pierce100
2010-11-14, 04:03
My wife's computer has AVG9 and Spybot v1.6.2. Both have been inactivated. Operating system is XP with SP3. Used Anti-Malwarebytes and TDSSKiller and GMER in Safe Mode. Scans with Anti-Malwarebytes found and removed items but problem remains. Although loading of programs are slow, they run. No anti spyware programs do. Believe source of problem was user loading files from Micro Torrent.
Running GMER I did create the logs. Have not run ComboFix nor loaded onto problem computer.
NOt sure how to create a DDS report as noted in FAQ.
Let me know if you can help or need more info.
Thanks.
GMERROOT1
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-11-13 21:44:29
Windows 5.1.2600 Service Pack 3
Running: Test.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\uwtdqpog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST340014A_______________________________8.16____#4a35465831523537202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Threads - GMER 1.0.15 ----
Thread System [4:116] F773CE8A
---- EOF - GMER 1.0.15 ----
GMERROOT2
GMER 1.0.15.15477 - http://www.gmer.net
Autostart scan 2010-11-13 21:45:28
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
avgrsstarter@DLLName = avgrsstx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxdev.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
avg8wd@ = C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe /*file not found*/
avg9wd@ = "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
avgfws8@ = C:\PROGRA~1\AVG\AVG8\avgfws8.exe /*file not found*/
avgfws9@ = "C:\Program Files\AVG\AVG9\avgfws9.exe"
CCALib8@ = C:\Program Files\Canon\CAL\CALMAIN.exe
gupdate@ = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@igfxhkcmdC:\WINDOWS\System32\hkcmd.exe = C:\WINDOWS\System32\hkcmd.exe
@svchostC:\Documents and Settings\Steve\Application Data\Microsoft\svchost.exe = C:\Documents and Settings\Steve\Application Data\Microsoft\svchost.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\windows\system32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\windows\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{56F9679E-7826-4C84-81F3-532071A8BCC5} = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\windows\system32\twext.dll = C:\windows\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\windows\system32\twext.dll = C:\windows\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\windows\system32\extmgr.dll = C:\windows\system32\extmgr.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/C:\Program Files\AVG\AVG9\avgse.dll = C:\Program Files\AVG\AVG9\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/(null) =
@{A426B331-7F6F-4937-9B08-676A10A62F95} /*Record Image to CD*/(null) =
@{34F4B935-17DC-4885-8BC9-CCD1ADF42F93} /*Record ISO Image to CD*/(null) =
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpoweramp Music Converter*/C:\Program Files\Illustrate\dBpoweramp\dMCShell.dll = C:\Program Files\Illustrate\dBpoweramp\dMCShell.dll
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplact.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
@{3BEABCC1-BF31-42df-88D9-A2955D6B8528} /*IntelliPoint Sensitivity Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll"
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Search Deskbar*/C:\Program Files\Windows Desktop Search\deskbar.dll = C:\Program Files\Windows Desktop Search\deskbar.dll
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Program Files\Windows Desktop Search\msnlExt.dll = C:\Program Files\Windows Desktop Search\msnlExt.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG9 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} =
AVG9 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG9\avgssie.dll = C:\Program Files\AVG\AVG9\avgssie.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~2\SDHelper.dll = C:\PROGRA~1\SPYBOT~2\SDHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
@{fbea8524-8c72-4208-9d12-7fb73e9926eb}C:\Program Files\AOL Email Toolbar\aolmailtb.dll = C:\Program Files\AOL Email Toolbar\aolmailtb.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\windows\System32\ssstars.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
bwfile-8876480@CLSID = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
dvd@CLSID = C:\windows\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
linkscanner@CLSID = C:\Program Files\AVG\AVG9\avgpp.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\windows\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup = Microsoft Office.lnk
C:\windows\win.iniload = C:\DOCUME~1\Steve\LOCALS~1\Temp\dwm.exe
---- EOF - GMER 1.0.15 ----
Running GMER I did create the logs. Have not run ComboFix nor loaded onto problem computer.
NOt sure how to create a DDS report as noted in FAQ.
Let me know if you can help or need more info.
Thanks.
GMERROOT1
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-11-13 21:44:29
Windows 5.1.2600 Service Pack 3
Running: Test.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\uwtdqpog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST340014A_______________________________8.16____#4a35465831523537202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Threads - GMER 1.0.15 ----
Thread System [4:116] F773CE8A
---- EOF - GMER 1.0.15 ----
GMERROOT2
GMER 1.0.15.15477 - http://www.gmer.net
Autostart scan 2010-11-13 21:45:28
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
avgrsstarter@DLLName = avgrsstx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxdev.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
avg8wd@ = C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe /*file not found*/
avg9wd@ = "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
avgfws8@ = C:\PROGRA~1\AVG\AVG8\avgfws8.exe /*file not found*/
avgfws9@ = "C:\Program Files\AVG\AVG9\avgfws9.exe"
CCALib8@ = C:\Program Files\Canon\CAL\CALMAIN.exe
gupdate@ = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@igfxhkcmdC:\WINDOWS\System32\hkcmd.exe = C:\WINDOWS\System32\hkcmd.exe
@svchostC:\Documents and Settings\Steve\Application Data\Microsoft\svchost.exe = C:\Documents and Settings\Steve\Application Data\Microsoft\svchost.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\windows\system32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\windows\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{56F9679E-7826-4C84-81F3-532071A8BCC5} = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\windows\system32\twext.dll = C:\windows\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\windows\system32\twext.dll = C:\windows\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\windows\system32\extmgr.dll = C:\windows\system32\extmgr.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/C:\Program Files\AVG\AVG9\avgse.dll = C:\Program Files\AVG\AVG9\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/(null) =
@{A426B331-7F6F-4937-9B08-676A10A62F95} /*Record Image to CD*/(null) =
@{34F4B935-17DC-4885-8BC9-CCD1ADF42F93} /*Record ISO Image to CD*/(null) =
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpoweramp Music Converter*/C:\Program Files\Illustrate\dBpoweramp\dMCShell.dll = C:\Program Files\Illustrate\dBpoweramp\dMCShell.dll
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplact.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
@{3BEABCC1-BF31-42df-88D9-A2955D6B8528} /*IntelliPoint Sensitivity Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll"
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Search Deskbar*/C:\Program Files\Windows Desktop Search\deskbar.dll = C:\Program Files\Windows Desktop Search\deskbar.dll
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Program Files\Windows Desktop Search\msnlExt.dll = C:\Program Files\Windows Desktop Search\msnlExt.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\windows\system32\ieframe.dll = C:\windows\system32\ieframe.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG9 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} =
AVG9 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG9\avgssie.dll = C:\Program Files\AVG\AVG9\avgssie.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~2\SDHelper.dll = C:\PROGRA~1\SPYBOT~2\SDHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
@{fbea8524-8c72-4208-9d12-7fb73e9926eb}C:\Program Files\AOL Email Toolbar\aolmailtb.dll = C:\Program Files\AOL Email Toolbar\aolmailtb.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\windows\System32\ssstars.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
bwfile-8876480@CLSID = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
dvd@CLSID = C:\windows\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
linkscanner@CLSID = C:\Program Files\AVG\AVG9\avgpp.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\windows\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup = Microsoft Office.lnk
C:\windows\win.iniload = C:\DOCUME~1\Steve\LOCALS~1\Temp\dwm.exe
---- EOF - GMER 1.0.15 ----