Logs , sorry for the delay.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8140
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/14/2011 6:57:33 PM
mbam-log-2011-11-14 (18-57-33).txt
Scan type: Quick scan
Objects scanned: 51003
Time elapsed: 14 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
_____________
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2011-11-14 22:24:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: GMER.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\kglcakob.sys
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[192] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1757981266-73586283-1801674531-1004@RefCount 61
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB42967$\2303012498 0 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\bckfg.tmp 847 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\cfg.ini 366 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\L 0 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\L\exeuavms 162816 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\U 0 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2303012498\U\80000032.@ 96256 bytes
File C:\WINDOWS\$NtUninstallKB42967$\2328178969 0 bytes
File C:\WINDOWS\$NtUninstallKB22568$\2303012498 0 bytes
File C:\WINDOWS\$NtUninstallKB22568$\2303012498\L 0 bytes
File C:\WINDOWS\$NtUninstallKB22568$\2303012498\U 0 bytes
File C:\WINDOWS\$NtUninstallKB22568$\61065199 0 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Michael at 22:26:44 on 2011-11-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.509 [GMT -8:00]
.
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Michael\Desktop\LeapFrog Connect\CommandService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\rpcnet.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Michael\Desktop\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Monitor] "c:\documents and settings\michael\desktop\leapfrog connect\Monitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search -
http://tbedits.mywebsearch.com/one-...JUS&si=&a=xSNQ2VBJBNmv7Nyn8kTXOA&n=2010040518
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: secureserver.net\email17
Trusted Zone: ucla.edu\remote.mednet
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://myportfolio.brownshoe.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,811,2213
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\michael\locals~1\temp\ixp000.tmp\InstallerControl.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://remote.mednet.ucla.edu/vdesk/terminal/f5InspectionHost.cab#version=6031,2009,1204,1603
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://download-games.pogo.com/online2/pogo/diner_dash_2/DinerDash2.1.0.0.53.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://myportfolio.brownshoe.com/vdesk/terminal/vdeskctrl.cab#version=6030,2009,0824,2130
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://download-games.pogo.com/online2/pogo/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://myportfolio.brownshoe.com/vdesk/terminal/urxshost.cab#version=6030,2009,828,1610
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://myportfolio.brownshoe.com/vdesk/terminal/urxhost.cab#version=6030,2009,828,1606
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{E34FBB4B-F263-4BFA-A464-0E2CC4EAF107} : DhcpNameServer = 192.168.1.1 68.238.64.12
Notify: AtiExtEvent - Ati2evxx.dll
Notify: necusb - nwusbw32.dll
Notify: nwusbw32 - nwusbw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2009-11-18 3456]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S2 necusb;NEC USB Device Service;c:\windows\system32\svchost.exe -k necusb3 [2004-8-12 14336]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-13 18560]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
.
=============== Created Last 30 ================
.
2011-11-12 21:15:54 -------- d-----w- c:\documents and settings\michael\application data\Windows Search
2011-11-11 17:11:22 37888 ----a-w- c:\windows\system32\nwusbw32.dll
2011-11-11 08:26:52 -------- d-----w- c:\documents and settings\michael\application data\AVG
2011-11-11 07:50:37 -------- d-----w- c:\windows\MATS
2011-11-11 07:50:28 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-11-11 07:40:36 -------- d-----w- c:\documents and settings\michael\application data\ElevatedDiagnostics
2011-11-11 07:26:37 1043 ----a-w- c:\windows\system32\0.2827484657236714.exe
2011-11-11 06:51:43 -------- d-----w- c:\documents and settings\michael\application data\AVG2012
2011-11-11 06:48:39 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-11-10 23:44:24 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-11-10 23:44:24 58288 ------w- c:\windows\system32\rpcnet.exe
2011-11-10 13:11:39 16896 ----a-w- c:\windows\system32\Rpcnetp.exe
2011-10-20 06:00:15 -------- d-----w- C:\8B3A3
2011-10-20 05:59:56 -------- d-----w- c:\program files\LP
2011-10-20 04:37:01 -------- d-----w- C:\Adobe
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 01:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 22:27:10.75 ===============