grtlks
2012-10-01, 16:54
AVG indicates three files infected with win32/Patched. svchost.exe , explorer.exe , winlogon.exe . Logs are attached. Please note, already ran combofix - sorry. Thanks for your time!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.7.2
Run by BERNADETTE at 10:07:25 on 2012-10-01
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
G:\dds.com
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348942623484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348975064843
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mind-medley/gamehouseplayer.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\azada\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-sandscript/SandScript.1.0.0.21.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://aolsvc.aol.com/onlinegames/pandacraze/gpcontrol.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0645BBAC-A83F-4518-A6B7-0A78DCD6CA26} : DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSAgent;AVGIDSAgent
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
S? AdvancedSystemCareService5;Advanced SystemCare Service 5
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? vToolbarUpdater12.2.6;vToolbarUpdater12.2.6
.
=============== Created Last 30 ================
.
2012-10-01 12:24:44 -------- d-----w- C:\ComboFix116638C
2012-10-01 11:54:13 -------- d-----w- C:\ComboFix11004C
2012-09-30 21:24:20 -------- d-sha-r- C:\cmdcons
2012-09-30 21:20:55 98816 ----a-w- c:\windows\sed.exe
2012-09-30 21:20:55 518144 ----a-w- c:\windows\SWREG.exe
2012-09-30 21:20:55 256000 ----a-w- c:\windows\PEV.exe
2012-09-30 21:20:55 208896 ----a-w- c:\windows\MBR.exe
2012-09-30 21:20:42 -------- d-----w- C:\ComboFix1
2012-09-30 19:57:37 -------- d-----w- c:\documents and settings\bernadette\application data\AVG2013
2012-09-30 19:56:27 -------- d-----w- c:\documents and settings\bernadette\application data\TuneUp Software
2012-09-30 19:53:56 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-09-30 19:53:56 -------- d-----w- C:\$AVG
2012-09-30 18:12:45 -------- d-----w- c:\program files\AVG Secure Search
2012-09-30 03:32:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-30 03:32:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-30 03:32:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-30 03:31:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-30 00:01:10 -------- d-----w- c:\documents and settings\bernadette\local settings\application data\Avg2013
2012-09-30 00:01:09 -------- d-----w- c:\documents and settings\bernadette\local settings\application data\MFAData
2012-09-30 00:01:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-09-29 18:47:17 -------- d-----w- c:\program files\common files\ODBC
2012-09-17 22:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 15:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 15:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-05 23:24:11 -------- d-----w- C:\Windows Desktop Search
2012-09-03 23:58:18 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
==================== Find3M ====================
.
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-13 20:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 08:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 08:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 17:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:09:05.00 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-01 10:33:38
-----------------------------
10:33:38.500 OS Version: Windows 5.1.2600 Service Pack 3
10:33:38.500 Number of processors: 1 586 0x209
10:33:38.500 ComputerName: PREFERRE-28FCCC UserName: BERNADETTE
10:33:39.125 Initialize success
10:33:55.718 AVAST engine download error: 0
10:34:29.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:34:29.296 Disk 0 Vendor: HDS728040PLAT20 PF1OA21B Size: 39266MB BusType: 3
10:34:29.312 Disk 0 MBR read successfully
10:34:29.312 Disk 0 MBR scan
10:34:29.312 Disk 0 unknown MBR code
10:34:29.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28772 MB offset 63
10:34:29.328 Disk 0 Partition - 00 0F Extended LBA 10487 MB offset 58926420
10:34:29.343 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 10487 MB offset 58926483
10:34:29.359 Disk 0 scanning sectors +80405325
10:34:29.421 Disk 0 scanning C:\WINDOWS\system32\drivers
10:34:37.765 Service scanning
10:34:53.703 Modules scanning
10:35:03.906 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
10:35:04.921 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
10:35:04.937 Disk 0 trace - called modules:
10:35:04.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys siside.sys PCIIDEX.SYS
10:35:04.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a847ab8]
10:35:04.968 3 CLASSPNP.SYS[f76d7fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8a82a3b8]
10:35:04.984 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a846d98]
10:35:04.984 Scan finished successfully
10:35:27.296 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
10:35:27.312 The log file has been saved successfully to "G:\aswMBR.txt"
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.7.2
Run by BERNADETTE at 10:07:25 on 2012-10-01
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
G:\dds.com
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348942623484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348975064843
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mind-medley/gamehouseplayer.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\azada\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-sandscript/SandScript.1.0.0.21.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://aolsvc.aol.com/onlinegames/pandacraze/gpcontrol.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0645BBAC-A83F-4518-A6B7-0A78DCD6CA26} : DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSAgent;AVGIDSAgent
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
S? AdvancedSystemCareService5;Advanced SystemCare Service 5
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? vToolbarUpdater12.2.6;vToolbarUpdater12.2.6
.
