Takichi
2010-08-07, 03:00
Hello i have created this post because someone took over my previous post and i got no help. basically i have a virus that keeps redirecting me of Google search. i have tried malwarebytes, SB search and destroy, stinger, AVG but this virus wont be removed please help
Edit: Topic started earlier today now closed: http://forums.spybot.info/showthread.php?t=58879
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ali at 21:44:06.95 on Fri 06/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2047.781 [GMT 8:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ali\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\ali\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.128,93.188.161.218
TCP: {7152B458-F7CB-4AB2-940D-29221E752AD9} = 93.188.162.128,93.188.161.218
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-8-2 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-2 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-8-2 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-2 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-2 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-2 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-2 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-2 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-8-2 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-2 5897808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-4 1153368]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-8-2 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-8-2 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-8-2 20560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-3 20952]
S2 MBAMService;MBAMService;"c:\program files\malwarebytes' anti-malware\mbamservice.exe" --> c:\program files\malwarebytes' anti-malware\mbamservice.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-2 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
=============== Created Last 30 ================
2010-08-06 13:26:02 0 d-----w- c:\program files\Trend Micro
2010-08-05 09:16:59 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-08-04 12:45:35 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-08-04 12:43:32 0 d-----w- c:\programdata\HP
2010-08-04 12:43:25 966656 ----a-w- c:\windows\system32\hpost_p02a.dll
2010-08-04 12:43:25 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll
2010-08-04 12:43:25 307200 ----a-w- c:\windows\system32\hposc_p02a.dll
2010-08-04 12:43:25 261432 ----a-w- c:\windows\system32\hpzids01.dll
2010-08-04 10:25:34 0 ----a-w- c:\windows\system32\RSPlus.que
2010-08-04 09:07:50 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-04 09:07:50 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-03 10:54:39 0 d-----w- c:\users\ali\appdata\roaming\Malwarebytes
2010-08-03 10:51:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 10:51:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 10:51:28 0 d-----w- c:\programdata\Malwarebytes
2010-08-03 10:51:28 0 d-----w- c:\program files\Malwarebytes Anti-Malware
2010-08-03 10:38:29 20 ----a-w- c:\windows\system32\SYSTEM
2010-08-02 11:55:46 0 d---a-w- c:\programdata\TEMP
2010-08-02 11:41:47 0 d--h--w- C:\$AVG
2010-08-02 11:24:25 0 d-----w- c:\programdata\XoftSpySE
2010-08-02 10:05:31 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-08-02 10:04:37 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-08-02 10:04:22 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-02 09:49:32 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-02 09:45:47 0 d-----w- c:\windows\PCHEALTH
2010-08-02 09:44:15 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-02 09:43:30 0 d-----w- c:\programdata\Microsoft Help
2010-08-02 09:17:25 0 d-----w- c:\programdata\Sony
2010-08-02 08:30:47 0 d-----w- c:\users\ali\Tracing
2010-08-02 08:30:19 0 d-----w- c:\program files\common files\Windows Live
2010-08-02 08:28:01 0 d-----w- c:\users\ali\appdata\roaming\AVG9
2010-08-02 08:21:34 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-02 08:21:34 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-08-02 08:21:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-02 08:21:32 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-02 08:21:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-02 08:21:25 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-02 08:20:11 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-08-02 08:19:01 0 d-----w- c:\programdata\avg9
2010-08-02 05:18:10 0 d-----w- c:\windows\Panther
2010-08-02 05:12:25 0 d-----w- C:\Windows.old
2010-08-02 04:21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-01 23:39:24 0 d-----w- c:\programdata\McAfee Security Scan
