View Full Version : Need Help!
kylejome
2009-11-19, 03:30
Spybot has recognized two issues that the program will not fix. Please help!!
1. Fraud.Windows protection suite
2. Microsoft.Windows.Redirected Hosts
The redirected hosts is a pain because it is mainly attacking Google and will not let me access as a search engine. I have tried to follow similiar removals found on the web for redirected host issue. When I look for the hosts file under C:\Windows\System 32\Drivers\etc\ the hosts file is not there. However when I type the location into the RUN location it finds the file and all of the associated entries which are associated with the problem. I cannot make any mods to the hosts file or save a new file to the directory.
Thanks
Hi there,
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
kylejome
2009-11-23, 05:42
Hello, thanks for your response.
When I try to run RSIT I get an error message that it is not a valid WIN32 application. Should I proceed to the second step which was to run GMER?
Thanks,
kylejome
2009-11-23, 05:47
I went ahead and ran GMER, here is the results.
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-22 22:46:28
Windows 5.1.2600 Service Pack 3
Running: q5xgdldw.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\uxryipog.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF844DE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF842ECDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF842EECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF844E610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF844E8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF844CB14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF844ED30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF844E0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF842E982]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 150 804E27AC 4 Bytes CALL 4B7F1FF5
.text ntoskrnl.exe!_abnormal_termination + 450 804E2AAC 4 Bytes JMP 34E522F3
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[248] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[248] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E351FF7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[248] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[248] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E351FBC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[248] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[248] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F3E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[248] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352032 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[248] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[248] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3521F4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [027E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [027BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [027E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [027E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [027BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [027BB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [027BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [027BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [027BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [027E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [027E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [027BB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [027BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [027B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [027BA320] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [027BA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [027BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [027E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [027E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [027B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [027BA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [027E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [027E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [027BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [027B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [027BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [027BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [027E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [027B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [027BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [027E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [027E0920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CreateFileA] [027BAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [027E08C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [027BB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [027BAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [027E08F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [027BB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [027BB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [027E0950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [027E0890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [027BB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[248] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [027B9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 PCTCore.sys (PC Tools KDS Core Driver/PC Tools)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
---- EOF - GMER 1.0.15 ----
Hi,
Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
See if you're able to run rsit now.
kylejome
2009-11-24, 03:25
Here is the exehelperlog. Still unable to run RSIT. Same error message
exeHelper by Raktor
Build 20091122
Run at 20:20:13 on 11/23/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Ok. Let's try this.
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
kylejome
2009-11-24, 20:15
Not sure how to disable script blockers. Here are both log files as requested.
Thanks,
DDS (Ver_09-11-24.02) - NTFSx86
Run by user at 13:01:57.09 on Tue 11/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.151 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Windows Protection Suite *On-access scanning enabled* (Updated) {0ED28B31-A1D1-48DD-A1D0-B0A6022D6A0B}
FW: Windows Protection Suite *enabled* {500BB44F-F419-48E9-A3F4-9CBBB2777A48}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\user\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 9789079703)" -"http://www.miniclip.com/games/cab-driver/en/"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210346341384
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210346409242
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219539086193&h=a0ec722e2be8781c584f8f737b43418e/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://cam5.brett-robinson.com/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: xofhvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
Hosts: 94.232.248.66 security-problem.microsoft.com
Hosts: 94.232.248.66 inetavirus.com
Hosts: 94.232.248.66 www.inetavirus.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-18 207280]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-8 108552]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-5-9 16384]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-8 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-18 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-18 358600]
=============== Created Last 30 ================
2009-11-19 00:38:28 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-19 00:38:28 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-19 00:38:28 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-19 00:38:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-19 00:38:28 131 ----a-w- c:\windows\IDB.zip
2009-11-19 00:38:27 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-19 00:38:27 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-19 00:38:27 1152470 ----a-w- c:\windows\UDB.zip
2009-11-19 00:31:23 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-19 00:31:23 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-19 00:30:58 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-19 00:30:58 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-19 00:30:58 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-19 00:30:58 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-19 00:30:45 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-19 00:30:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-19 00:30:31 0 d-----w- c:\program files\Spyware Doctor
2009-11-19 00:30:31 0 d-----w- c:\program files\common files\PC Tools
2009-11-19 00:30:31 0 d-----w- c:\docume~1\user\applic~1\PC Tools
2009-11-19 00:30:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
==================== Find3M ====================
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 21:46:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
============= FINISH: 13:02:31.91 ===============
DDS (Ver_09-11-24.02)
Microsoft Windows XP Professional
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x6fc05e200+1