=============== Created Last 30 ================
.
2012-10-01 12:24:44 -------- d-----w- C:\ComboFix116638C
2012-10-01 11:54:13 -------- d-----w- C:\ComboFix11004C
2012-09-30 21:24:20 -------- d-sha-r- C:\cmdcons
2012-09-30 21:20:55 98816 ----a-w- c:\windows\sed.exe
2012-09-30 21:20:55 518144 ----a-w- c:\windows\SWREG.exe
2012-09-30 21:20:55 256000 ----a-w- c:\windows\PEV.exe
2012-09-30 21:20:55 208896 ----a-w- c:\windows\MBR.exe
2012-09-30 21:20:42 -------- d-----w- C:\ComboFix1
2012-09-30 19:57:37 -------- d-----w- c:\documents and settings\bernadette\application data\AVG2013
2012-09-30 19:56:27 -------- d-----w- c:\documents and settings\bernadette\application data\TuneUp Software
2012-09-30 19:53:56 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-09-30 19:53:56 -------- d-----w- C:\$AVG
2012-09-30 18:12:45 -------- d-----w- c:\program files\AVG Secure Search
2012-09-30 03:32:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-30 03:32:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-30 03:32:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-30 03:31:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-30 00:01:10 -------- d-----w- c:\documents and settings\bernadette\local settings\application data\Avg2013
2012-09-30 00:01:09 -------- d-----w- c:\documents and settings\bernadette\local settings\application data\MFAData
2012-09-30 00:01:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-09-29 18:47:17 -------- d-----w- c:\program files\common files\ODBC
2012-09-17 22:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 15:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 15:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-05 23:24:11 -------- d-----w- C:\Windows Desktop Search
2012-09-03 23:58:18 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
==================== Find3M ====================
.
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-13 20:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 08:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 08:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 17:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:09:05.00 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-01 10:33:38
-----------------------------
10:33:38.500 OS Version: Windows 5.1.2600 Service Pack 3
10:33:38.500 Number of processors: 1 586 0x209
10:33:38.500 ComputerName: PREFERRE-28FCCC UserName: BERNADETTE
10:33:39.125 Initialize success
10:33:55.718 AVAST engine download error: 0
10:34:29.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:34:29.296 Disk 0 Vendor: HDS728040PLAT20 PF1OA21B Size: 39266MB BusType: 3
10:34:29.312 Disk 0 MBR read successfully
10:34:29.312 Disk 0 MBR scan
10:34:29.312 Disk 0 unknown MBR code
10:34:29.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28772 MB offset 63
10:34:29.328 Disk 0 Partition - 00 0F Extended LBA 10487 MB offset 58926420
10:34:29.343 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 10487 MB offset 58926483
10:34:29.359 Disk 0 scanning sectors +80405325
10:34:29.421 Disk 0 scanning C:\WINDOWS\system32\drivers
10:34:37.765 Service scanning
10:34:53.703 Modules scanning
10:35:03.906 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
10:35:04.921 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
10:35:04.937 Disk 0 trace - called modules:
10:35:04.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys siside.sys PCIIDEX.SYS
10:35:04.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a847ab8]
10:35:04.968 3 CLASSPNP.SYS[f76d7fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8a82a3b8]
10:35:04.984 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a846d98]
10:35:04.984 Scan finished successfully
10:35:27.296 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
10:35:27.312 The log file has been saved successfully to "G:\aswMBR.txt"