Update problem

[G-Sun]

Combofix log

ComboFix 09-02-10.01 - Geir 2009-02-10 20:39:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.670 [GMT 1:00]
Running from: c:\documents and settings\Geir\My Documents\Lager\Nedlastinger\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Geir\Application Data\Adobe\crc.dat
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-4-0-34-100011647-100005600-100010835-1785.com
c:\windows\system32\drivers\gaopdxfdfheexi.sys
c:\windows\system32\drivers\gaopdxvxuxovhe.sys
c:\windows\system32\drivers\gaopdxwvpwunyr.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxtmackoeb.dll
c:\windows\system32\tmp.reg
D:\Autorun.inf
d:\recycler\S-0-0-61-100008505-100021214-100001935-8630.com
d:\recycler\S-1-3-69-100020169-100031701-100016567-3420.com
d:\recycler\S-3-8-27-100000899-100015421-100028273-9385.com
d:\recycler\S-4-0-34-100011647-100005600-100010835-1785.com
d:\recycler\S-5-6-18-100015743-100001399-100025054-7625.com
E:\Autorun.inf
e:\recycler\S-0-0-61-100008505-100021214-100001935-8630.com
e:\recycler\S-1-3-69-100020169-100031701-100016567-3420.com
e:\recycler\S-3-8-27-100000899-100015421-100028273-9385.com
e:\recycler\S-4-0-34-100011647-100005600-100010835-1785.com
e:\recycler\S-5-6-18-100015743-100001399-100025054-7625.com
F:\Autorun.inf
f:\recycler\S-0-0-61-100008505-100021214-100001935-8630.com
f:\recycler\S-1-3-69-100020169-100031701-100016567-3420.com
f:\recycler\S-3-8-27-100000899-100015421-100028273-9385.com
f:\recycler\S-4-0-34-100011647-100005600-100010835-1785.com
f:\recycler\S-5-6-18-100015743-100001399-100025054-7625.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-10 18:47 . 2009-02-10 18:47 <DIR> d-------- C:\VundoFix Backups
2009-02-10 18:32 . 2009-02-10 18:32 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 18:20 . 2009-02-10 18:21 <DIR> d-------- c:\program files\CleanUp!
2009-02-10 18:09 . 2009-02-10 18:09 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-02-10 15:45 . 2009-02-10 15:45 <DIR> d-------- c:\documents and settings\Tone\Application Data\Search Settings
2009-02-09 09:12 . 2009-02-09 09:28 69 --a------ c:\windows\NeroDigital.ini
2009-02-04 11:15 . 2009-02-04 11:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 11:15 . 2009-02-04 11:15 <DIR> d-------- c:\documents and settings\Geir\Application Data\Malwarebytes
2009-02-04 11:15 . 2009-02-04 11:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-04 11:15 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 11:15 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-03 18:05 . 2009-01-18 22:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-03 13:43 . 2009-02-03 13:43 <DIR> d-------- c:\program files\Lavasoft
2009-02-03 13:43 . 2009-02-03 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-03 13:43 . 2009-02-03 13:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-03 13:43 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-28 18:17 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-26 03:07 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-26 03:07 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-26 03:07 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-25 20:28 . 2009-01-25 20:28 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-18 09:25 . 2009-02-10 08:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-01-15 12:19 . 2009-01-15 12:19 <DIR> d-------- c:\program files\PremiumSoft
2009-01-14 19:59 . 2006-04-13 11:30 1,073,152 --a------ c:\windows\system32\libmysql_c.dll
2009-01-14 19:53 . 2009-01-20 13:01 <DIR> d-------- c:\documents and settings\Geir\Application Data\MySQL
2009-01-14 13:19 . 2009-01-14 13:18 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-14 13:09 . 2009-01-14 13:16 <DIR> d-------- c:\documents and settings\Geir\.SunDownloadManager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:59 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-10 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-10 14:45 --------- d-----w c:\program files\Google
2009-02-10 12:38 --------- d-----w c:\documents and settings\Geir\Application Data\FileZilla
2009-02-04 10:57 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-04 10:57 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-04 10:57 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-31 11:35 --------- d-----w c:\program files\Cakewalk
2009-01-31 11:32 --------- d-----w c:\program files\Dealio
2009-01-31 11:27 --------- d-----w c:\program files\Common Files\Apple
2009-01-28 16:49 --------- d-----w c:\documents and settings\Geir\Application Data\Azureus
2009-01-28 16:36 --------- d-----w c:\program files\Vuze
2009-01-21 16:14 --------- d-----w c:\program files\FileZilla FTP Client
2009-01-14 13:35 --------- d-----w c:\program files\CCleaner
2009-01-14 12:18 --------- d-----w c:\program files\Java
2009-01-09 17:51 --------- d-----w c:\documents and settings\Geir\Application Data\Ahead
2009-01-07 23:44 4 ----a-w c:\program files\confirm.txt
2009-01-06 14:07 --------- d-----w c:\program files\Common Files\Ahead
2009-01-06 14:07 --------- d-----w c:\program files\Ahead
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-24 19:38 58 ----a-w c:\program files\Restart and perform chkdsk.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-07 294912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EWX 2496 ControlPanel.lnk - c:\program files\AudioSystem EWX 2496\EwxCpl.exe [2008-08-20 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 11:57 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\xampp\\apache\\bin\\apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgcmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgiproxy.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgwdsvc.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-03 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-28 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-20 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-20 107272]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R3 ews88mt;EWS88 WDM Audio;c:\windows\system32\drivers\ews88wdm.sys [2005-12-08 85824]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-29 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 298264]
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]

