harddriver
2011-12-05, 01:49
What started as a rogue antivirus removal has turned into something much worse. I got rid of the main program and registry keys (defender.exe) and a few day later some new symptoms started to appear. First of all, we could start an antivirus install, and it would just quit. We then installed MalwareBytes and it would just stop and then we wouldn't be able to access it again. Same with other antimalware software. I rolled the system back as far as I could using system restore and then was able to do a few things. I installed AVG antivirus and MalwareBytes and ran them. Now we can't even get online. Please help. Attached are the logs I have found.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by user at 19:08:11 on 2011-12-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -5:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.8.0.5\IPSBHO.DLL
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.51 v1.00\WlanCU.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231364428265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
TCP: Interfaces\{E670D14B-44E6-4DFA-ADFC-78D79616D70D} : DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: SDWinLogon - SDWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\u0o7a27c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\user\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, bf1e877a-46d1-4764-a841-61f8c7433992
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-12-3 38504]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-12-3 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-12-3 955816]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1108000.005\symds.sys --> c:\windows\system32\drivers\nav\1108000.005\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1108000.005\symefa.sys --> c:\windows\system32\drivers\nav\1108000.005\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20101123.003\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20101123.003\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys --> c:\windows\system32\drivers\nav\1108000.005\ccHPx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1108000.005\ironx86.sys --> c:\windows\system32\drivers\nav\1108000.005\Ironx86.SYS [?]
S2 NAV;Norton AntiVirus;"c:\program files\norton antivirus\engine\17.8.0.5\ccsvchst.exe" /s "nav" /m "c:\program files\norton antivirus\engine\17.8.0.5\dimaster.dll" /prefetch:1 --> c:\program files\norton antivirus\engine\17.8.0.5\ccSvcHst.exe [?]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-12-3 130976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20110114.002\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20110114.002\IDSxpx86.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-3 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110116.003\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110116.003\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110116.003\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110116.003\NAVEX15.SYS [?]
.
=============== Created Last 30 ================
.
2011-12-04 23:03:29 -------- d-----w- C:\pt
2011-12-04 01:17:34 -------- d--h--w- C:\$AVG
2011-12-04 00:55:38 -------- d-----w- c:\documents and settings\user\application data\AVG2012
2011-12-04 00:52:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-04 00:52:34 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-12-04 00:52:01 -------- d-----w- c:\program files\AVG
2011-12-04 00:46:41 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
2011-12-03 20:58:34 -------- d-----w- C:\ProcAlyzer Dumps
2011-12-03 20:46:46 -------- d-----w- C:\SpybotBootCD
2011-12-03 19:30:59 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-12-03 19:24:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-03 19:24:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-03 16:39:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-12-03 09:03:58 -------- d-----w- C:\!KillBox
2011-12-03 08:23:05 -------- d-----w- c:\documents and settings\user\application data\LockHunter
2011-12-03 08:22:04 -------- d-----w- c:\program files\LockHunter
2011-12-03 08:06:34 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-12-03 08:06:34 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-03 06:42:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 06:42:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-03 05:57:47 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-12-02 08:11:22 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-01 17:29:37 50112 --sha-w- c:\windows\system32\c_32092.nl_
2011-11-23 22:39:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 20:43:58 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-11-23 20:43:24 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-11-23 18:46:06 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-11-23 17:29:05 -------- d-----w- c:\windows\pss
2011-11-23 17:24:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2011-12-03 06:38:41 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-02 03:29:23 405504 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:08:36.40 ===============
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by user at 19:08:11 on 2011-12-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -5:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.8.0.5\IPSBHO.DLL
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.51 v1.00\WlanCU.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231364428265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
TCP: Interfaces\{E670D14B-44E6-4DFA-ADFC-78D79616D70D} : DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: SDWinLogon - SDWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\u0o7a27c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\user\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, bf1e877a-46d1-4764-a841-61f8c7433992
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-12-3 38504]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-12-3 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-12-3 955816]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1108000.005\symds.sys --> c:\windows\system32\drivers\nav\1108000.005\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1108000.005\symefa.sys --> c:\windows\system32\drivers\nav\1108000.005\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20101123.003\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20101123.003\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys --> c:\windows\system32\drivers\nav\1108000.005\ccHPx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1108000.005\ironx86.sys --> c:\windows\system32\drivers\nav\1108000.005\Ironx86.SYS [?]
S2 NAV;Norton AntiVirus;"c:\program files\norton antivirus\engine\17.8.0.5\ccsvchst.exe" /s "nav" /m "c:\program files\norton antivirus\engine\17.8.0.5\dimaster.dll" /prefetch:1 --> c:\program files\norton antivirus\engine\17.8.0.5\ccSvcHst.exe [?]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-12-3 130976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20110114.002\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20110114.002\IDSxpx86.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-3 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110116.003\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110116.003\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110116.003\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110116.003\NAVEX15.SYS [?]
.
=============== Created Last 30 ================
.
2011-12-04 23:03:29 -------- d-----w- C:\pt
2011-12-04 01:17:34 -------- d--h--w- C:\$AVG
2011-12-04 00:55:38 -------- d-----w- c:\documents and settings\user\application data\AVG2012
2011-12-04 00:52:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-04 00:52:34 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-12-04 00:52:01 -------- d-----w- c:\program files\AVG
2011-12-04 00:46:41 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
2011-12-03 20:58:34 -------- d-----w- C:\ProcAlyzer Dumps
2011-12-03 20:46:46 -------- d-----w- C:\SpybotBootCD
2011-12-03 19:30:59 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-12-03 19:24:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-03 19:24:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-03 16:39:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-12-03 09:03:58 -------- d-----w- C:\!KillBox
2011-12-03 08:23:05 -------- d-----w- c:\documents and settings\user\application data\LockHunter
2011-12-03 08:22:04 -------- d-----w- c:\program files\LockHunter
2011-12-03 08:06:34 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-12-03 08:06:34 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-03 06:42:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 06:42:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-03 05:57:47 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-12-02 08:11:22 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-01 17:29:37 50112 --sha-w- c:\windows\system32\c_32092.nl_
2011-11-23 22:39:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 20:43:58 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-11-23 20:43:24 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-11-23 18:46:06 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-11-23 17:29:05 -------- d-----w- c:\windows\pss
2011-11-23 17:24:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2011-12-03 06:38:41 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-02 03:29:23 405504 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:08:36.40 ===============