Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A bit confused about entry hosts: 127.0.0.1 www.spywareinfo.com


  • Please log in to reply

#1
bru20

bru20

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

I ran a few scans and have been a bit confused by what was found. Someone wants to address the entry hosts: 127.0.0.1 www.spywareinfo.com in the DDS log. But my research indicates it's a false positive related to Spybot which I do run. I ran RkU which indicated possible rootkit activity. I ran RkU after RootRepeal.exe failed to load and conversations with the developer could not get it to work. I have the RkU report but it is huge so I won't attach it here unless asked. I had to run GMER in Safe Mode and the log is extremely short which doesn't seem correct.

Scans with MBAM, AVG, SAS, TDSSKiller and a few others come up clean.

Thoughts at this point? Attached are DDS, DDS.attach and GMER logs. Thanks!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Bruce at 18:16:45.46 on Sun 09/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.997 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bruce\Desktop\Computer Maintenance\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
StartupFolder: c:\docume~1\bruce\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: chase.com
Trusted Zone: chase.com\*.chaseonline
Trusted Zone: chase.com\chaseonline
Trusted Zone: chase.com\www
Trusted Zone: fidelity.com\guidance
Trusted Zone: fidelity.com\www
Trusted Zone: gailborden.info\innovative
Trusted Zone: gailborden.info\search
Trusted Zone: gailborden.info\www
Trusted Zone: speedway.com
Trusted Zone: vanguard.com
Trusted Zone: yahoo.com
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213825210359
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38210.8758449074
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://www.livemetallica.com/nugster/dlControl.CAB
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\system32\srrstr.
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\ncaq0swn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\bruce\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nppl3260.dll
FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprjplug.dll
FF - plugin: c:\documents and settings\bruce\my documents\my downloads\netscape6\nprpjplug.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XULRunner: {2E29E0D3-7645-46A4-AAF7-F8D2077E0E60} - c:\documents and settings\bruce\local settings\application data\{2E29E0D3-7645-46A4-AAF7-F8D2077E0E60}
FF - HiddenExtension: XULRunner: {555DD3E3-4087-4762-BF85-5733FE9A3DD9} - c:\documents and settings\ellen\local settings\application data\{555DD3E3-4087-4762-BF85-5733FE9A3DD9}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-26 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-26 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-2 95024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-26 297752]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-8-11 86098]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-23 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-7-21 10112]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2010-09-11 02:36:58 0 d-----w- c:\windows\system32\wbem\Repository
2010-09-11 02:36:18 0 d-----w- c:\program files\Hitman Pro 3.5
2010-09-11 01:33:28 0 d-----w- c:\program files\Auslogics(3)
2010-09-10 23:06:52 0 d-----w- c:\program files\Auslogics
2010-09-09 23:27:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-09 23:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-09-04 02:23:25 0 d-----w- c:\program files\SpywareBlaster
2010-09-04 01:55:30 0 d-----w- c:\docume~1\bruce\applic~1\Auslogics
2010-08-25 01:22:49 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-08-20 00:16:29 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-20 00:16:29 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-20 00:16:29 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-20 00:16:29 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-20 00:16:29 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-20 00:16:27 0 d-----w- c:\program files\Trojan Remover
2010-08-20 00:16:27 0 d-----w- c:\docume~1\bruce\applic~1\Simply Super Software
2010-08-20 00:16:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-08-17 09:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-17 08:58:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Yahoo! Companion(3)
2010-08-15 22:09:44 0 d-----w- c:\program files\CPUID
2010-08-15 22:05:28 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-08-15 01:23:40 0 d-----w- c:\docume~1\bruce\applic~1\SUPERAntiSpyware.com
2010-08-15 01:23:27 0 d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-08-06 02:52:28 87608 ----a-w- c:\docume~1\bruce\applic~1\inst.exe
2010-08-06 02:52:28 47360 ----a-w- c:\docume~1\bruce\applic~1\pcouffin.sys
2010-08-05 23:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-31 22:06:03 33400 ----a-w- c:\docume~1\bruce\applic~1\GDIPFONTCACHEV1.DAT
2010-07-31 00:29:26 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-21 08:40:20 28032 ----a-w- c:\windows\system32\ssmirrdr.dll
2010-07-21 08:40:20 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys
2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 00:32:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2004-08-24 23:43:34 2609631 ----a-w- c:\program files\aawsepersonal.exe