Install Date: 5/9/2008 9:12:24 AM
System Uptime: 11/24/2009 12:43:31 PM (1 hours ago)
Motherboard: IBM | | 2888WD8
Processor: Intel(R) Pentium(R) M processor 1.70GHz | None | 1694/400mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 28 GiB total, 19.6 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP120: 8/26/2009 7:59:50 PM - System Checkpoint
RP121: 8/26/2009 9:07:43 PM - Software Distribution Service 3.0
RP122: 8/28/2009 4:44:26 PM - Avg8 Update
RP123: 8/28/2009 4:46:55 PM - Avg8 Update
RP124: 8/29/2009 5:48:09 PM - System Checkpoint
RP125: 9/1/2009 9:42:44 PM - System Checkpoint
RP126: 9/1/2009 11:03:49 PM - Software Distribution Service 3.0
RP127: 9/3/2009 9:35:53 PM - System Checkpoint
RP128: 9/9/2009 5:37:47 PM - Software Distribution Service 3.0
RP129: 9/15/2009 5:24:52 PM - System Checkpoint
RP130: 9/17/2009 10:42:10 PM - System Checkpoint
RP131: 9/22/2009 4:48:05 PM - System Checkpoint
RP132: 9/23/2009 8:54:53 PM - System Checkpoint
RP133: 9/26/2009 4:14:06 PM - System Checkpoint
RP134: 9/28/2009 7:32:00 AM - System Checkpoint
RP135: 10/3/2009 9:31:56 AM - System Checkpoint
RP136: 10/4/2009 5:42:35 PM - System Checkpoint
RP137: 10/5/2009 7:21:44 PM - Avg8 Update
RP138: 10/5/2009 7:24:29 PM - Avg8 Update
RP139: 10/6/2009 7:39:03 PM - System Checkpoint
RP140: 10/7/2009 6:37:56 PM - Avg8 Update
RP141: 10/8/2009 7:21:18 PM - System Checkpoint
RP142: 10/10/2009 10:06:24 AM - System Checkpoint
RP143: 10/11/2009 7:50:49 PM - System Checkpoint
RP144: 10/13/2009 8:01:40 PM - System Checkpoint
RP145: 10/14/2009 10:42:32 PM - Software Distribution Service 3.0
RP146: 10/15/2009 11:25:08 PM - System Checkpoint
RP147: 10/16/2009 5:52:14 PM - Avg8 Update
RP148: 10/18/2009 5:32:07 PM - System Checkpoint
RP149: 10/19/2009 10:30:38 PM - System Checkpoint
RP150: 10/20/2009 8:17:17 PM - Avg8 Update
RP151: 10/22/2009 6:44:31 PM - System Checkpoint
RP152: 10/23/2009 8:29:29 PM - System Checkpoint
RP153: 10/25/2009 2:53:42 PM - System Checkpoint
RP154: 10/27/2009 6:21:21 PM - System Checkpoint
RP155: 11/1/2009 9:42:02 PM - System Checkpoint
RP156: 11/3/2009 9:07:14 PM - Avg8 Update
RP157: 11/4/2009 4:00:16 AM - Software Distribution Service 3.0
RP158: 11/5/2009 11:10:39 PM - Avg8 Update
RP159: 11/7/2009 8:56:08 PM - System Checkpoint
RP160: 11/9/2009 11:21:21 PM - System Checkpoint
RP161: 11/11/2009 9:24:41 AM - Software Distribution Service 3.0
RP162: 11/12/2009 11:12:14 PM - System Checkpoint
RP163: 11/14/2009 12:22:20 AM - System Checkpoint
RP164: 11/15/2009 6:49:30 AM - System Checkpoint
RP165: 11/17/2009 6:01:27 PM - System Checkpoint
RP166: 11/18/2009 8:15:26 PM - System Checkpoint
RP167: 11/20/2009 6:03:33 PM - Software Distribution Service 3.0
RP168: 11/22/2009 8:10:16 PM - System Checkpoint
==== Hosts File Hijack ======================
Hosts: 94.232.248.66 security-problem.microsoft.com
Hosts: 94.232.248.66 inetavirus.com
Hosts: 94.232.248.66 www.inetavirus.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 64.86.17.32 google.ae
Hosts: 64.86.17.32 google.as
Hosts: 64.86.17.32 google.at
Hosts: 64.86.17.32 google.az
Hosts: 64.86.17.32 google.ba
Hosts: 64.86.17.32 google.be
Hosts: 64.86.17.32 google.bg
Hosts: 64.86.17.32 google.bs
Hosts: 64.86.17.32 google.ca
Hosts: 64.86.17.32 google.cd
Hosts: 64.86.17.32 google.com.gh
Hosts: 64.86.17.32 google.com.hk
Hosts: 64.86.17.32 google.com.jm
Hosts: 64.86.17.32 google.com.mx
Hosts: 64.86.17.32 google.com.my
Hosts: 64.86.17.32 google.com.na
Hosts: 64.86.17.32 google.com.nf
Hosts: 64.86.17.32 google.com.ng
Hosts: 64.86.17.32 google.ch
Hosts: 64.86.17.32 google.com.np
Hosts: 64.86.17.32 google.com.pr
Hosts: 64.86.17.32 google.com.qa
Hosts: 64.86.17.32 google.com.sg
Hosts: 64.86.17.32 google.com.tj
Hosts: 64.86.17.32 google.com.tw
Hosts: 64.86.17.32 google.dj
Hosts: 64.86.17.32 google.de
Hosts: 64.86.17.32 google.dk
Hosts: 64.86.17.32 google.dm
Hosts: 64.86.17.32 google.ee
Hosts: 64.86.17.32 google.fi
Hosts: 64.86.17.32 google.fm
Hosts: 64.86.17.32 google.fr
Hosts: 64.86.17.32 google.ge
Hosts: 64.86.17.32 google.gg
Hosts: 64.86.17.32 google.gm
Hosts: 64.86.17.32 google.gr
Hosts: 64.86.17.32 google.ht
Hosts: 64.86.17.32 google.ie
Hosts: 64.86.17.32 google.im
Hosts: 64.86.17.32 google.in
Hosts: 64.86.17.32 google.it
Hosts: 64.86.17.32 google.ki
Hosts: 64.86.17.32 google.la
Hosts: 64.86.17.32 google.li
Hosts: 64.86.17.32 google.lv
Hosts: 64.86.17.32 google.ma
Hosts: 64.86.17.32 google.ms
Hosts: 64.86.17.32 google.mu
Hosts: 64.86.17.32 google.mw
Hosts: 64.86.17.32 google.nl
Hosts: 64.86.17.32 google.no
Hosts: 64.86.17.32 google.nr