2010-08-01 23:39:24 0 d-----w- c:\programdata\McAfee
2010-08-01 23:39:22 0 d-----w- c:\program files\McAfee Security Scan
2010-08-01 23:19:44 3 --sha-r- C:\win7ldr
2010-08-01 23:19:44 3 ----a-w- c:\windows\7Loader.TAG
2010-08-01 23:19:44 203316 --sha-r- C:\grldr
2010-08-01 14:30:51 0 d-----w- c:\users\ali\appdata\roaming\uTorrent
2010-08-01 14:29:37 0 d-----w- c:\program files\common files\Steam
2010-08-01 14:28:37 0 d-sh--w- c:\windows\Installer
2010-08-01 14:24:27 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-01 14:15:16 0 d-----w- c:\users\ali\9Dragons
2010-08-01 14:11:31 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-08-01 14:10:40 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-01 14:10:38 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-01 14:06:56 65536 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TM.blf
2010-08-01 14:06:56 524288 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TMContainer00000000000000000002.regtrans-ms
2010-08-01 14:06:56 524288 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TMContainer00000000000000000001.regtrans-ms
2010-08-01 13:38:03 0 d-----w- c:\windows\system32\wbem\Performance
2010-08-01 13:33:01 0 d-sh--w- C:\Recovery
2010-08-01 13:06:28 8192 --sha-r- C:\BOOTSECT.BAK
2010-08-01 13:06:23 383562 --sha-r- C:\bootmgr
2010-08-01 13:06:15 0 d-sh--w- C:\Boot
2010-08-01 10:30:56 0 d-----w- c:\program files\Windows 7 Ultimate 32bit + activator + Bonus
2010-07-29 14:32:57 0 d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-07-24 06:20:58 0 d-----w- c:\program files\IObit
2010-07-16 05:48:36 0 d-----w- C:\.sabsabionlinev9
2010-07-14 05:52:51 0 d-----w- c:\program files\YouTube Downloader
2010-07-13 14:23:11 0 d-----w- c:\program files\GoldWave
2010-07-13 14:00:22 0 d-----w- c:\program files\HLDJ
2010-07-13 11:33:17 0 d-----w- c:\program files\Illustrate
2010-07-12 14:31:52 0 d-----w- c:\program files\Sony
2010-07-12 13:32:27 0 d-----w- c:\program files\Fraps 3.0.3 [2010] - www.GuruFuel.com (http://www.GuruFuel.com)
2010-07-12 13:29:32 0 d-----w- c:\program files\Ask.com
2010-07-12 13:29:15 0 d-----w- c:\program files\uTorrent
2010-07-08 08:59:18 0 d-----w- c:\program files\Coupons
2010-07-08 08:19:29 0 d-----w- c:\program files\HP
2010-07-08 08:04:16 0 d-----w- c:\program files\HP Photo Creations
==================== Find3M ====================
2010-07-12 15:04:25 2688 ----a-w- c:\program files\Register Vegas Pro.htm
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 21:46:43.52 ===============
Edit: Topic started earlier today now closed: http://forums.spybot.info/showthread.php?t=58879
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ali at 21:44:06.95 on Fri 06/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2047.781 [GMT 8:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ali\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\ali\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.128,93.188.161.218
TCP: {7152B458-F7CB-4AB2-940D-29221E752AD9} = 93.188.162.128,93.188.161.218
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-8-2 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-2 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-8-2 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-2 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-2 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-2 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-2 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-2 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-8-2 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-2 5897808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-4 1153368]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-8-2 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-8-2 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-8-2 20560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-3 20952]
S2 MBAMService;MBAMService;"c:\program files\malwarebytes' anti-malware\mbamservice.exe" --> c:\program files\malwarebytes' anti-malware\mbamservice.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-2 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
=============== Created Last 30 ================
2010-08-06 13:26:02 0 d-----w- c:\program files\Trend Micro
2010-08-05 09:16:59 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-08-04 12:45:35 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-08-04 12:43:32 0 d-----w- c:\programdata\HP
2010-08-04 12:43:25 966656 ----a-w- c:\windows\system32\hpost_p02a.dll
2010-08-04 12:43:25 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll
2010-08-04 12:43:25 307200 ----a-w- c:\windows\system32\hposc_p02a.dll
2010-08-04 12:43:25 261432 ----a-w- c:\windows\system32\hpzids01.dll
2010-08-04 10:25:34 0 ----a-w- c:\windows\system32\RSPlus.que
2010-08-04 09:07:50 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-04 09:07:50 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-03 10:54:39 0 d-----w- c:\users\ali\appdata\roaming\Malwarebytes
2010-08-03 10:51:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 10:51:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 10:51:28 0 d-----w- c:\programdata\Malwarebytes
2010-08-03 10:51:28 0 d-----w- c:\program files\Malwarebytes Anti-Malware
2010-08-03 10:38:29 20 ----a-w- c:\windows\system32\SYSTEM
2010-08-02 11:55:46 0 d---a-w- c:\programdata\TEMP
2010-08-02 11:41:47 0 d--h--w- C:\$AVG
2010-08-02 11:24:25 0 d-----w- c:\programdata\XoftSpySE
2010-08-02 10:05:31 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-08-02 10:04:37 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-08-02 10:04:22 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-02 09:49:32 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-02 09:45:47 0 d-----w- c:\windows\PCHEALTH
2010-08-02 09:44:15 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-02 09:43:30 0 d-----w- c:\programdata\Microsoft Help
2010-08-02 09:17:25 0 d-----w- c:\programdata\Sony
2010-08-02 08:30:47 0 d-----w- c:\users\ali\Tracing
2010-08-02 08:30:19 0 d-----w- c:\program files\common files\Windows Live
2010-08-02 08:28:01 0 d-----w- c:\users\ali\appdata\roaming\AVG9
2010-08-02 08:21:34 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-02 08:21:34 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-08-02 08:21:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-02 08:21:32 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-02 08:21:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-02 08:21:25 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-02 08:20:11 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-08-02 08:19:01 0 d-----w- c:\programdata\avg9
2010-08-02 05:18:10 0 d-----w- c:\windows\Panther
2010-08-02 05:12:25 0 d-----w- C:\Windows.old
2010-08-02 04:21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-01 23:39:24 0 d-----w- c:\programdata\McAfee Security Scan
2010-08-01 23:39:24 0 d-----w- c:\programdata\McAfee
2010-08-01 23:39:22 0 d-----w- c:\program files\McAfee Security Scan
2010-08-01 23:19:44 3 --sha-r- C:\win7ldr
2010-08-01 23:19:44 3 ----a-w- c:\windows\7Loader.TAG
2010-08-01 23:19:44 203316 --sha-r- C:\grldr
2010-08-01 14:30:51 0 d-----w- c:\users\ali\appdata\roaming\uTorrent
2010-08-01 14:29:37 0 d-----w- c:\program files\common files\Steam
2010-08-01 14:28:37 0 d-sh--w- c:\windows\Installer
2010-08-01 14:24:27 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-01 14:15:16 0 d-----w- c:\users\ali\9Dragons
2010-08-01 14:11:31 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-08-01 14:10:40 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-01 14:10:38 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-01 14:06:56 65536 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TM.blf
2010-08-01 14:06:56 524288 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TMContainer00000000000000000002.regtrans-ms
2010-08-01 14:06:56 524288 --sha-w- c:\users\ali\ntuser.dat{eec32949-9d72-11df-b85a-002354c75f78}.TMContainer00000000000000000001.regtrans-ms
2010-08-01 13:38:03 0 d-----w- c:\windows\system32\wbem\Performance
2010-08-01 13:33:01 0 d-sh--w- C:\Recovery
2010-08-01 13:06:28 8192 --sha-r- C:\BOOTSECT.BAK
2010-08-01 13:06:23 383562 --sha-r- C:\bootmgr
2010-08-01 13:06:15 0 d-sh--w- C:\Boot
2010-08-01 10:30:56 0 d-----w- c:\program files\Windows 7 Ultimate 32bit + activator + Bonus
2010-07-29 14:32:57 0 d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-07-24 06:20:58 0 d-----w- c:\program files\IObit
2010-07-16 05:48:36 0 d-----w- C:\.sabsabionlinev9
2010-07-14 05:52:51 0 d-----w- c:\program files\YouTube Downloader
2010-07-13 14:23:11 0 d-----w- c:\program files\GoldWave
2010-07-13 14:00:22 0 d-----w- c:\program files\HLDJ
2010-07-13 11:33:17 0 d-----w- c:\program files\Illustrate
2010-07-12 14:31:52 0 d-----w- c:\program files\Sony
2010-07-12 13:32:27 0 d-----w- c:\program files\Fraps 3.0.3 [2010] - www.GuruFuel.com (http://www.GuruFuel.com)
2010-07-12 13:29:32 0 d-----w- c:\program files\Ask.com
2010-07-12 13:29:15 0 d-----w- c:\program files\uTorrent
2010-07-08 08:59:18 0 d-----w- c:\program files\Coupons
2010-07-08 08:19:29 0 d-----w- c:\program files\HP
2010-07-08 08:04:16 0 d-----w- c:\program files\HP Photo Creations
==================== Find3M ====================
2010-07-12 15:04:25 2688 ----a-w- c:\program files\Register Vegas Pro.htm
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 21:46:43.52 ===============