Well helping my friend with his computer. Currently the links are be redirected when he clicks on them. This happens in Firefox and IE.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4094
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
5/12/2010 3:45:50 PM
mbam-log-2010-05-12 (15-45-50).txt
Scan type: Quick scan
Objects scanned: 122542
Time elapsed: 3 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\PRAGMAbiqjpwtpev (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\PRAGMAorpvnsspib (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\PRAGMArtccpxepmt (Trojan.DNSChanger) -> No action taken.
Files Infected:
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
Did click to remove these but clicked to save log before I did.
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Stevo at 16:12:33.51 on Wed 05/12/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1716 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Stevo\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Fraps] c:\fraps\FRAPS.EXE
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Zboard] f:\program files\fang\Zboard.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~2.lnk - c:\windows\installer\{bdc88e5a-f47b-4314-ab38-994592e32c95}\NewShortcut1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link rangebooster n dwa-142\wirelesscm.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171793540890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} - hxxp://config.hyosungcdn.com/download/p3xset.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\stevo\applic~1\mozilla\firefox\profiles\myprdm2u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=mpues&hl=en
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\stevo\application data\mozilla\firefox\profiles\myprdm2u.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\stevo\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\stevo\application data\mozilla\firefox\profiles\myprdm2u.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\stevo\application data\mozilla\firefox\profiles\myprdm2u.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\stevo\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\stevo\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-2-16 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-2-16 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-10 64288]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-25 242896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-25 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-16 29512]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-13 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
S2 gupdate1c9b79c4eb6d65a;Google Update Service (gupdate1c9b79c4eb6d65a);c:\program files\google\update\GoogleUpdate.exe [2009-4-7 133104]
S3 MAUSBJL;Service for M-Audio JamLab Driver (WDM);c:\windows\system32\drivers\mausbjl.sys --> c:\windows\system32\drivers\mausbjl.sys [?]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2009-3-12 215552]
=============== Created Last 30 ================
2010-05-12 19:33:26 0 d-----w- c:\docume~1\stevo\applic~1\Malwarebytes
2010-05-12 19:33:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 19:33:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-12 19:33:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 19:33:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 19:31:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 16:44:48 0 d-----w- c:\docume~1\stevo\applic~1\Logishrd
2010-05-12 01:49:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-11 13:59:57 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-11 13:59:47 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-11 13:59:47 0 d-----w- c:\docume~1\stevo\applic~1\SUPERAntiSpyware.com
2010-05-11 04:37:17 0 d-----w- c:\program files\ESET
2010-05-10 04:41:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-10 04:41:06 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-10 04:37:31 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-10 04:37:15 0 d-----w- c:\program files\Lavasoft
2010-05-04 22:16:21 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-17 05:54:22 821 ----a-w- c:\documents and settings\stevo\.recently-used.xbel
2010-04-16 03:37:57 151 ----a-w- c:\windows\PhotoSnapViewer.INI
2010-04-15 03:26:30 0 d-----w- c:\program files\common files\xing shared
==================== Find3M ====================
2010-04-20 15:08:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 133616 -c----w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 -c----w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-03-13 15:01:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
============= FINISH: 16:13:20.17 ===============
Could not get gmer to work. As soon as I started it the gui would lock up so I could not uncheck the devices and about 2 seconds later it would crash. After the crash was unable to shut down windows.
Please help as this is a very frustrating 1. If you want a hijack this log I have 1 attached.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4094
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
5/12/2010 3:45:50 PM
mbam-log-2010-05-12 (15-45-50).txt
Scan type: Quick scan
Objects scanned: 122542
Time elapsed: 3 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\PRAGMAbiqjpwtpev (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\PRAGMAorpvnsspib (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\PRAGMArtccpxepmt (Trojan.DNSChanger) -> No action taken.
Files Infected:
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
Did click to remove these but clicked to save log before I did.
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Stevo at 16:12:33.51 on Wed 05/12/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1716 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Stevo\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Fraps] c:\fraps\FRAPS.EXE
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Zboard] f:\program files\fang\Zboard.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~2.lnk - c:\windows\installer\{bdc88e5a-f47b-4314-ab38-994592e32c95}\NewShortcut1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link rangebooster n dwa-142\wirelesscm.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171793540890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} - hxxp://config.hyosungcdn.com/download/p3xset.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\stevo\applic~1\mozilla\firefox\profiles\myprdm2u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=mpues&hl=en
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\stevo\application data\mozilla\firefox\profiles\myprdm2u.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\stevo\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\stevo\application data\mozilla\firefox\profiles\myprdm2u.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\stevo\application data\mozilla\firefox\profiles\myprdm2u.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\stevo\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\stevo\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-2-16 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-2-16 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-10 64288]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-25 242896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-25 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-16 29512]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-13 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
S2 gupdate1c9b79c4eb6d65a;Google Update Service (gupdate1c9b79c4eb6d65a);c:\program files\google\update\GoogleUpdate.exe [2009-4-7 133104]
S3 MAUSBJL;Service for M-Audio JamLab Driver (WDM);c:\windows\system32\drivers\mausbjl.sys --> c:\windows\system32\drivers\mausbjl.sys [?]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2009-3-12 215552]
=============== Created Last 30 ================
2010-05-12 19:33:26 0 d-----w- c:\docume~1\stevo\applic~1\Malwarebytes
2010-05-12 19:33:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 19:33:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-12 19:33:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 19:33:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 19:31:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 16:44:48 0 d-----w- c:\docume~1\stevo\applic~1\Logishrd
2010-05-12 01:49:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-11 13:59:57 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-11 13:59:47 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-11 13:59:47 0 d-----w- c:\docume~1\stevo\applic~1\SUPERAntiSpyware.com
2010-05-11 04:37:17 0 d-----w- c:\program files\ESET
2010-05-10 04:41:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-10 04:41:06 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-10 04:37:31 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-10 04:37:15 0 d-----w- c:\program files\Lavasoft
2010-05-04 22:16:21 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-17 05:54:22 821 ----a-w- c:\documents and settings\stevo\.recently-used.xbel
2010-04-16 03:37:57 151 ----a-w- c:\windows\PhotoSnapViewer.INI
2010-04-15 03:26:30 0 d-----w- c:\program files\common files\xing shared
==================== Find3M ====================
2010-04-20 15:08:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 133616 -c----w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 -c----w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-03-13 15:01:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
============= FINISH: 16:13:20.17 ===============
Could not get gmer to work. As soon as I started it the gui would lock up so I could not uncheck the devices and about 2 seconds later it would crash. After the crash was unable to shut down windows.
Please help as this is a very frustrating 1. If you want a hijack this log I have 1 attached.