============= FINISH: 18:17:46.67 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/11/2004 6:06:12 PM
System Uptime: 9/12/2010 6:14:11 PM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 143 GiB total, 39.926 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 149 GiB total, 55.093 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP4: 7/31/2010 12:03:19 PM - System Checkpoint
RP5: 7/31/2010 12:03:42 PM - CLEAN
RP6: 7/31/2010 12:04:14 PM - Support.com Service Complete
RP7: 8/1/2010 11:07:33 AM - Installed ClearType Tuning Control Panel Applet
RP8: 8/2/2010 5:22:30 AM - Restore Operation
RP9: 8/2/2010 5:59:56 AM - clean
RP10: 8/2/2010 9:00:59 PM - Installed %1 %2.
RP11: 8/2/2010 9:15:04 PM - Software Distribution Service 3.0
RP12: 8/2/2010 9:23:00 PM - Installed Windows KB954550-v5.
RP13: 8/2/2010 9:23:14 PM - Printer Driver Microsoft XPS Document Writer Installed
RP14: 8/2/2010 9:23:40 PM - Printer Driver Microsoft XPS Document Writer Installed
RP15: 8/2/2010 9:32:37 PM - Software Distribution Service 3.0
RP16: 8/3/2010 6:18:05 AM - Installed Windows Internet Explorer 8.
RP17: 8/3/2010 6:19:31 AM - Software Distribution Service 3.0
RP18: 8/3/2010 6:50:30 AM - Software Distribution Service 3.0
RP19: 8/3/2010 7:37:15 PM - Installed ClearType Tuning Control Panel Applet
RP20: 8/3/2010 9:01:11 PM - Restore Operation
RP21: 8/3/2010 9:44:25 PM - Software Distribution Service 3.0
RP22: 8/5/2010 8:45:12 AM - System Checkpoint
RP23: 8/5/2010 5:39:45 PM - 8/5
RP24: 8/5/2010 5:40:41 PM - Restore Operation
RP25: 8/5/2010 7:59:31 PM - Software Distribution Service 3.0
RP26: 8/6/2010 6:05:00 PM - driver
RP27: 8/7/2010 8:44:12 PM - System Checkpoint
RP28: 8/7/2010 11:10:18 PM - Installed Driver Whiz.
RP29: 8/7/2010 11:23:57 PM - Removed Driver Whiz.
RP30: 8/9/2010 9:25:55 PM - System Checkpoint
RP31: 8/10/2010 9:47:27 PM - Installed Java™ 6 Update 20
RP32: 8/10/2010 10:00:17 PM - Installed Java™ 6 Update 21
RP33: 8/10/2010 10:08:56 PM - Removed Java™ 6 Update 3
RP34: 8/10/2010 10:26:31 PM - Software Distribution Service 3.0
RP35: 8/12/2010 6:50:04 AM - Software Distribution Service 3.0
RP36: 8/12/2010 6:29:46 PM - Software Distribution Service 3.0
RP37: 8/13/2010 10:02:50 PM - System Checkpoint
RP38: 8/15/2010 8:31:49 AM - System Checkpoint
RP39: 8/16/2010 10:48:52 AM - System Checkpoint
RP40: 8/16/2010 9:20:08 PM - Avg8 Update
RP41: 8/16/2010 9:26:14 PM - Removed Google Earth.
RP42: 8/16/2010 9:27:13 PM - Installed Google Earth.
RP43: 8/17/2010 3:57:21 AM - Restore Operation
RP44: 8/17/2010 4:07:18 AM - Restore Operation
RP45: 8/18/2010 7:40:15 AM - System Checkpoint
RP46: 8/19/2010 7:44:52 AM - System Checkpoint
RP47: 8/20/2010 8:32:51 AM - System Checkpoint
RP48: 8/21/2010 2:01:20 PM - System Checkpoint
RP49: 8/21/2010 6:51:26 PM - Restore Operation
RP50: 8/21/2010 11:01:21 PM - good
RP51: 8/23/2010 7:32:59 AM - System Checkpoint
RP52: 8/23/2010 9:37:26 PM - Installed ClearType Tuning Control Panel Applet
RP53: 8/23/2010 10:14:23 PM - good
RP54: 8/24/2010 6:46:43 AM - Configured AVG Free 8.5
RP55: 8/24/2010 8:21:47 PM - again
RP56: 8/24/2010 8:22:08 PM - Restore Operation
RP57: 8/25/2010 11:54:25 PM - System Checkpoint
RP58: 8/27/2010 7:38:23 AM - System Checkpoint
RP59: 8/28/2010 11:10:16 AM - System Checkpoint
RP60: 8/29/2010 2:03:27 PM - System Checkpoint
RP61: 8/30/2010 3:07:13 PM - System Checkpoint
RP62: 8/31/2010 3:30:21 PM - System Checkpoint
RP63: 9/1/2010 4:16:42 PM - System Checkpoint
RP64: 9/2/2010 4:56:06 PM - System Checkpoint
RP65: 9/3/2010 7:08:23 PM - System Checkpoint
RP66: 9/4/2010 7:43:16 AM - Revo Uninstaller's restore point - URGE
RP67: 9/4/2010 7:43:39 AM - Removed URGE
RP68: 9/7/2010 7:21:02 AM - System Checkpoint
RP69: 9/8/2010 9:39:49 AM - System Checkpoint
RP70: 9/8/2010 7:55:47 PM - Avg8 Update
RP71: 9/9/2010 8:59:38 PM - Revo Uninstaller's restore point - WinRAR archiver
RP72: 9/10/2010 8:31:31 PM - 123
RP73: 9/10/2010 8:32:14 PM - Restore Operation
RP74: 9/10/2010 8:39:54 PM - Avg8 Update
RP75: 9/10/2010 9:34:56 PM - Restore Operation
RP76: 9/12/2010 2:35:19 PM - System Checkpoint
RP77: 9/12/2010 5:50:40 PM - abc

