Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6468
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/28/2011 9:59:52 PM
mbam-log-2011-04-28 (21-59-52).txt
Scan type: Quick scan
Objects scanned: 155255
Time elapsed: 6 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA3A1762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8A79A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP4T0L0-12 8A79A27F
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Device\Ide\IdeDeviceP3T0L0-7 -> \??\IDE#DiskHitachi_HDP725016GLA380_________________GMBOA52A#5&2422feac&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/3/2009 7:29:14 PM
System Uptime: 4/28/2011 9:46:17 PM (1 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1607/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 43.379 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.758 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP725: 1/28/2011 6:45:35 PM - System Checkpoint
RP726: 1/29/2011 7:35:13 PM - System Checkpoint
RP727: 1/30/2011 8:58:59 PM - System Checkpoint
RP728: 1/31/2011 9:51:02 PM - System Checkpoint
RP729: 2/1/2011 10:35:13 PM - System Checkpoint
RP730: 2/2/2011 11:35:13 PM - System Checkpoint
RP731: 2/4/2011 12:30:35 AM - System Checkpoint
RP732: 2/5/2011 1:30:35 AM - System Checkpoint
RP733: 2/6/2011 2:30:38 AM - System Checkpoint
RP734: 2/7/2011 3:30:38 AM - System Checkpoint
RP735: 2/8/2011 3:33:01 AM - System Checkpoint
RP736: 2/9/2011 4:33:01 AM - System Checkpoint
RP737: 2/9/2011 6:22:59 PM - Software Distribution Service 3.0
RP738: 2/10/2011 6:35:06 PM - System Checkpoint
RP739: 2/11/2011 7:34:02 PM - System Checkpoint
RP740: 2/12/2011 7:51:34 PM - System Checkpoint
RP741: 2/13/2011 10:01:38 AM - Removed Skype Toolbars
RP742: 2/13/2011 10:02:14 AM - Removed Skype™ 4.2
RP743: 2/14/2011 10:28:42 AM - System Checkpoint
RP744: 2/15/2011 11:08:18 AM - System Checkpoint
RP745: 2/16/2011 1:04:17 PM - System Checkpoint
RP746: 2/17/2011 2:03:06 PM - System Checkpoint
RP747: 2/18/2011 3:28:41 PM - System Checkpoint
RP748: 2/19/2011 4:04:11 PM - System Checkpoint
RP749: 2/20/2011 4:06:54 PM - System Checkpoint
RP750: 2/21/2011 4:12:49 PM - System Checkpoint
RP751: 2/22/2011 5:03:06 PM - System Checkpoint
RP752: 2/23/2011 6:23:18 PM - System Checkpoint
RP753: 2/24/2011 7:03:06 PM - System Checkpoint
RP754: 2/25/2011 8:04:11 PM - System Checkpoint
RP755: 2/26/2011 9:03:07 PM - System Checkpoint
RP756: 2/27/2011 9:04:12 PM - System Checkpoint
RP757: 2/28/2011 10:03:16 PM - System Checkpoint
RP758: 3/1/2011 11:03:15 PM - System Checkpoint
RP759: 3/3/2011 12:32:30 AM - System Checkpoint
RP760: 3/4/2011 1:35:10 AM - System Checkpoint
RP761: 3/5/2011 2:03:15 AM - System Checkpoint
RP762: 3/6/2011 3:03:15 AM - System Checkpoint
RP763: 3/7/2011 4:03:16 AM - System Checkpoint
RP764: 3/8/2011 3:00:14 AM - Software Distribution Service 3.0
RP765: 3/9/2011 3:03:16 AM - System Checkpoint
RP766: 3/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP767: 3/11/2011 3:03:16 AM - System Checkpoint
