Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6789 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/6/2011 4:34:09 PM mbam-log-2011-06-06 (16-34-09).txt Scan type: Quick scan Objects scanned: 378255 Time elapsed: 2 hour(s), 26 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11 Run by jose at 16:40:56 on 2011-06-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1849 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\AOL\1253594539\ee\AOLSoftware.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\jose\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = <local>;*.local uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [AdobeBridge] uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Google Update] "c:\documents and settings\jose\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [HostManager] c:\program files\common files\aol\1253594539\ee\AOLSoftware.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\jose\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{4F867365-8943-43D3-BAC8-029AA1BC4DD8} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9354BFCC-5B00-497E-BF4A-0D8A30481DB8} : DhcpNameServer = 192.168.1.254 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jose\application data\mozilla\firefox\profiles\4admizrg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MP3R7&o=15863&locale=en_US&apn_uid=a56ee70f-ee09-44fa-817a-aee4d72a5953&apn_ptnrs=RV&apn_sauid=C771BD3E-89EC-4025-BD09-1F2289F0D793&apn_dtid=YYYYYYYYUS&q= FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\jose\application data\mozilla\firefox\profiles\4admizrg.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - plugin: c:\documents and settings\jose\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\jose\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-4 366640] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-4 22712] S2 ABP_InstallCheckerService;ABP_InstallCheckerService;c:\docume~1\jose\locals~1\temp\nss51c.tmp\abp_installchecker.exe --> c:\docume~1\jose\locals~1\temp\nss51c.tmp\ABP_InstallChecker.exe [?] S2 gupdate1c9f81bef162582;Google Update Service (gupdate1c9f81bef162582);c:\program files\google\update\GoogleUpdate.exe [2009-6-28 133104] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-6-18 20160] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-1-29 25728] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 947528] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-28 133104] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-4-13 81168] S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-1-29 100864] S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-1-29 108032] . =============== Created Last 30 ================ . 2011-05-30 06:57:45 -------- d-----w- c:\documents and settings\jose\local settings\application data\adrevmedia 2011-05-30 06:57:40 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor 2011-05-30 06:57:28 -------- d-----w- c:\documents and settings\jose\application data\armadacustomtoolbar 2011-05-30 06:57:25 -------- d-----w- c:\program files\armadacustomtoolbar 2011-05-30 06:53:21 -------- d-----w- c:\documents and settings\jose\Incomplete 2011-05-30 06:53:05 -------- d-----w- c:\documents and settings\jose\local settings\application data\AskToolbar 2011-05-30 06:52:39 -------- d-----w- c:\documents and settings\jose\application data\MP3Rocket 2011-05-30 06:52:35 -------- d-----w- c:\program files\MP3 Rocket 2011-05-18 17:10:50 -------- d-----w- c:\documents and settings\jose\local settings\application data\SnapOn 2011-05-18 17:10:38 -------- d-----w- c:\documents and settings\jose\local settings\application data\Xenocode 2011-05-18 17:08:13 103720 ----a-w- c:\documents and settings\jose\GoToAssistDownloadHelper.exe 2011-05-18 17:03:09 -------- d-----w- c:\documents and settings\jose\local settings\application data\Citrix 2011-05-18 16:13:11 -------- d-----w- c:\documents and settings\jose\local settings\application data\Snap-on_Diagnostics 2011-05-18 15:53:55 -------- d-----w- C:\Fast-Track 2011-05-18 15:53:53 -------- d-----w- C:\ShopStream 2011-05-18 15:53:52 -------- d-----w- c:\program files\Snap-on Incorporated . ==================== Find3M ==================== . 2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-14 01:21:21 81168 ----a-w- c:\windows\system32\drivers\MijXfilt.sys 2011-03-29 05:13:32 0 ----a-w- c:\windows\VDM6C5.tmp 2011-03-29 05:12:47 0 ----a-w- c:\windows\VDM6C4.tmp 2011-03-29 05:12:41 0 ----a-w- c:\windows\VDM6C3.tmp 2011-03-29 05:11:35 0 ----a-w- c:\windows\VDM6C2.tmp 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 12:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll . ============= FINISH: 16:41:12.36 ===============