Hosts: 64.86.17.32 google.nu
Hosts: 64.86.17.32 google.pl
Hosts: 64.86.17.32 google.pn
Hosts: 64.86.17.32 google.pt
Hosts: 64.86.17.32 google.ro
Hosts: 64.86.17.32 google.ru
Hosts: 64.86.17.32 google.rw
Hosts: 64.86.17.32 google.sc
Hosts: 64.86.17.32 google.se
Hosts: 64.86.17.32 google.sh
Hosts: 64.86.17.32 google.si
Hosts: 64.86.17.32 google.sm
Hosts: 64.86.17.32 google.sn
Hosts: 64.86.17.32 google.st
Hosts: 64.86.17.32 google.tl
Hosts: 64.86.17.32 google.tm
Hosts: 64.86.17.32 google.tt
Hosts: 64.86.17.32 google.us
Hosts: 64.86.17.32 google.vu
Hosts: 64.86.17.32 google.ws
Hosts: 64.86.17.32 google.co.ck
Hosts: 64.86.17.32 google.co.id
Hosts: 64.86.17.32 google.co.il
Hosts: 64.86.17.32 google.co.in
Hosts: 64.86.17.32 google.co.jp
Hosts: 64.86.17.32 google.co.kr
Hosts: 64.86.17.32 google.co.ls
Hosts: 64.86.17.32 google.co.ma
Hosts: 64.86.17.32 google.co.nz
Hosts: 64.86.17.32 google.co.tz
Hosts: 64.86.17.32 google.co.ug
Hosts: 64.86.17.32 google.co.uk
Hosts: 64.86.17.32 google.co.za
Hosts: 64.86.17.32 google.co.zm
Hosts: 64.86.17.32 google.com
Hosts: 64.86.17.32 google.com.af
Hosts: 64.86.17.32 google.com.ag
Hosts: 64.86.17.32 google.com.ar
Hosts: 64.86.17.32 google.com.au
Hosts: 64.86.17.32 google.com.bn
Hosts: 64.86.17.32 google.com.br
Hosts: 64.86.17.32 google.com.by
Hosts: 64.86.17.32 google.com.bz
Hosts: 64.86.17.32 google.com.cu
Hosts: 64.86.17.32 google.com.ec
Hosts: 64.86.17.32 google.com.fj
Hosts: 64.86.17.32 www.google.ae
Hosts: 64.86.17.32 www.google.as
Hosts: 64.86.17.32 www.google.at
Hosts: 64.86.17.32 www.google.az
Hosts: 64.86.17.32 www.google.ba
Hosts: 64.86.17.32 www.google.be
Hosts: 64.86.17.32 www.google.bg
Hosts: 64.86.17.32 www.google.bs
Hosts: 64.86.17.32 www.google.ca
Hosts: 64.86.17.32 www.google.cd
Hosts: 64.86.17.32 www.google.com.gh
Hosts: 64.86.17.32 www.google.com.hk
Hosts: 64.86.17.32 www.google.com.jm
Hosts: 64.86.17.32 www.google.com.mx
Hosts: 64.86.17.32 www.google.com.my
Hosts: 64.86.17.32 www.google.com.na
Hosts: 64.86.17.32 www.google.com.nf
Hosts: 64.86.17.32 www.google.com.ng
Hosts: 64.86.17.32 www.google.ch
Hosts: 64.86.17.32 www.google.com.np
Hosts: 64.86.17.32 www.google.com.pr
Hosts: 64.86.17.32 www.google.com.qa
Hosts: 64.86.17.32 www.google.com.sg
Hosts: 64.86.17.32 www.google.com.tj
Hosts: 64.86.17.32 www.google.com.tw
Hosts: 64.86.17.32 www.google.dj
Hosts: 64.86.17.32 www.google.de
Hosts: 64.86.17.32 www.google.dk
Hosts: 64.86.17.32 www.google.dm
Hosts: 64.86.17.32 www.google.ee
Hosts: 64.86.17.32 www.google.fi
Hosts: 64.86.17.32 www.google.fm
Hosts: 64.86.17.32 www.google.fr
Hosts: 64.86.17.32 www.google.ge
Hosts: 64.86.17.32 www.google.gg
Hosts: 64.86.17.32 www.google.gm
Hosts: 64.86.17.32 www.google.gr
Hosts: 64.86.17.32 www.google.ht
Hosts: 64.86.17.32 www.google.ie
Hosts: 64.86.17.32 www.google.im
Hosts: 64.86.17.32 www.google.in
Hosts: 64.86.17.32 www.google.it
Hosts: 64.86.17.32 www.google.ki
Hosts: 64.86.17.32 www.google.la
Hosts: 64.86.17.32 www.google.li
Hosts: 64.86.17.32 www.google.lv
Hosts: 64.86.17.32 www.google.ma
Hosts: 64.86.17.32 www.google.ms
Hosts: 64.86.17.32 www.google.mu
Hosts: 64.86.17.32 www.google.mw
Hosts: 64.86.17.32 www.google.nl
Hosts: 64.86.17.32 www.google.no
Hosts: 64.86.17.32 www.google.nr
Hosts: 64.86.17.32 www.google.nu
Hosts: 64.86.17.32 www.google.pl
Hosts: 64.86.17.32 www.google.pn
Hosts: 64.86.17.32 www.google.pt
Hosts: 64.86.17.32 www.google.ro
Hosts: 64.86.17.32 www.google.ru
Hosts: 64.86.17.32 www.google.rw
Hosts: 64.86.17.32 www.google.sc
Hosts: 64.86.17.32 www.google.se
Hosts: 64.86.17.32 www.google.sh
Hosts: 64.86.17.32 www.google.si
Hosts: 64.86.17.32 www.google.sm
Hosts: 64.86.17.32 www.google.sn
Hosts: 64.86.17.32 www.google.st
Hosts: 64.86.17.32 www.google.tl
Hosts: 64.86.17.32 www.google.tm
Hosts: 64.86.17.32 www.google.tt
Hosts: 64.86.17.32 www.google.us
Hosts: 64.86.17.32 www.google.vu
Hosts: 64.86.17.32 www.google.ws
Hosts: 64.86.17.32 www.google.co.ck
Hosts: 64.86.17.32 www.google.co.id
Hosts: 64.86.17.32 www.google.co.il
Hosts: 64.86.17.32 www.google.co.in
Hosts: 64.86.17.32 www.google.co.jp
Hosts: 64.86.17.32 www.google.co.kr
Hosts: 64.86.17.32 www.google.co.ls
Hosts: 64.86.17.32 www.google.co.ma
Hosts: 64.86.17.32 www.google.co.nz
Hosts: 64.86.17.32 www.google.co.tz
Hosts: 64.86.17.32 www.google.co.ug
Hosts: 64.86.17.32 www.google.co.uk
Hosts: 64.86.17.32 www.google.co.za
Hosts: 64.86.17.32 www.google.co.zm
Hosts: 64.86.17.32 www.google.com
Hosts: 64.86.17.32 www.google.com.af
Hosts: 64.86.17.32 www.google.com.ag
Hosts: 64.86.17.32 www.google.com.ar
Hosts: 64.86.17.32 www.google.com.au
Hosts: 64.86.17.32 www.google.com.bn