RP768: 3/12/2011 4:03:16 AM - System Checkpoint
RP769: 3/13/2011 5:03:16 AM - System Checkpoint
RP770: 3/14/2011 6:14:18 AM - System Checkpoint
RP771: 3/15/2011 8:43:14 AM - System Checkpoint
RP772: 3/16/2011 3:00:14 AM - Software Distribution Service 3.0
RP773: 3/17/2011 3:21:17 AM - System Checkpoint
RP774: 3/18/2011 4:21:17 AM - System Checkpoint
RP775: 3/19/2011 6:26:15 AM - System Checkpoint
RP776: 3/20/2011 9:33:29 AM - System Checkpoint
RP777: 3/21/2011 10:10:14 AM - System Checkpoint
RP778: 3/22/2011 5:05:13 PM - System Checkpoint
RP779: 3/22/2011 7:10:39 PM - Installed Java(TM) 6 Update 24
RP780: 3/23/2011 7:39:29 PM - System Checkpoint
RP781: 3/24/2011 8:49:30 PM - System Checkpoint
RP782: 3/26/2011 9:41:52 AM - System Checkpoint
RP783: 3/27/2011 10:32:07 AM - System Checkpoint
RP784: 3/28/2011 11:07:07 AM - System Checkpoint
RP785: 3/29/2011 11:08:13 AM - System Checkpoint
RP786: 3/30/2011 12:02:39 PM - System Checkpoint
RP787: 3/31/2011 12:17:03 PM - System Checkpoint
RP788: 4/1/2011 12:24:13 PM - System Checkpoint
RP789: 4/2/2011 12:44:32 PM - System Checkpoint
RP790: 4/3/2011 1:08:31 PM - System Checkpoint
RP791: 4/4/2011 2:18:36 PM - System Checkpoint
RP792: 4/5/2011 3:58:38 PM - System Checkpoint
RP793: 4/6/2011 7:11:29 PM - System Checkpoint
RP794: 4/7/2011 7:39:00 PM - System Checkpoint
RP795: 4/8/2011 9:03:57 PM - System Checkpoint
RP796: 4/9/2011 9:39:00 PM - System Checkpoint
RP797: 4/10/2011 10:39:00 PM - System Checkpoint
RP798: 4/11/2011 11:39:00 PM - System Checkpoint
RP799: 4/12/2011 11:39:05 PM - System Checkpoint
RP800: 4/13/2011 7:27:36 PM - Installed Windows Internet Explorer 8.
RP801: 4/13/2011 8:47:47 PM - Removed AVG 2011
RP802: 4/13/2011 8:48:40 PM - Removed AVG 2011
RP803: 4/13/2011 9:02:24 PM - Installed AVG 2011
RP804: 4/13/2011 9:02:44 PM - Installed AVG 2011
RP805: 4/14/2011 5:38:25 AM - Removed AVG 2011
RP806: 4/14/2011 5:39:19 AM - Removed AVG 2011
RP807: 4/15/2011 6:19:37 AM - System Checkpoint
RP808: 4/15/2011 6:44:12 PM - Installed AVG 2011
RP809: 4/15/2011 6:44:37 PM - Installed AVG 2011
RP810: 4/16/2011 9:08:50 PM - System Checkpoint
RP811: 4/17/2011 9:48:32 PM - System Checkpoint
RP812: 4/18/2011 10:36:32 PM - System Checkpoint
RP813: 4/19/2011 10:36:35 PM - System Checkpoint
RP814: 4/20/2011 11:36:36 PM - System Checkpoint
RP815: 4/22/2011 12:36:36 AM - System Checkpoint
RP816: 4/23/2011 1:36:36 AM - System Checkpoint
RP817: 4/24/2011 2:45:51 AM - System Checkpoint
RP818: 4/24/2011 7:12:28 AM - Restore Operation
RP819: 4/24/2011 7:58:45 AM - Restore Operation
RP820: 4/24/2011 8:18:31 AM - Restore Operation
RP821: 4/24/2011 8:41:07 AM - Restore Operation
RP822: 4/24/2011 7:28:43 PM - Installed AVG 2011
RP823: 4/24/2011 7:29:12 PM - Installed AVG 2011
RP824: 4/25/2011 6:47:47 PM - Removed AVG 2011
RP825: 4/25/2011 6:48:40 PM - Removed AVG 2011
RP826: 4/26/2011 6:54:08 PM - System Checkpoint
RP827: 4/27/2011 7:08:14 PM - System Checkpoint
RP828: 4/28/2011 7:08:24 PM - avast! Free Antivirus Setup
.
