/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 288 GiB total, 137.38 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.504 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB MS Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#920321111113&3#
    Manufacturer: Generic
    Name: J:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#920321111113&3#
    Service: WUDFRd

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB SD Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#920321111113&0#
    Manufacturer: Generic
    Name: G:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#920321111113&0#
    Service: WUDFRd

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB SM Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#920321111113&2#
    Manufacturer: Generic
    Name: I:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#920321111113&2#
    Service: WUDFRd

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: USB CF Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#920321111113&1#
    Manufacturer: Generic
    Name: H:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#920321111113&1#
    Service: WUDFRd

    ==== System Restore Points ===================

    RP13: 10/27/2010 3:00:12 AM - Windows Update
    RP14: 10/28/2010 3:00:11 AM - Windows Update
    RP15: 11/4/2010 9:22:42 PM - Scheduled Checkpoint
    RP16: 11/10/2010 9:02:53 PM - Windows Update
    RP17: 11/17/2010 11:02:07 PM - Scheduled Checkpoint
    RP18: 11/25/2010 3:00:25 AM - Windows Update
    RP19: 12/1/2010 8:14:25 PM - Removed AVG Free 8.5
    RP20: 12/1/2010 8:19:06 PM - Removed AVG Free 8.5
    RP21: 12/1/2010 8:31:24 PM - Installed AVG Free 8.5
    RP22: 12/8/2010 11:44:59 PM - Scheduled Checkpoint
    RP23: 12/9/2010 11:27:44 PM - Removed Ask Toolbar.
    RP25: 12/10/2010 4:34:11 PM - Configured NETGEAR MA111v2 802.11b Wireless USB Adapter
    RP26: 12/10/2010 4:34:55 PM - Removed Ask Toolbar.
    RP27: 12/27/2010 12:27:36 PM - Scheduled Checkpoint

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Auslogics Disk Defrag
    AVG Free 8.5
    Avira AntiVir Personal - Free Antivirus
    Belarc Advisor 8.1
    Bing Bar
    Bonjour
    BPD_Scan
    BPDSoftware
    Browser Address Error Redirector
    BufferChm
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.4
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities WFT-E1/E2/E3 Utility
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Creative Memories Memory Manager 2
    Creative Memories StoryBook Creator Plus
    Digital Media Reader
    EOS USB WIA Driver
    eSupportQFolder
    Eusing Free Registry Cleaner
    Fax
    Gateway Connect
    Gateway Recovery Center Installer
    Google Chrome
    HP Photosmart Essential
    HP Solution Center 8.0
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) SE Runtime Environment 6 Update 1
    LoudMo Contextual Ad Assistant
    Magical Jelly Bean KeyFinder
    Malwarebytes' Anti-Malware
    Memory Manager Shared Components Update
    Microsoft .NET Framework 4 Client Profile
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Money 2006
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007 Trial
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Move Media Player
    Mozilla Firefox (3.5.9)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Napster Burn Engine
    NETGEAR MA111v2 802.11b Wireless USB Adapter
    NETGEAR WG311v3 PCI Adapter
    Norton Security Scan
    Photodex Presenter
    Pivot Stickfigure Animator
    Power2Go 5.0
    PS2 Multimedia Keyboard Driver
    QuickTime
    Realtek High Definition Audio Driver
    Scan
    ShotOnline International
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    SopCast 3.2.4
    Spybot - Search & Destroy
    System Requirements Lab
    Toolbox
    U3Launcher
    Veetle TV 0.9.18
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    vShare Plugin
    WebReg
    Win7codecs
    Windows 7 Upgrade Advisor
    World of Warcraft
    XnView 1.91.6

    ==== Event Viewer Messages From Past Week ========

    12/27/2010 9:43:54 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.
    12/27/2010 9:43:52 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy6.
    12/27/2010 9:43:51 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.
    12/27/2010 9:43:49 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4.
    12/27/2010 9:43:48 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.
    12/27/2010 9:43:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.
    12/27/2010 9:33:51 PM, Error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: %%-2147467259
    12/27/2010 9:33:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    12/27/2010 9:33:49 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    12/27/2010 9:32:23 PM, Error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
    12/27/2010 9:32:22 PM, Error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error %%-536805315.
    12/27/2010 9:32:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82ea4efe, 0xafdb8a44, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122710-25771-01.
    12/27/2010 9:31:54 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    12/27/2010 1:32:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    12/27/2010 1:31:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/27/2010 1:31:34 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================
    (DDS.txt):



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by bday at 22:02:28.68 on Mon 12/27/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2037.895 [GMT -6:00]

    AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\zHotkey.exe
    C:\Windows\ModPS2Key.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\bday\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bday\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bday\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\bday\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Bar = about:blank
    uSearch Page = about:blank
    uStart Page = hxxp://www.yahoo.com/
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5464
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5464
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = about:blank
    mSearchAssistant = about:blank
    uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
    mURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
    BHO: {02305016-e4cc-4eaa-8458-569ff11bff67} - c:\windows\system32\api-ms-win-core-interlocked-l1-1-032.dll
    BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
    TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\bday\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [CHotkey] zHotkey.exe
    mRun: [ModPS2] ModPS2Key.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [ShowWnd] ShowWnd.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ma111c~1.lnk - c:\program files\netgear\ma111v2 usb adapter\MA111v2.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7}
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\bday\appdata\roaming\mozilla\firefox\profiles\b3089tn5.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-76-0-TcDj
    FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
    FF - component: c:\users\bday\appdata\roaming\mozilla\firefox\profiles\b3089tn5.default\extensions\{896642e4-c556-4ed3-85d1-9ac431603e7d}\components\Engine.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\users\bday\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\bday\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\users\bday\appdata\roaming\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\bday\appdata\roaming\mozilla\plugins\npPxPlay.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: LoudMo Contextual Ad Assistant: {f2935609-24e8-14ec-f6b8-35a27d6c1004} - c:\program files\mozilla firefox\extensions\{f2935609-24e8-14ec-f6b8-35a27d6c1004}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: XUL Cache: {483f8f2c-2cf1-408c-9ecf-46dffff018d1} - %profile%\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}

    ---- FIREFOX POLICIES ----
    FF - user.js: google.toolbar.linkdoctor.enabled - false

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-1 64160]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-8 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-8 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-30 108552]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-9 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-9 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-9 61960]
    S2 avg8emc;AVG Free8 E-mail Scanner;c:\program files\avg\avg8\avgemc.exe --> c:\program files\avg\avg8\avgemc.exe [?]
    S2 avg8wd;AVG Free8 WatchDog;c:\program files\avg\avg8\avgwdsvc.exe --> c:\program files\avg\avg8\avgwdsvc.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-7 1343400]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]

    =============== Created Last 30 ================

    2010-12-27 19:33:26 -------- d-----w- c:\program files\iPod
    2010-12-27 19:33:22 -------- d-----w- c:\program files\iTunes
    2010-12-27 19:31:25 -------- d-----w- c:\program files\Bonjour
    2010-12-27 18:04:29 176488 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10136.bin
    2010-12-11 05:51:38 -------- d-----w- c:\users\bday\appdata\roaming\PC Tools
    2010-12-11 05:51:38 -------- d-----w- c:\program files\PC Tools Security
    2010-12-11 05:51:38 -------- d-----w- c:\program files\common files\PC Tools
    2010-12-11 05:48:17 -------- d-----w- c:\progra~2\PC Tools
    2010-12-11 04:56:23 -------- d-----w- c:\progra~2\MFAData
    2010-12-09 03:05:28 -------- d-----w- c:\program files\Trend Micro
    2010-11-30 22:56:23 -------- d-sh--w- c:\progra~2\SysWoW32
    2010-11-30 22:56:06 -------- d-sh--w- c:\progra~2\C767B469B60C99B79819980C0727220D
    2010-11-30 22:56:04 203776 --sh--w- c:\progra~2\unrar.exe
    2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ==================== Find3M ====================

    2010-10-07 18:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 18:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 18:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-10 03:45:21 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe
    2010-05-06 03:51:23 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe
    2010-04-03 23:01:55 11048840 ----a-w- c:\program files\veetle-0.9.17.exe

    ============= FINISH: 22:03:18.45 ===============

    Thanks for taking time to help. Please let me know next steps.
     
  5. crunchie

    crunchie Malware Helper Posts: 761

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
     
  6. igneous

    igneous TS Rookie Topic Starter

    combofix:

    ComboFix 10-12-28.01 - bday 12/28/2010 19:46:37.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2037.1117 [GMT -6:00]
    Running from: c:\users\bday\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\feed.txt
    c:\program files\RegGenie
    c:\program files\RegGenie\Backups\40085.8343557176
    c:\program files\RegGenie\RegGenie.ini
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\tbcore3.dll
    c:\program files\Search Toolbar\tbhelper.dll
    c:\program files\Search Toolbar\uninstall.exe
    c:\program files\Search Toolbar\update.exe
    c:\programdata\SysWoW32
    c:\programdata\SysWoW32\_u1624567196v0
    c:\programdata\SysWoW32\_u1624567196v1
    c:\programdata\SysWoW32\_u1624567196v2
    c:\programdata\SysWoW32\_u1624567196v3
    c:\programdata\SysWoW32\mu1624567196v4.kwd
    c:\programdata\SysWoW32\mu1624567196v5.kwd
    c:\programdata\SysWoW32\mu1624567196v6.kwd
    c:\programdata\SysWoW32\mu1624567196v7.kwd
    c:\programdata\SysWoW32\wu1624567196v0
    c:\programdata\SysWoW32\wu1624567196v0.kwd
    c:\programdata\SysWoW32\wu1624567196v1
    c:\programdata\SysWoW32\wu1624567196v1.kwd
    c:\programdata\SysWoW32\wu1624567196v2
    c:\programdata\SysWoW32\wu1624567196v2.kwd
    c:\programdata\SysWoW32\wu1624567196v3
    c:\programdata\SysWoW32\wu1624567196v3.kwd
    c:\programdata\unrar.exe
    c:\programdata\windows
    c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}
    c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}\chrome.manifest
    c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}\chrome\xulcache.jar
    c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}\defaults\preferences\xulcache.js
    c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}\install.rdf
    c:\windows\system32\BSTIEPrintCtl1.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
    .