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
Atari: The 80 Classic Games
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Auslogics Disk Defrag
AVG Free 8.5
Bonjour
Canon i350
CCleaner
Click to DVD 2.0 Menu Data
Click to DVD 2.0.02
CPUID CPU-Z 1.55
Critical Update for Windows Media Player 11 (KB959772)
Defraggler
Drag'n Drop CD+DVD
DVgate Plus
ERUNT 1.1j
ESET Online Scanner v3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
iPod for Windows 2005-01-11
iPod for Windows 2005-02-07
iPod for Windows 2005-02-22
iPod for Windows 2005-03-23
iPod for Windows 2005-06-26
iPod Updater 2004-08-06
iPod Updater 2004-10-20
iPod Updater 2004-11-15
iTunes
Java Auto Updater
Java™ 6 Update 21
Malwarebytes' Anti-Malware
Maxtor Manager
Memory Stick Formatter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
Move Media Player
Mozilla Firefox (3.6.8)
MSN Music Assistant
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OpenMG Limited Patch 3.4-03-12-16-01
OpenMG Secure Module 3.4.00
PictureGear Studio 2.0
QuickTime
RealPlayer
Recuva
Revo Uninstaller 1.89
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SonicStage 2.0.02
Sony Certificate PCH
Sony Video Shared Library
Speccy
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
Trojan Remover 6.8.2
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.0
VAIO Media Integrated Server 3.0
VAIO Media Redistribution 3.0
VAIO Registration
VAIO SLIT-C Screen Saver
VAIO SLIT Pattern Wallpaper
VAIO Survey Standalone
VAIO System Information
VAIO Update 2
Viewpoint Manager (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Welcome to VAIO life
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB821253
Windows XP Service Pack 3
WingMan Software
Yahoo! Address AutoComplete
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/7/2010 6:42:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SbcpHid
9/11/2010 2:00:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/11/2010 10:28:33 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
9/10/2010 7:35:06 PM, error: Service Control Manager [7000] - The rootrepeal service failed to start due to the following error: The system cannot find the file specified.
9/10/2010 7:26:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SbcpHid Tcpip
9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/10/2010 7:26:18 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/10/2010 7:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/10/2010 7:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-11 14:01:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Bruce\LOCALS~1\Temp\uxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF74F787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF74F7BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
where else have you posted for help
  • 0

#3
bru20

bru20

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I posted on malwarebytes. Every helper has their tools and I am being told by a relatively new person to reset ip, winsock and clean out things such as prefetch. Most others want to run scans and see logs.

My research into hosts: 127.0.0.1 www.spywareinfo.com has left me a little confused. If it is a false positive not sure why I would need to do those things. If I do have a rootkit as initially suspected I would thnk they'd want me to do some scans.
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
well I see you are being helped here

http://forums.malwar...topic=62479&hl=

There is no point being helped at multiple forums, it wastes our time which is already over-stretched and can cause problems.


LDTate knows what he is doing, let him fix things up.

Do tell him that you are infected with Goored though.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP