Inactive My logs 5 steps

[Shauntime]

Hi All

Couldn't get access to internet a few months back ran malwarebytes in safe mode everything seemed fine. My computer won't allow me to run hijack this i get an error message about host files not allowing write access. I am worried there is still something lurking.

My Logs after 5 steps (gmer log seems a little short)


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Shaun at 1:13:51 on 2011-12-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3543.1435 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\libusbd-nt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Championship Manager 01-02\cm0102.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shaun\Downloads\jccjyp4j.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Users\Shaun\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uRun: [Google Update] "c:\users\shaun\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRunOnce: [DSC3 updater] "c:\users\shaun\downloads\aulauncher.exe" /launchrunonce
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\shaun\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\shaun\appdata\roaming\microsoft\windows\start menu\programs\startup\TalkTalk Setup CD Reporting Tool.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\shaun\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{180EDE38-1A86-45C7-82E6-5B294E5005EE} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shaun\appdata\roaming\mozilla\firefox\profiles\o5mh2u1c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\shaun\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\shaun\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\shaun\appdata\roaming\electronic arts\game face\npGameFacePlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-4-14 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-1-13 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-10-17 16472]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-1-7 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-1-7 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-1-7 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-1-7 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-1-7 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-1-7 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-1-7 109864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-5-1 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-1 234888]
.
=============== Created Last 30 ================
.
2011-12-13 00:46:58 388096 ----a-r- c:\users\shaun\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-13 00:11:52 -------- d-----w- c:\program files\Elaborate Bytes
.
==================== Find3M ====================
.
2011-11-10 11:04:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.
============= FINISH: 1:14:54.90 ===============







GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-13 01:11:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925032 rev.DE06
Running: jccjyp4j.exe; Driver: C:\Users\Shaun\AppData\Local\Temp\pxldapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-13 01:11:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925032 rev.DE06
Running: jccjyp4j.exe; Driver: C:\Users\Shaun\AppData\Local\Temp\pxldapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----



Thanks
Shaun

 

[Shauntime]

further log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8331

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

13/12/2011 01:24:05
mbam-log-2011-12-13 (01-24-05).txt

Scan type: Quick scan
Objects scanned: 185824
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I still need Attach.txt part of DDS.

Uninstall Ask Toolbar, typical foistware.

Then...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Shauntime]

All logs that were asked for.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 14/04/2009 09:12:51
System Uptime: 04/12/2011 06:54:02 (211 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 0.469 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 15 GiB total, 8.233 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
==== System Restore Points ===================
.
RP604: 10/12/2011 00:00:01 - Scheduled Checkpoint
RP605: 11/12/2011 04:23:56 - Scheduled Checkpoint
RP606: 12/12/2011 00:00:02 - Scheduled Checkpoint
RP607: 13/12/2011 00:12:34 - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP608: 13/12/2011 00:46:12 - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
888poker
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
µTorrent
AVG 2012
BeebEm
Bonjour
calibre
CCleaner
Championship Manager 01-02
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CM3 Series SaveGame Editor 4.0 Build 4000
Compatibility Pack for the 2007 Office system
dBpoweramp Music Converter
Dell-eBay
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Direct WAV MP3 Splitter version 2.7.0.25
EA SPORTS Gameface Browser Plugin 1.3.1.0
Express Burn
Express Rip
Font Viewer 2.0
Free M4a to MP3 Converter 6.1
Free YouTube to MP3 Converter version 3.10.11.923
Google Chrome
GoToAssist 8.0.0.514
Guitar Pro 5.0
GX10i COM-Handset Manager
GX10i USB-Handset Manager
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 11
Junk Mail filter update
K-Lite Mega Codec Pack 6.5.0
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Go
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.24)
Mp3tag v2.48
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
Nero 7 Premium
neroxml
OGA Notifier 2.0.0048.0
Orange Mobile Partner
PeerBlock 1.0.0 (r181)
PKR
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerDVD
Prism Video Converter
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SHARP GSM GPRS Driver Ver1.1.1
Skype Click to Call
Skype™ 5.5
Spelling Dictionaries Support For Adobe Reader 9
SWOS-Total Pack 1.10-pre4
Ultra Video Joiner 6.2.0411
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VirtualCloneDrive
Vuze
Vuze Toolbar
Vuze_Remote Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinFF 1.0
WinRAR archiver
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
06/12/2011 00:03:34, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
.
==== End Of File ===========================



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-13 16:30:58
-----------------------------
16:30:58.271 OS Version: Windows 6.0.6002 Service Pack 2
16:30:58.271 Number of processors: 2 586 0x170A
16:30:58.272 ComputerName: LPTOP UserName: Shaun
16:31:01.657 Initialize success
16:33:52.215 AVAST engine defs: 11121301
16:34:01.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:34:01.794 Disk 0 Vendor: ST925032 DE06 Size: 238475MB BusType: 3
16:34:01.840 Disk 0 MBR read successfully
16:34:01.840 Disk 0 MBR scan
16:34:01.840 Disk 0 Windows VISTA default MBR code
16:34:01.840 Disk 0 scanning sectors +488395120
16:34:01.996 Disk 0 scanning C:\Windows\system32\drivers
16:34:23.353 Service scanning
16:34:24.492 Modules scanning
16:34:31.278 Disk 0 trace - called modules:
16:34:31.324 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:34:31.324 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d4aac8]
16:34:31.340 3 CLASSPNP.SYS[8b59d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x852cc028]
16:34:33.118 AVAST engine scan C:\Windows
16:34:37.627 AVAST engine scan C:\Windows\system32
16:38:14.085 AVAST engine scan C:\Windows\system32\drivers
16:38:33.117 AVAST engine scan C:\Users\Shaun
16:42:59.646 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
16:42:59.647 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-13 16:30:58
-----------------------------
16:30:58.271 OS Version: Windows 6.0.6002 Service Pack 2
16:30:58.271 Number of processors: 2 586 0x170A
16:30:58.272 ComputerName: LPTOP UserName: Shaun
16:31:01.657 Initialize success
16:33:52.215 AVAST engine defs: 11121301
16:34:01.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:34:01.794 Disk 0 Vendor: ST925032 DE06 Size: 238475MB BusType: 3
16:34:01.840 Disk 0 MBR read successfully
16:34:01.840 Disk 0 MBR scan
16:34:01.840 Disk 0 Windows VISTA default MBR code
16:34:01.840 Disk 0 scanning sectors +488395120
16:34:01.996 Disk 0 scanning C:\Windows\system32\drivers
16:34:23.353 Service scanning
16:34:24.492 Modules scanning
16:34:31.278 Disk 0 trace - called modules:
16:34:31.324 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:34:31.324 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d4aac8]
16:34:31.340 3 CLASSPNP.SYS[8b59d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x852cc028]
16:34:33.118 AVAST engine scan C:\Windows
16:34:37.627 AVAST engine scan C:\Windows\system32
16:38:14.085 AVAST engine scan C:\Windows\system32\drivers
16:38:33.117 AVAST engine scan C:\Users\Shaun
16:42:59.646 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
16:42:59.647 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"
17:12:05.257 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
17:12:05.273 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-13 16:30:58
-----------------------------
16:30:58.271 OS Version: Windows 6.0.6002 Service Pack 2
16:30:58.271 Number of processors: 2 586 0x170A
16:30:58.272 ComputerName: LPTOP UserName: Shaun
16:31:01.657 Initialize success
16:33:52.215 AVAST engine defs: 11121301
16:34:01.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:34:01.794 Disk 0 Vendor: ST925032 DE06 Size: 238475MB BusType: 3
16:34:01.840 Disk 0 MBR read successfully
16:34:01.840 Disk 0 MBR scan
16:34:01.840 Disk 0 Windows VISTA default MBR code
16:34:01.840 Disk 0 scanning sectors +488395120
16:34:01.996 Disk 0 scanning C:\Windows\system32\drivers
16:34:23.353 Service scanning
16:34:24.492 Modules scanning
16:34:31.278 Disk 0 trace - called modules:
16:34:31.324 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:34:31.324 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d4aac8]
16:34:31.340 3 CLASSPNP.SYS[8b59d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x852cc028]
16:34:33.118 AVAST engine scan C:\Windows
16:34:37.627 AVAST engine scan C:\Windows\system32
16:38:14.085 AVAST engine scan C:\Windows\system32\drivers
16:38:33.117 AVAST engine scan C:\Users\Shaun
16:42:59.646 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
16:42:59.647 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"
17:12:05.257 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
17:12:05.273 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"
17:18:19.393 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
17:18:19.400 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"


ComboFix 11-12-12.02 - Shaun 13/12/2011 17:50:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3543.2425 [GMT 0:00]
Running from: c:\users\Shaun\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PacificPoker\Unwise.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-13 17:58 . 2011-12-13 17:58 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-12-13 17:58 . 2011-12-13 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 00:46 . 2011-12-13 00:46 388096 ----a-r- c:\users\Shaun\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-13 00:11 . 2011-12-13 00:11 -------- d-----w- c:\program files\Elaborate Bytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 11:04 . 2011-07-21 12:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X]
"DSC3 updater"="c:\users\Shaun\Downloads\aulauncher.exe" [2010-12-20 1740104]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"AvgRemover"="c:\users\Shaun\Downloads\avg_remover_stf_x86_2012_1796.exe" [2011-12-13 1692968]
.
c:\users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
TalkTalk Setup CD Reporting Tool.exe [2010-8-2 725768]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-14 13:44 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 17:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1995732039-3840689316-4048209621-1000Core.job
- c:\users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 13:23]
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1995732039-3840689316-4048209621-1000UA.job
- c:\users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Shaun\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\o5mh2u1c.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-888poker - c:\progra~1\PACIFI~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-13 17:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1995732039-3840689316-4048209621-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B6FE4FEE-6D30-5969-C1B2-DFD814D6B688}*]
"oaeibbenofajiagieiigifooccdmgo"=hex:6a,61,61,62,67,67,65,63,66,6b,63,6f,70,66,
70,68,67,69,6b,68,00,00
"naoilhkmmclenbdfbhjkhphkccgi"=hex:6a,61,61,62,67,67,65,63,66,6b,63,6f,70,66,
70,68,67,69,6b,68,00,00
.
[HKEY_USERS\S-1-5-21-1995732039-3840689316-4048209621-1000\Software\SecuROM\License information*]
"datasecu"=hex:85,dc,23,a3,99,3a,9e,c9,d8,02,e3,43,ec,cf,3a,fa,2f,9f,34,fb,d6,
40,f2,c1,47,e5,db,0a,9d,66,d4,73,4b,2d,65,c6,50,b6,c2,e5,55,e5,5c,93,2d,11,\
"rkeysecu"=hex:76,a4,46,0f,1a,72,f1,0f,55,4e,f3,87,b4,26,d3,f2
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-13 18:01:53
ComboFix-quarantined-files.txt 2011-12-13 18:01
.
Pre-Run: 2,443,132,928 bytes free
Post-Run: 2,350,075,904 bytes free
.
- - End Of File - - 714D4A51065069AE302E984F03D2AD2E




Thanks for the help, hope this is all in order

 

[Broni]

I don't see anything malicious there.

My computer won't allow me to run hijack this i get an error message about host files not allowing write access

We don't use HJT around here anymore but to comment on the above.
In Vista HJT must be run by right clicking on the program and clicking on "Run as Administrator".

You should be good to go.

 

[Shauntime]

HJT

wasn't sure what to use only turned to hjt to see if there were was anything out of order. Is there any programs more suited to malware removal than malware bytes or is it likely i'm clean.

Thanks

 

[Broni]

You're clean.
MBAM is an excellent program.

Don't forget to reinstall AVG.

 

[Shauntime]

thanks

thanks for the help and advice. Your time is much appreciated. Cheers Shaun

 

[Broni]

You're very welcome