Last week i found a Personal Antivirus rogue software, spybot detected as a trojan and got rid of it, malwarebytes also detected it after spybot and got rid of it as well. Few scans later both say system is clean.
Today malwarebytes detects a trojan and asks me to heal it afterwards scan is clean. Spybot doesn't reveal any real threats besides some spyware.
This computer was formatted because it was out of control but i heard it's possible even with formats the trojan may remain.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:47 PM, on 8/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\AOL\1247117217\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1247117217\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6886A2E0-8E7B-4249-9C54-F29C0434CF30}: NameServer = 68.105.28.12,68.105.29.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{6886A2E0-8E7B-4249-9C54-F29C0434CF30}: NameServer = 68.105.28.12,68.105.29.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{6886A2E0-8E7B-4249-9C54-F29C0434CF30}: NameServer = 68.105.28.12,68.105.29.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6103 bytes
---------------------------
Previous topic: http://forums.spybot.info/showthread.php?t=49865
Hi tehgc
Download at your desktop DDS from one of the links below:
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Sing at 0:21:46.59 on Mon 08/03/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.568 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\AOL\1247117217\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Documents and Settings\Sing\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HostManager] c:\program files\common files\aol\1247117217\ee\AOLSoftware.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {6886A2E0-8E7B-4249-9C54-F29C0434CF30} = 68.105.28.12,68.105.29.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\sing\applic~1\mozilla\firefox\profiles\qgr6fgok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\sing\application data\mozilla\firefox\profiles\qgr6fgok.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-7 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-7 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-8 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-7 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-24 24652]
=============== Created Last 30 ================
2009-08-01 18:49 <DIR> --d----- c:\program files\Trend Micro
2009-07-26 14:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-07-26 11:55 <DIR> --d----- c:\docume~1\sing\applic~1\Malwarebytes
2009-07-26 11:55 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 11:55 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-26 11:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-26 11:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 11:39 <DIR> --d----- c:\docume~1\sing\applic~1\IObit
2009-07-26 11:39 <DIR> --d----- c:\program files\IObit
2009-07-26 10:31 <DIR> --d----- c:\program files\common files\Uninstall
2009-07-25 12:57 <DIR> --d----- c:\program files\DVDFab 6
2009-07-24 19:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-07-24 19:00 <DIR> --d----- c:\program files\AIM6
2009-07-12 00:13 <DIR> --d----- c:\docume~1\sing\applic~1\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
2009-07-12 00:12 <DIR> --d----- c:\docume~1\sing\applic~1\dota_allstars
2009-07-12 00:10 <DIR> --d----- C:\Games
2009-07-11 23:47 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-07-11 01:43 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-11 01:28 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-11 01:28 <DIR> --d--r-- c:\docume~1\sing\applic~1\Brother
2009-07-08 22:45 <DIR> --d----- c:\windows\Cache
2009-07-08 22:30 <DIR> --d----- c:\docume~1\sing\applic~1\AOL
2009-07-08 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-07-08 22:28 <DIR> --d----- c:\program files\Viewpoint
2009-07-08 22:28 <DIR> --d----- c:\program files\common files\Nullsoft
2009-07-08 22:28 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-07-08 22:28 <DIR> --d----- c:\program files\AOL Toolbar
2009-07-08 22:27 33,588 a----r-- c:\windows\system32\drivers\wanatw4.sys
2009-07-08 22:26 <DIR> --d----- c:\windows\aolshare
2009-07-08 22:26 <DIR> --d----- c:\program files\common files\aolshare
2009-07-08 22:26 <DIR> --d----- c:\program files\common files\aol
2009-07-08 22:26 <DIR> --d----- c:\program files\AOL 9.1
2009-07-08 18:34 40 a------- c:\windows\opt_2460.ini
2009-07-08 18:33 51 a------- c:\windows\brmx2001.ini
2009-07-08 18:03 32,592 a------- c:\windows\system32\msonpmon.dll
2009-07-08 17:57 <DIR> --d----- c:\windows\SHELLNEW
2009-07-08 17:46 <DIR> --d----- c:\program files\Brother
2009-07-08 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Brother
2009-07-08 17:37 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-07-08 16:21 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-08 16:17 <DIR> --ds---- c:\documents and settings\sing\UserData
2009-07-08 16:15 <DIR> --d----- c:\documents and settings\Sing
2009-07-08 08:54 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-07-08 08:54 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-07-08 08:54 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-07-08 08:54 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-07-08 08:53 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys
2009-07-08 08:53 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2009-07-08 08:53 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-07-08 08:53 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-07-08 08:53 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2009-07-08 08:53 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-07-08 08:53 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-07-08 08:53 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-07-08 08:53 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-07-08 08:51 4,444 a------- c:\windows\system32\pid.PNF
2009-07-08 08:51 356,120 a------- c:\windows\system32\PerfStringBackup.INI
2009-07-08 08:51 <DIR> --dsh--- c:\windows\Installer
2009-07-08 08:51 4,161 a------- c:\windows\ODBCINST.INI