2009-02-05 c:\windows\Tasks\All backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 01:12]

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-02 c:\windows\Tasks\defrag c.job
- c:\windows\system32\defrag.exe [2008-04-14 01:12]

2009-02-09 c:\windows\Tasks\defrag d.job
- c:\windows\system32\defrag.exe [2008-04-14 01:12]

2009-01-19 c:\windows\Tasks\defrag e.job
- c:\windows\system32\defrag.exe [2008-04-14 01:12]

2009-01-26 c:\windows\Tasks\defrag f.job
- c:\windows\system32\defrag.exe [2008-04-14 01:12]

2009-02-08 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 01:12]

2009-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1960408961-2146942695-1003.job
- c:\documents and settings\Geir\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:32]

2009-01-07 c:\windows\Tasks\Restart and perform chkdsk c.job
- c:\program files\Restart and perform chkdsk.bat [2008-10-24 20:38]

2009-02-04 c:\windows\Tasks\Sonar Projects.job
- c:\windows\system32\ntbackup.exe [2008-04-14 01:12]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Geir\Application Data\Mozilla\Firefox\Profiles\ki5lkda0.default\
FF - prefs.js: browser.startup.homepage - hxxp://online.no/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Geir\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 20:42:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-10 20:44:03
ComboFix-quarantined-files.txt 2009-02-10 19:43:54

Pre-Run: 23,640,461,312 bytes free
Post-Run: 23,627,440,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XP Kontor (C)" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Ubuntu Studio (G)" /noexecute=optin /fastdetect

201 --- E O F --- 2009-01-26 12:32:54

 

[G-Sun]

Fixed (I guess)

Seems like it's fixed!!

I can now update my AV.
The Combofix detected a rootkitinfection, and seemed to get rid of it.

Thanks a lot Osiris!! :laughing:

 

[Osiris]

Can you run Malwarebytes now?

 

[G-Sun]

Can you run Malwarebytes now?

Yes, I can now update and run Malware. Took a quick scan -zero infections.
Do you think it's necessary to continue down your SRG-list?

And I have one more question:
I've been infected for 8-14 days. What are the security-risk involved? I'm thinking mostly of usernames and passwords.

Thanks again!

 

[Osiris]

Just post a new hijackthis log and I will check it out. Who knows the risks, it could be anything. But it seems like you are clean.

Also, would you be so kind as to leave me some feedback on my site below? Thanks

 

[G-Sun]

Also, would you be so kind as to leave me some feedback on my site below? Thanks

Sure

 

[G-Sun]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:15, on 11.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AudioSystem EWX 2496\EwxCpl.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-682003330-1960408961-2146942695-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Tone')
O4 - HKUS\S-1-5-21-682003330-1960408961-2146942695-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Tone')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-682003330-1960408961-2146942695-1004 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Tone')
O4 - S-1-5-21-682003330-1960408961-2146942695-1004 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Tone')
O4 - S-1-5-21-682003330-1960408961-2146942695-1004 User Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Tone')
O4 - S-1-5-21-682003330-1960408961-2146942695-1004 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Tone')
O4 - Global Startup: EWX 2496 ControlPanel.lnk = C:\Program Files\AudioSystem EWX 2496\EwxCpl.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219223736644
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE640FBD-A490-4805-9D87-73A9D2E5CA29}: NameServer = 130.67.15.198 130.67.60.68
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 7103 bytes

 

[Osiris]

Log looks good but still have one question

Go to start, run and type cmd and press enter

then type in ipconfig /all

See if this IP 130.67.15.198 or 130.67.60.68 shows up and let me know

 

[G-Sun]

Yes, they show up under DNS servers.
Text for ip: www.hijackthis.de/whois.php

 

[Osiris]

Those entries are legit then