==== Hosts File Hijack ======================
.
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100
www.getantivirusplusnow.com
Hosts: 74.125.45.100
www.secure-plus-payments.com
Hosts: 74.125.45.100
www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100
www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 216.45.48.244
www.google.com
Hosts: 216.45.48.244 google.com
Hosts: 216.45.48.244 google.com.au
Hosts: 216.45.48.244
www.google.com.au
Hosts: 216.45.48.244 google.be
Hosts: 216.45.48.244
www.google.be
Hosts: 216.45.48.244 google.com.br
Hosts: 216.45.48.244
www.google.com.br
Hosts: 216.45.48.244 google.ca
Hosts: 216.45.48.244
www.google.ca
Hosts: 216.45.48.244 google.ch
Hosts: 216.45.48.244
www.google.ch
Hosts: 216.45.48.244 google.de
Hosts: 216.45.48.244
www.google.de
Hosts: 216.45.48.244 google.dk
Hosts: 216.45.48.244
www.google.dk
Hosts: 216.45.48.244 google.fr
Hosts: 216.45.48.244
www.google.fr
Hosts: 216.45.48.244 google.ie
Hosts: 216.45.48.244
www.google.ie
Hosts: 216.45.48.244 google.it
Hosts: 216.45.48.244
www.google.it
Hosts: 216.45.48.244 google.co.jp
Hosts: 216.45.48.244
www.google.co.jp
Hosts: 216.45.48.244 google.nl
Hosts: 216.45.48.244
www.google.nl
Hosts: 216.45.48.244 google.no
Hosts: 216.45.48.244
www.google.no
Hosts: 216.45.48.244 google.co.nz
Hosts: 216.45.48.244
www.google.co.nz
Hosts: 216.45.48.244 google.pl
Hosts: 216.45.48.244
www.google.pl
Hosts: 216.45.48.244 google.se
Hosts: 216.45.48.244
www.google.se
Hosts: 216.45.48.244 google.co.uk
Hosts: 216.45.48.244
www.google.co.uk
Hosts: 216.45.48.244 google.co.za
Hosts: 216.45.48.244
www.google.co.za
Hosts: 216.45.48.244
www.google-analytics.com
Hosts: 216.45.48.244
www.bing.com
Hosts: 216.45.48.244 search.yahoo.com
Hosts: 216.45.48.244
www.search.yahoo.com
Hosts: 216.45.48.244 uk.search.yahoo.com
Hosts: 216.45.48.244 ca.search.yahoo.com
Hosts: 216.45.48.244 de.search.yahoo.com
Hosts: 216.45.48.244 fr.search.yahoo.com
Hosts: 216.45.48.244 au.search.yahoo.com
.
==== Installed Programs ======================
.
AAC Decoder
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Agere Systems PCI-SV92EX Soft Modem
Ares 2.1.1
AutoUpdate
avast! Free Antivirus
AVG 2011
Bonjour
BufferChm
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink Power2Go
CyberLink PowerDVD
D1500
D1500_Help
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
eMachines Games
eSupportQFolder
Facebook Plug-In
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 13
Java(TM) 6 Update 18
Java(TM) 6 Update 23
Java(TM) 6 Update 5
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MKV Splitter
Mozilla Firefox (3.6.15)
MSVCSetup
NTI Media Maker 8
NVIDIA Drivers
OpenOffice.org 3.2
PerfectDisk 10 Professional
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Recuva
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Uniblue ProcessQuickLink 2
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoToolkit01
VLC media player 1.0.1
WebEx
WebEx Productivity Tools
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Workspace Desktop
Yahoo! Software Update
Yahoo! Toolbar
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/28/2011 9:31:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The PDAgent service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:05 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:03 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 9:31:03 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
4/28/2011 8:22:12 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/28/2011 12:13:52 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
4/28/2011 1:35:32 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D72B254D9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/28/2011 1:24:56 PM, error: Dhcp [1002] - The IP address lease 67.60.87.41 for the Network Card with network address 001D72B254D9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/26/2011 5:04:45 AM, error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 2 time(s).