Hosts: 64.86.17.32 www.google.com.br
Hosts: 64.86.17.32 www.google.com.by
Hosts: 64.86.17.32 www.google.com.bz
Hosts: 64.86.17.32 www.google.com.cu
Hosts: 64.86.17.32 www.google.com.ec
Hosts: 64.86.17.32 www.google.com.fj
Hosts: 64.86.17.32 google.com
Hosts: 64.86.17.32 www.google.com
Hosts: 64.86.17.32 bing.com
Hosts: 64.86.17.32 www.bing.com
Hosts: 64.86.17.32 search.yahoo.com
Hosts: 64.86.17.32 www.search.yahoo.com
Hosts: 64.86.17.32 search.live.com
Hosts: 64.86.17.32 search.msn.com
==== Installed Programs ======================
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Bejeweled 2 Deluxe
Bonjour
Browser Defender 2.0.6.10
Critical Update for Windows Media Player 11 (KB959772)
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
IBM ThinkPad Battery MaxiMiser and Power Management Features
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections Drivers
iTunes
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
PowerDVD
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SoundMAX
Spybot - Search & Destroy
Spyware Doctor 7.0
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Integrated 56K Modem
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
==== End Of File ===========================
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
kylejome
2009-11-25, 00:53
I had trouble shutting avg down but think I did. Here are the two log files requested.
Thanks,
ComboFix 09-11-24.02 - user 11/24/2009 17:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.191 [GMT -6:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1715567821-706699826-1343024091-1003
.
((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.
2009-11-19 00:46 . 2009-11-19 00:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Threat Expert
2009-11-19 00:38 . 2009-10-08 17:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-19 00:38 . 2009-10-08 17:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-19 00:38 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2009-11-19 00:38 . 2009-10-08 17:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-19 00:38 . 2009-10-08 17:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-19 00:38 . 2009-10-02 20:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-19 00:31 . 2009-09-24 14:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-19 00:30 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-19 00:30 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-19 00:30 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-19 00:30 . 2009-11-19 04:43 -------- d-----w- c:\program files\Spyware Doctor
2009-11-19 00:30 . 2009-11-19 00:38 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-19 00:30 . 2009-11-19 00:30 -------- d-----w- c:\documents and settings\user\Application Data\PC Tools
2009-11-19 00:30 . 2009-11-19 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 23:30 . 2008-12-23 01:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-15 02:46 . 2009-10-22 00:28 -------- d-----w- c:\program files\RealArcade
2009-11-12 01:13 . 2009-01-09 01:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 20:37 . 2008-09-16 02:57 12328 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2008-04-14 09:42 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-01-09 01:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-01-09 01:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2008-04-14 09:42 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2008-04-14 09:42 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-04-14 09:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-04-14 09:41 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 21:46 . 2009-01-09 02:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 21:45 . 2009-01-09 02:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 21:45 . 2009-01-09 02:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-04 2028312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 21:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/18/2009 6:30 PM 207280]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 4:32 PM 19504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/8/2009 8:50 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/8/2009 8:50 PM 108552]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [5/9/2008 8:46 AM 16384]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/8/2009 8:50 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/8/2009 8:50 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/18/2009 6:38 PM 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/18/2009 6:30 PM 358600]
.
