RachelM
2010-06-27, 20:49
I've run spybot, it detected and fixed a trojan (supposedly)
Also run AVG and it picked up something called win32.windowsfraud.dll or something.
HijackThis didn't do anything important.
My computer friend is baffled by whatever is still going on. When I try to do a search for anything +"virus scanner" I get redirected. It's also crashing firefox and opening random pages, like a blank Google search. Sorry if I am doing this wrong. Here is my log file.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Rachel at 14:29:22.54 on Sun 06/27/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.981 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\sttray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rachel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
uRun: [Aim6]
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\rachel\appdata\local\temp\e4j3bc~1.sh! c:\users\rachel\appdata\local\micros~1
\windows\tempor~1\content.ie5\55crxzsv\browse~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5\qcptxzo3\xsearc~4.sh!
c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5\0jkxegxl\b35572~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1
\content.ie5\qcptxzo3\b32816~1.sh! c:\users\rachel\appdata\local\temp\e4j675~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5
\qcptxzo3\browse~1.sh! c:\users\rachel\appdata\local\temp\e4j98a~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5
\s11yucow\adserv~2.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5\s11yucow\adserv~3.sh! c:\users\rachel\appdata\local\micros~1
\windows\tempor~1\content.ie5\0jkxegxl\xsearc~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5\55crxzsv\39527F~1.SH!
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\rachel\appdata\roaming\mozilla\firefox\profiles\mj8zp2n7.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows
presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref
("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2010-6-26 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-26 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-6-26 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-26 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-26 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-27 921440]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-27 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-27 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-27 5897808]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2010-6-26 122448]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2010-6-26 30288]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2010-6-26 27216]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-26 430152]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-18 21504]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
=============== Created Last 30 ================
2010-06-27 16:43:25 99 ----a-w- c:\windows\wininit.ini
2010-06-27 16:43:18 0 d--h--w- C:\$AVG
2010-06-27 15:30:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-27 02:21:23 0 d-----w- c:\program files\Trend Micro
2010-06-26 21:42:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-26 21:42:44 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-26 21:42:39 0 d-----w- c:\programdata\AVG Security Toolbar
2010-06-26 21:40:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-06-26 21:40:54 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-26 21:40:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-26 21:40:04 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-06-26 21:38:14 0 d-----w- c:\program files\AVG
2010-06-26 21:37:36 0 d-----w- c:\programdata\avg9
2010-06-26 02:25:05 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-26 02:25:05 0 d-----w- c:\program files\Spybot - Search & Destroy
==================== Find3M ====================
2010-06-27 16:27:03 6444 ----a-w- c:\users\rachel\appdata\roaming\wklnhst.dat
2010-06-26 21:40:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-26 21:40:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-26 21:40:18 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-06 13:42:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-18 00:13:34 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-09 01:49:04 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-03-09 01:49:04 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5
\index.dat
2010-03-09 01:49:04 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 14:31:24.08 ===============
It's exploit neosploit toolkit type 1142, says avg...can anyone tell me how to get rid of it? thanks.
Also run AVG and it picked up something called win32.windowsfraud.dll or something.
HijackThis didn't do anything important.
My computer friend is baffled by whatever is still going on. When I try to do a search for anything +"virus scanner" I get redirected. It's also crashing firefox and opening random pages, like a blank Google search. Sorry if I am doing this wrong. Here is my log file.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Rachel at 14:29:22.54 on Sun 06/27/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.981 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\sttray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rachel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
uRun: [Aim6]
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\rachel\appdata\local\temp\e4j3bc~1.sh! c:\users\rachel\appdata\local\micros~1
\windows\tempor~1\content.ie5\55crxzsv\browse~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5\qcptxzo3\xsearc~4.sh!
c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5\0jkxegxl\b35572~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1
\content.ie5\qcptxzo3\b32816~1.sh! c:\users\rachel\appdata\local\temp\e4j675~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5
\qcptxzo3\browse~1.sh! c:\users\rachel\appdata\local\temp\e4j98a~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5
\s11yucow\adserv~2.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5\s11yucow\adserv~3.sh! c:\users\rachel\appdata\local\micros~1
\windows\tempor~1\content.ie5\0jkxegxl\xsearc~1.sh! c:\users\rachel\appdata\local\micros~1\windows\tempor~1\content.ie5\55crxzsv\39527F~1.SH!
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\rachel\appdata\roaming\mozilla\firefox\profiles\mj8zp2n7.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows
presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref
("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2010-6-26 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-26 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-6-26 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-26 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-26 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-27 921440]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-27 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-27 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-27 5897808]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2010-6-26 122448]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2010-6-26 30288]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2010-6-26 27216]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-26 430152]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-18 21504]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
=============== Created Last 30 ================
2010-06-27 16:43:25 99 ----a-w- c:\windows\wininit.ini
2010-06-27 16:43:18 0 d--h--w- C:\$AVG
2010-06-27 15:30:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-27 02:21:23 0 d-----w- c:\program files\Trend Micro
2010-06-26 21:42:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-26 21:42:44 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-26 21:42:39 0 d-----w- c:\programdata\AVG Security Toolbar
2010-06-26 21:40:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-06-26 21:40:54 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-26 21:40:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-26 21:40:04 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-06-26 21:38:14 0 d-----w- c:\program files\AVG
2010-06-26 21:37:36 0 d-----w- c:\programdata\avg9
2010-06-26 02:25:05 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-26 02:25:05 0 d-----w- c:\program files\Spybot - Search & Destroy
==================== Find3M ====================
2010-06-27 16:27:03 6444 ----a-w- c:\users\rachel\appdata\roaming\wklnhst.dat
2010-06-26 21:40:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-26 21:40:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-26 21:40:18 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-06 13:42:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-18 00:13:34 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-09 01:49:04 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-03-09 01:49:04 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5
\index.dat
2010-03-09 01:49:04 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 14:31:24.08 ===============
It's exploit neosploit toolkit type 1142, says avg...can anyone tell me how to get rid of it? thanks.