4/26/2011 5:04:39 AM, error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
4/26/2011 5:04:39 AM, error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
4/26/2011 5:04:31 AM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 6:57:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips Processor SASDIFSV SASKUTIL
4/25/2011 6:44:01 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/25/2011 5:41:33 PM, error: Service Control Manager [7034] - The File Backup Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:41:17 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/25/2011 5:28:45 PM, error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:41 PM, error: Service Control Manager [7034] - The Alerter service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:35 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:22 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:28:22 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
4/25/2011 5:19:51 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
4/25/2011 5:06:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/25/2011 5:06:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/25/2011 12:15:31 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0017EE7043FD. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/24/2011 8:40:41 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
4/24/2011 8:39:16 AM, error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
4/24/2011 6:42:56 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
.
==== End Of File ===========================
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Delbert Carr at 22:12:09.93 on Thu 04/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2117 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Starfield\WorkspaceUpdate.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Starfield\offSyncService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
H:\virus suit\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Starfield Updater] "c:\program files\starfield\WorkspaceUpdate.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
mRun: [LaunchApp]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjAyMTEyMzU4LUJBKzEtS1YzKzctWEwrMS1UMi1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLVZJUDEwKzEtRjEwTTEwRCsyLUNJQTEwKzItRkwxMCsxLUxJQysxLVhPMTArMTE"&"prod=90"&"ver=10.0.1325
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nazcare.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\delber~1\applic~1\mozilla\firefox\profiles\ehxjen98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2566951&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\{ec5def39-7b74-48b7-a4e7-1d95bb1674a8}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\delbert carr\application data\mozilla\firefox\profiles\ehxjen98.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\webex\productivity tools\components\OCFF.dll
FF - plugin: c:\documents and settings\delbert carr\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\documents and settings\delbert carr\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-28 307288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-28 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-28 42184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1215216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-3 136176]
.
=============== Created Last 30 ================
.
2011-04-29 04:52:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 04:52:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 02:09:16 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-29 02:08:43 40112 ----a-w- c:\windows\avastSS.scr
2011-04-29 02:08:24 -------- d-----w- c:\program files\AVAST Software
2011-04-29 02:08:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-04-26 13:31:00 -------- d-----w- c:\docume~1\delber~1\locals~1\applic~1\PackageAware
2011-04-26 12:07:51 -------- d-----w- c:\program files\Uniblue
2011-04-24 14:17:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-24 14:17:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-16 01:44:51 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-14 12:32:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-14 12:11:46 -------- d-----w- c:\docume~1\delber~1\locals~1\applic~1\AVG Security Toolbar
2011-04-14 02:26:01 -------- dc-h--w- c:\windows\ie8
2011-04-01 03:29:12 -------- d-----w- c:\docume~1\delber~1\applic~1\SUPERAntiSpyware.com
2011-04-01 03:29:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-01 03:27:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-31 00:17:22 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDP725016GLA380 rev.GMBOA52A -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-7
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A79A439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7a07d0]; MOV EAX, [0x8a7a084c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A7ACAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006b[0x8A911250]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A865D98]
\Driver\atapi[0x8A8ABBB8] -> IRP_MJ_CREATE -> 0x8A79A439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-7 -> \??\IDE#DiskHitachi_HDP725016GLA380_________________GMBOA52A#5&2422feac&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A79A27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:14:21.76 ===============