Contents of the 'Scheduled Tasks' folder
2008-05-09 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-05-09 05:38]
2009-11-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
AddRemove-bejeweled2deluxe - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2024)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-24 17:44
ComboFix-quarantined-files.txt 2009-11-24 23:44
Pre-Run: 20,933,828,608 bytes free
Post-Run: 20,958,019,584 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 82CAC6D603D1FB59B692D8478BFFA779
DDS (Ver_09-11-24.02) - NTFSx86
Run by user at 17:50:04.67 on Tue 11/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.154 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 9789079703)" -"http://www.miniclip.com/games/cab-driver/en/"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210346341384
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210346409242
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219539086193&h=a0ec722e2be8781c584f8f737b43418e/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://cam5.brett-robinson.com/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.232.248.66 security-problem.microsoft.com
Hosts: 94.232.248.66 inetavirus.com
Hosts: 94.232.248.66 www.inetavirus.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-18 207280]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-8 108552]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-5-9 16384]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-8 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-18 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-18 358600]
=============== Created Last 30 ================
2009-11-24 23:36:07 0 d-sha-r- C:\cmdcons
2009-11-24 23:34:25 98816 ----a-w- c:\windows\sed.exe
2009-11-24 23:34:25 77312 ----a-w- c:\windows\MBR.exe
2009-11-24 23:34:25 260608 ----a-w- c:\windows\PEV.exe
2009-11-24 23:34:25 161792 ----a-w- c:\windows\SWREG.exe
2009-11-19 00:38:28 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-19 00:38:28 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-19 00:38:28 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-19 00:38:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-19 00:38:28 131 ----a-w- c:\windows\IDB.zip
2009-11-19 00:38:27 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-19 00:38:27 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-19 00:38:27 1152470 ----a-w- c:\windows\UDB.zip
2009-11-19 00:31:23 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-19 00:31:23 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-19 00:30:58 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-19 00:30:58 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-19 00:30:58 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-19 00:30:58 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-19 00:30:45 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-19 00:30:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-19 00:30:31 0 d-----w- c:\program files\Spyware Doctor
2009-11-19 00:30:31 0 d-----w- c:\program files\common files\PC Tools
2009-11-19 00:30:31 0 d-----w- c:\docume~1\user\applic~1\PC Tools
2009-11-19 00:30:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
==================== Find3M ====================
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 21:46:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
============= FINISH: 17:50:15.53 ===============
kylejome
2009-11-25, 05:08
Figured out how to disable AVG and ran ComboFix again, posting new log and DDS log.
Thanks,
ComboFix 09-11-24.02 - user 11/24/2009 21:55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.118 [GMT -6:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.
2009-11-19 00:46 . 2009-11-19 00:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Threat Expert
2009-11-19 00:38 . 2009-10-08 17:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-19 00:38 . 2009-10-08 17:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-19 00:38 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2009-11-19 00:38 . 2009-10-08 17:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-19 00:38 . 2009-10-08 17:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-19 00:38 . 2009-10-02 20:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-19 00:31 . 2009-09-24 14:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-19 00:30 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-19 00:30 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-19 00:30 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-19 00:30 . 2009-11-19 04:43 -------- d-----w- c:\program files\Spyware Doctor
2009-11-19 00:30 . 2009-11-19 00:38 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-19 00:30 . 2009-11-19 00:30 -------- d-----w- c:\documents and settings\user\Application Data\PC Tools
2009-11-19 00:30 . 2009-11-19 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 03:51 . 2008-12-23 01:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-15 02:46 . 2009-10-22 00:28 -------- d-----w- c:\program files\RealArcade
2009-11-12 01:13 . 2009-01-09 01:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 20:37 . 2008-09-16 02:57 12328 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2008-04-14 09:42 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-01-09 01:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-01-09 01:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2008-04-14 09:42 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2008-04-14 09:42 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-04-14 09:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-04-14 09:41 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 21:46 . 2009-01-09 02:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 21:45 . 2009-01-09 02:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 21:45 . 2009-01-09 02:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-04 2028312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 21:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/18/2009 6:30 PM 207280]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 4:32 PM 19504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/8/2009 8:50 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/8/2009 8:50 PM 108552]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [5/9/2008 8:46 AM 16384]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/8/2009 8:50 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/8/2009 8:50 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/18/2009 6:38 PM 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/18/2009 6:30 PM 358600]
.