2009-07-08 08:51 <DIR> --d----- c:\program files\common files\ODBC
2009-07-08 08:51 77,824 ac------ c:\windows\system32\dllcache\spcommon.dll
2009-07-08 08:51 61,440 ac------ c:\windows\system32\dllcache\spcplui.dll
2009-07-08 08:50 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-07-08 08:50 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-07-08 08:48 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-07-08 08:47 843 a------- c:\windows\system32\$winnt$.inf
2009-07-08 06:58 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-07-08 06:58 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-07-08 06:57 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-08 06:55 <DIR> --d----- c:\program files\Online Services
2009-07-08 06:55 <DIR> --d----- c:\program files\Messenger
2009-07-08 06:55 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-07-08 06:55 <DIR> --d----- c:\program files\Windows NT
2009-07-07 16:48 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-07 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-07 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-07 16:44 <DIR> --d----- c:\program files\AVG
2009-07-07 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
==================== Find3M ====================
2009-07-13 11:32 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-08 16:55 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-08 06:56 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-07 16:45 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-07 16:45 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-21 08:46 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-09 12:42 323,641 a------- c:\windows\system32\usrdtea.dll
2009-06-09 12:34 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-06-09 12:33 668,160 a------- c:\windows\system32\wininet.dll
2009-06-09 12:33 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-09 12:33 1,847,808 a------- c:\windows\system32\win32k.sys
2009-06-09 12:33 346,112 a------- c:\windows\system32\localspl.dll
2009-06-09 12:33 1,288,192 a------- c:\windows\system32\quartz.dll
2009-06-09 12:31 155,648 a------- c:\windows\system32\wscript.exe
2009-06-09 12:31 90,112 a------- c:\windows\system32\wshext.dll
2009-06-09 12:31 1,053,696 a------- c:\windows\system32\wmnetmgr.dll
2009-06-09 12:31 430,080 a------- c:\windows\system32\vbscript.dll
2009-06-09 12:31 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-09 12:31 225,856 a------- c:\windows\system32\drivers\tcpip6.sys
2009-06-09 12:31 247,326 a------- c:\windows\system32\strmdll.dll
2009-06-09 12:31 333,952 a------- c:\windows\system32\drivers\srv.sys
2009-06-09 12:31 180,224 a------- c:\windows\system32\scrobj.dll
2009-06-09 12:31 172,032 a------- c:\windows\system32\scrrun.dll
2009-06-09 12:31 144,896 a------- c:\windows\system32\schannel.dll
2009-06-09 12:31 203,136 a------- c:\windows\system32\drivers\RMCast.sys
2009-06-09 12:30 1,307,648 a------- c:\windows\system32\msxml6.dll
2009-06-09 12:30 1,106,944 a------- c:\windows\system32\msxml3.dll
2009-06-09 12:30 245,248 a------- c:\windows\system32\mswsock.dll
2009-06-09 12:30 74,240 a------- c:\windows\system32\mscms.dll
2009-06-09 12:30 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-06-09 12:30 103,936 a------- c:\windows\system32\logagent.exe
2009-06-09 12:30 691,712 a------- c:\windows\system32\inetcomm.dll
2009-06-09 12:30 286,720 a------- c:\windows\system32\gdi32.dll
2009-06-09 12:30 253,952 a------- c:\windows\system32\es.dll
2009-06-09 12:30 135,168 a------- c:\windows\system32\cscript.exe
2009-06-09 12:29 272,128 a------- c:\windows\system32\drivers\bthport.sys
2009-06-09 12:26 138,496 a------- c:\windows\system32\drivers\afd.sys
============= FINISH: 0:22:12.95 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2009 7:02:36 AM
System Uptime: 8/3/2009 12:18:29 AM (0 hours ago)
Motherboard: ECS | | P4M800PRO-M
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | CPU 1 | 2661/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 47.977 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_18771019&REV_60\3&267A616A&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_18771019&REV_60\3&267A616A&0&8D
Service:
==== System Restore Points ===================
RP1: 7/8/2009 4:16:07 PM - System Checkpoint
RP2: 7/7/2009 4:44:39 PM - Installed AVG Free 8.5
RP3: 7/8/2009 4:55:27 PM - Avg8 Update
RP4: 7/8/2009 4:56:16 PM - Avg8 Update
RP5: 7/8/2009 5:46:01 PM - Installed Brother MFL-Pro Suite
RP6: 7/8/2009 5:46:22 PM - Printer Driver Brother PC-FAX Installed
RP7: 7/8/2009 5:56:42 PM - Installed Microsoft Office Enterprise 2007
RP8: 7/8/2009 6:03:09 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP9: 7/8/2009 10:29:30 PM - Installed Windows Media Format 9 Series Runtime Setup
RP10: 7/8/2009 10:46:09 PM - Installed Adobe Reader 6.0
RP11: 7/11/2009 2:09:08 AM - System Checkpoint
RP12: 7/13/2009 11:31:33 AM - System Checkpoint
RP13: 7/14/2009 8:58:07 PM - System Checkpoint
RP14: 7/17/2009 4:28:53 PM - Avg8 Update
RP15: 7/18/2009 4:56:35 PM - System Checkpoint
RP16: 7/19/2009 7:30:00 PM - System Checkpoint
RP17: 7/21/2009 2:04:04 PM - System Checkpoint
RP18: 7/26/2009 11:29:47 AM - System Checkpoint
RP19: 7/26/2009 11:39:41 AM - Advanced SystemCare RestorePoint
RP20: 7/27/2009 9:04:14 PM - System Checkpoint
RP21: 7/31/2009 12:10:04 PM - System Checkpoint
RP22: 8/1/2009 12:38:54 PM - System Checkpoint
RP23: 8/2/2009 9:01:02 PM - System Checkpoint
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Advanced SystemCare 3
AIM 6
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AVG Free 8.5
Brother MFL-Pro Suite
DotA Allstars Launcher
Download Updater (AOL LLC)
DVDFab 6.0.1.0 by CATER / AHCU
HijackThis 2.0.2
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.5.1)
NVIDIA Drivers
Security Update for Windows XP (KB969898)
Spybot - Search & Destroy
Uninstall AOL Emergency Connect Utility 1.0
Update for Windows XP (KB955839)
Viewpoint Media Player
Warcraft III
WebFldrs XP
==== End Of File ===========================
Nothing special there.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.