    2010-12-29 01:53 . 2010-12-29 01:53 -------- d-----w- c:\users\bday\AppData\Local\temp
    2010-12-29 01:53 . 2010-12-29 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-29 01:43 . 2010-12-29 01:44 -------- d-----w- C:\32788R22FWJFW
    2010-12-27 19:33 . 2010-12-27 19:33 -------- d-----w- c:\program files\iPod
    2010-12-27 19:33 . 2010-12-27 19:33 -------- d-----w- c:\program files\iTunes
    2010-12-27 19:31 . 2010-12-27 19:31 -------- d-----w- c:\program files\Bonjour
    2010-12-27 18:04 . 2010-12-27 18:04 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
    2010-12-27 17:49 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-27 17:48 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-27 17:45 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-27 17:45 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-27 17:45 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-27 17:45 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-27 17:45 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-27 17:45 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-12-27 17:41 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-27 17:41 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-27 17:41 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-27 17:41 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-27 17:41 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2010-12-27 17:38 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-11 05:51 . 2010-12-27 18:59 -------- d-----w- c:\program files\PC Tools Security
    2010-12-11 05:51 . 2010-12-27 18:59 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-12-11 05:51 . 2010-12-11 05:51 -------- d-----w- c:\users\bday\AppData\Roaming\PC Tools
    2010-12-11 05:48 . 2010-12-27 18:59 -------- d-----w- c:\programdata\PC Tools
    2010-12-11 04:56 . 2010-12-11 04:56 -------- d-----w- c:\programdata\MFAData
    2010-12-09 03:05 . 2010-12-09 03:05 -------- d-----w- c:\program files\Trend Micro
    2010-11-30 22:56 . 2010-12-27 17:35 -------- d-sh--w- c:\programdata\C767B469B60C99B79819980C0727220D
    2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-27 17:34 . 2010-05-10 03:49 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-21 00:09 . 2010-05-22 23:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 00:08 . 2010-05-22 23:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-22 23:11 . 2010-05-10 03:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-10 03:45 . 2010-05-10 03:44 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe
    2010-05-06 03:51 . 2010-05-06 03:51 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe
    2010-04-03 23:01 . 2010-04-03 23:01 11048840 ----a-w- c:\program files\veetle-0.9.17.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "Google Update"="c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-11 133104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-15 524632]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
    "CHotkey"="zHotkey.exe" [2006-11-07 547840]
    "ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
    "ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe [2004-5-28 421888]
    NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2007-3-5 1679360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKLM\~\startupfolder\C:^Users^bday^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
    backup=c:\windows\pss\LaunchU3.exe.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^bday^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-30 721904]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\program files\AVG\AVG8\avgemc.exe [x]
    R2 avg8wd;AVG Free8 WatchDog;c:\program files\AVG\AVG8\avgwdsvc.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-28 3436784]
    R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1343400]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-01 64160]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-23 335240]
    S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-11 108552]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:35]

    2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617309455-594879788-2053407963-1000Core(36).job
    - c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 04:21]

    2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617309455-594879788-2053407963-1000Core.job
    - c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 04:21]

    2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617309455-594879788-2053407963-1000UA(37).job
    - c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 04:21]

    2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617309455-594879788-2053407963-1000UA.job
    - c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 04:21]

    2010-12-29 c:\windows\Tasks\Norton Security Scan for bday.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-24 16:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5464
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-76-0-TcDj
    FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: LoudMo Contextual Ad Assistant: {f2935609-24e8-14ec-f6b8-35a27d6c1004} - c:\program files\Mozilla Firefox\extensions\{f2935609-24e8-14ec-f6b8-35a27d6c1004}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{02305016-E4CC-4EAA-8458-569FF11BFF67} - c:\windows\system32\api-ms-win-core-interlocked-l1-1-032.dll
    Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
    WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
    AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe
    AddRemove-{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8} - c:\program files\HP\Digital Imaging\{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}\setup\hpzscr01.exe



    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-12-28 19:55:35
    ComboFix-quarantined-files.txt 2010-12-29 01:55

    Pre-Run: 146,247,413,760 bytes free
    Post-Run: 146,168,020,992 bytes free

    - - End Of File - - DCB60F1BCD9A4C1ED6E5F6404CED3570
     
  7. crunchie

    crunchie Malware Helper Posts: 761

    How are things now?

    ==

    You are running more than one anti-virus program. You need to uninstall any extras over and above the one AV as they will cause problems running together on the PC.
    Another option is to prevent the extra AV's from starting with Windows and use it/them as an on-demand scanner.

    ==

    Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

    c:\program files\avira_antivir_personal_en.exe
    c:\program files\runalyz-1.6.1.24.exe
    c:\program files\veetle-0.9.17.exe
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.