Contents of the 'Scheduled Tasks' folder
2008-05-09 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-05-09 05:38]
2009-11-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-24 22:02
ComboFix-quarantined-files.txt 2009-11-25 04:02
ComboFix2.txt 2009-11-24 23:44
Pre-Run: 20,971,307,008 bytes free
Post-Run: 20,935,290,880 bytes free
- - End Of File - - D429DB9DB283BEC9811AD683ADA26619
DDS (Ver_09-11-24.02) - NTFSx86
Run by user at 22:07:18.65 on Tue 11/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.168 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 9789079703)" -"http://www.miniclip.com/games/cab-driver/en/"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210346341384
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210346409242
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219539086193&h=a0ec722e2be8781c584f8f737b43418e/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://cam5.brett-robinson.com/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 94.232.248.66 security-problem.microsoft.com
Hosts: 94.232.248.66 inetavirus.com
Hosts: 94.232.248.66 www.inetavirus.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-18 207280]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-8 108552]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-5-9 16384]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-8 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-18 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-18 358600]
=============== Created Last 30 ================
2009-11-24 23:36:07 0 d-sha-r- C:\cmdcons
2009-11-24 23:34:25 98816 ----a-w- c:\windows\sed.exe
2009-11-24 23:34:25 77312 ----a-w- c:\windows\MBR.exe
2009-11-24 23:34:25 260608 ----a-w- c:\windows\PEV.exe
2009-11-24 23:34:25 161792 ----a-w- c:\windows\SWREG.exe
2009-11-19 00:38:28 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-19 00:38:28 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-19 00:38:28 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-19 00:38:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-19 00:38:28 131 ----a-w- c:\windows\IDB.zip
2009-11-19 00:38:27 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-19 00:38:27 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-19 00:38:27 1152470 ----a-w- c:\windows\UDB.zip
2009-11-19 00:31:23 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-19 00:31:23 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-19 00:30:58 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-19 00:30:58 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-19 00:30:58 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-19 00:30:58 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-19 00:30:45 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-19 00:30:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-19 00:30:31 0 d-----w- c:\program files\Spyware Doctor
2009-11-19 00:30:31 0 d-----w- c:\program files\common files\PC Tools
2009-11-19 00:30:31 0 d-----w- c:\docume~1\user\applic~1\PC Tools
2009-11-19 00:30:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
==================== Find3M ====================
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 21:46:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
============= FINISH: 22:07:25.72 ===============
Hi,
Did ComboFix reboot the system? If not, reboot and post a fresh dds log after that.
kylejome
2009-11-25, 16:07
Good morning,
ComboFix did not automatically reboot either time I ran it (I ran it twice). However, I did manually reboot between the first time it ran and the second time.
I will run combofix again, reboot, and then run and post a new dds log.
Thanks,
kylejome
2009-11-26, 04:47
Ran combo fix for the third time and it did not reboot my computer automatically. I did a manual reboot and ran dds, no changes from previous post.
Thanks,
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\windows\system32\drivers\etc\hosts
DDS::
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 17 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
kylejome
2009-11-26, 08:48
Cant run kaspersky due to an issue with internet connection stability. Here are requested followups.
Thanks, I think we are making progress. When I open IE it opens google, was not able to do this prior to your help.
ComboFix 09-11-24.02 - user 11/26/2009 0:08.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.206 [GMT -6:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\drivers\etc\hosts"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\etc\hosts
.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.
2009-11-26 00:30 . 2009-11-06 04:10 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-26 00:30 . 2009-11-04 02:06 3513624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-26 00:30 . 2009-11-04 02:06 2028312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-19 00:46 . 2009-11-19 00:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Threat Expert
2009-11-19 00:38 . 2009-10-08 17:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-19 00:38 . 2009-10-08 17:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-19 00:38 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2009-11-19 00:38 . 2009-10-08 17:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-19 00:38 . 2009-10-08 17:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-19 00:38 . 2009-10-02 20:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-19 00:31 . 2009-09-24 14:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-19 00:30 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-19 00:30 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-19 00:30 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-19 00:30 . 2009-11-19 04:43 -------- d-----w- c:\program files\Spyware Doctor
2009-11-19 00:30 . 2009-11-19 00:38 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-19 00:30 . 2009-11-19 00:30 -------- d-----w- c:\documents and settings\user\Application Data\PC Tools
2009-11-19 00:30 . 2009-11-19 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 05:26 . 2008-12-23 01:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-15 02:46 . 2009-10-22 00:28 -------- d-----w- c:\program files\RealArcade
2009-11-12 01:13 . 2009-01-09 01:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 20:37 . 2008-09-16 02:57 12328 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2008-04-14 09:42 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-01-09 01:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-01-09 01:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2008-04-14 09:42 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2008-04-14 09:42 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-04-14 09:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-04-14 09:41 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 21:46 . 2009-01-09 02:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 21:45 . 2009-01-09 02:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 21:45 . 2009-01-09 02:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 21:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/18/2009 6:30 PM 207280]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 4:32 PM 19504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/8/2009 8:50 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/8/2009 8:50 PM 108552]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [5/9/2008 8:46 AM 16384]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/8/2009 8:50 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/8/2009 8:50 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/18/2009 6:38 PM 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/18/2009 6:30 PM 358600]
.
Contents of the 'Scheduled Tasks' folder
2008-05-09 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-05-09 05:38]
2009-11-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2009-11-26 00:15
ComboFix-quarantined-files.txt 2009-11-26 06:15
ComboFix2.txt 2009-11-26 01:19
ComboFix3.txt 2009-11-25 04:02
ComboFix4.txt 2009-11-24 23:44
Pre-Run: 20,938,727,424 bytes free
Post-Run: 20,910,100,480 bytes free
- - End Of File - - E82F5705D9CB881507D5620D4EDC2D82
DDS (Ver_09-11-24.02) - NTFSx86
Run by user at 1:44:40.08 on Thu 11/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.171 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\user\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 9789079703)" -"http://www.miniclip.com/games/cab-driver/en/"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210346341384
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210346409242
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://cam5.brett-robinson.com/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-18 207280]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-8 108552]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-5-9 16384]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-8 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-18 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-18 358600]
=============== Created Last 30 ================
2009-11-26 07:38:36 4 ----a-w- c:\documents and settings\user\tray.pid
2009-11-26 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-26 07:29:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-26 07:17:45 116 ----a-w- c:\documents and settings\user\.asadminpass
2009-11-26 07:17:23 791 ----a-w- c:\documents and settings\user\.asadmintruststore
2009-11-26 07:14:33 23180 ----a-w- c:\windows\system32\productregistry
2009-11-26 07:12:04 0 d-----w- C:\Sun
2009-11-24 23:36:07 0 d-sha-r- C:\cmdcons
2009-11-24 23:34:25 98816 ----a-w- c:\windows\sed.exe
2009-11-24 23:34:25 77312 ----a-w- c:\windows\MBR.exe
2009-11-24 23:34:25 260608 ----a-w- c:\windows\PEV.exe
2009-11-24 23:34:25 161792 ----a-w- c:\windows\SWREG.exe
2009-11-19 00:38:28 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-19 00:38:28 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-19 00:38:28 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-19 00:38:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-19 00:38:28 131 ----a-w- c:\windows\IDB.zip
2009-11-19 00:38:27 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-19 00:38:27 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-19 00:38:27 1152470 ----a-w- c:\windows\UDB.zip
2009-11-19 00:31:23 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-19 00:31:23 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-19 00:30:58 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-19 00:30:58 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-19 00:30:58 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-19 00:30:58 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-19 00:30:45 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-19 00:30:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-19 00:30:31 0 d-----w- c:\program files\Spyware Doctor
2009-11-19 00:30:31 0 d-----w- c:\program files\common files\PC Tools
2009-11-19 00:30:31 0 d-----w- c:\docume~1\user\applic~1\PC Tools
2009-11-19 00:30:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
==================== Find3M ====================
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 21:46:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
============= FINISH: 1:45:05.33 ===============
Hi,
Run MBAM, update its definitions on update tab, run a quick scan and let found items be removed. Post back the resultant log. How's the system running?
kylejome
2009-11-26, 17:09
Good Morning,
Here is the MBAM log. Everything is back to normal except computer does seem a little slower loading webpages. Thanks for all of your help!
Malwarebytes' Anti-Malware 1.41
Database version: 3237
Windows 5.1.2600 Service Pack 3
11/26/2009 10:00:46 AM
mbam-log-2009-11-26 (10-00-46).txt
Scan type: Full Scan (C:\|)
Objects scanned: 134828
Time elapsed: 41 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi,
Hints here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html) may help improve performance in general.
Let's restore your hosts file now.
Download the HostsXpert (http://www.majorgeeks.com/Hoster_d4626.html).
* Unzip HostsXpert to a convenient folder such as C:\HostsXpert
* Click HostsXpert.exe to Run HostsXpert from its new home
* Click
Make Hosts Writable?
in the upper right corner (If available).
* Click Restore Microsoft's Hosts file and then click OK.
* Click the X to exit the program.
* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Let me know when that's done :)
kylejome
2009-11-27, 14:40
Host file is restored. I will be working on the performance tips during the day. All the programs that are on my desktop such as RSIT, DDS, etc, can those be deleted now or should I put them in a folder and tuck them away in case this happens again?
Thanks,
Hi,
Uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Those other tools can be deleted manually :)
kylejome
2009-11-28, 17:46
Thanks for all of your help.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.