Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"No disc in Drive. Please insert disk into DR1"


  • This topic is locked This topic is locked
4 replies to this topic

#1 Adelina

Adelina

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 22 October 2010 - 07:04 AM

when programs open a message box saying 'no disk in drive" pops up. In the upper left corner of the box is the program .exe file name. I ran spybot in both safe and normal modes and nothing. Here is my HIJACK this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:25 AM, on 10/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IVRPIIC\HijackThis[1].exe
C:\Users\FAMILY~1\AppData\Local\Temp\winxgxil.exe
C:\Users\FAMILY~1\AppData\Local\Temp\w16d0ea7.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Family Computer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Family Computer\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 7187 bytes

Edited by hamluis, 22 October 2010 - 03:55 PM.
Moved from Vista forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Adelina

Adelina
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 23 October 2010 - 07:17 AM

Hi:
When I open applications like adobe/skype/or IE i get a error message box that says "no disc in drive. please insert disc into DR1". Also, in the upper left hand corner of the box will be the name of the application file.exe that is open.

Here are my HiJack This, ActiveScan and AVG files:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:39 AM, on 10/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Family Computer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 7676 bytes



;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-10-23 04:53:06
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free Edition 2011 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\family_computer@atdmt[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\family_computer@com[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][3].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\family_computer@realmedia[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\family_computer@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\family_computer@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\family_computer@target[1].txt
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\printer\5600-6600\install\x86\uninst.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\video\r180788\tvwsetup.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\dotnet\dotnetfx.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\dotnetfx.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\gdp.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r193316\vista\rthdvcpl.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\printer\5600-6600\install\x86\instgui.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\program files\microsoft works\lnchtour.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\program files\microsoft works\wksdb.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\program files\microsoft works\wkssb.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\programdata\adobe\photoshop elements\5.0\flash galleries\dynamic\flashplayer\windows\saflashplayer.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\users\family computer\appdata\local\magicjack\updatedownload\update2.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r192245\jre6u7.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\printer\5600-6600\applications\app4r\tools\windowsinstaller-kb893803-v2-x86.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r166862\imgr32b.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\printer\5600-6600\applications\app4r\tools\dotnetfx.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\audio\r180772\rtlupd.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\audio\r180772\rthdvcpl.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r95499\setup.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\vcredist_x86.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r193316\vista\rtlupd.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\liveupdate_ex.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r100928\dj2_a02.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================





AVG 2011 Anti-Virus command line scanner
Copyright © 1992 - 2010 AVG Technologies
Program version 10.0.1144, engine 10.0.422
Virus Database: Version 422/3213 2010-10-22

C:\Users\Family Computer\AppData\Roaming\mjusbsp\cdloader2.exe Virus found Win32/Heur Object was moved to Virus Vault.
HKU\S-1-5-21-227957727-225015110-4046808138-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cdloader Found registry key with reference to infected file C:\Users\Family Computer\AppData\Roaming\mjusbsp\cdloader2.exe Object was moved to Virus Vault.
C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\DELL\docs\EXTRACT.EXE Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R193316\ChCfg.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R193316\SetCDfmt.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R193316\Setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R193316\Vista\AERTSrv.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R88925\Setup.EXE Virus found Win32/Heur Object was moved to Virus Vault.
C:\Documents and Settings\ Locked file. Not tested.
C:\Drivers\printer\5600-6600\Applications\Autoprnt\AutoPrnt.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\Applications\ToolBar\setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\Applications\ToolBarOffice\setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\drivers\win_xp2k\i386\LXDUupd.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\drivers\win_xp2k\i386\LXDUwbgw.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\drivers\win_xp2k\i386\LXDUwupd.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\Setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\hkcmd.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxcfg.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxext.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxpers.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxsrvc.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxtray.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxzoom.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igxpun.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\GDPHOME\liveupdate.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\GDPHOME\setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\Microsoft Works\MSWorks.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\Setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WkCalRem.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WkChkMU.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WkDStore.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WkRegAmu.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\wksab.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WksCal.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WksDict.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\wksss.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WksWP.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\ProgramData\Adobe\Photoshop Elements\5.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\ProgramData\AVG10\log\avg-161cde71-cc96-4e63-95bc-17121f8a9870.tmp Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6832e518755fa9e14acf087a01f9887_51642c6d-a341-4608-9944-392fff34ad98 Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\Adobe\Reader 9.1\Setup Files\Setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Users\Family Computer\AppData\Local\Apps\2.0\R1R8EJB2.E80\QQAGKRH3.5GR\clic...exe_f84b370c827b5c7a_0001.0002_none_c4007a823033b006\GoogleUpdateSetup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Users\Family Computer\AppData\Local\Apps\2.0\R1R8EJB2.E80\QQAGKRH3.5GR\goog...app_f84b370c827b5c7a_0001.0002_d758a7131f1c552c\GoogleUpdateSetup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Users\Family Computer\AppData\Local\History\ Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L370829G\SkypeSetupFull[1].exe Corrupted executable file Object was moved to Virus Vault.
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\VirtualStore\Windows\System32\net.net Trojan horse Clicker.AAPC Object was moved to Virus Vault.
C:\Users\Family Computer\Documents\My Music\ Locked file. Not tested.
C:\Users\Family Computer\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Family Computer\Documents\My Videos\ Locked file. Not tested.
C:\Users\Family Computer\NetHood\ Locked file. Not tested.
C:\Users\Family Computer\ntuser.dat Locked file. Not tested.
C:\Users\Family Computer\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Family Computer\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Family Computer\PrintHood\ Locked file. Not tested.
C:\Users\Family Computer\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\components Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\default Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\sam Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\security Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\software Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\system Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\systemprofile\AppData\Local\History\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\My Music\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\My Pictures\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\My Videos\ Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 2187442
Found infections : 40
Found PUPs : 0
Healed infections : 40
Healed PUPs : 0
Warnings : 2
------------------------------------------------------------

Edited by Orange Blossom, 23 October 2010 - 04:20 PM.
Moved from Vista forum to Malware Removal Logs ~ Hamluis. Merged topics. ~ OB


#3 Adelina

Adelina
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 27 October 2010 - 10:36 PM

Hi:
When I open applications like adobe/skype/or IE i get a error message box that says "no disc in drive. please insert disc into DR1". Also, in the upper left hand corner of the box will be the name of the application file.exe that is open. After I ran AVG in safe mode..that error message no longer pops up, but can someone take a look at this for me...Thanks

Here are my HiJack This, ActiveScan and AVG files:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:39 AM, on 10/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Family Computer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 7676 bytes



;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-10-23 04:53:06
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free Edition 2011 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\family_computer@atdmt[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\family_computer@com[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][3].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\family_computer@realmedia[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\family_computer@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\family_computer@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\family computer\appdata\roaming\microsoft\windows\cookies\low\family_computer@target[1].txt
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\printer\5600-6600\install\x86\uninst.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\video\r180788\tvwsetup.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\dotnet\dotnetfx.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\dotnetfx.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\gdp.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r193316\vista\rthdvcpl.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\printer\5600-6600\install\x86\instgui.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\program files\microsoft works\lnchtour.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\program files\microsoft works\wksdb.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\program files\microsoft works\wkssb.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\programdata\adobe\photoshop elements\5.0\flash galleries\dynamic\flashplayer\windows\saflashplayer.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\users\family computer\appdata\local\magicjack\updatedownload\update2.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r192245\jre6u7.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\printer\5600-6600\applications\app4r\tools\windowsinstaller-kb893803-v2-x86.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r166862\imgr32b.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\printer\5600-6600\applications\app4r\tools\dotnetfx.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\audio\r180772\rtlupd.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\drivers\audio\r180772\rthdvcpl.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r95499\setup.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\vcredist_x86.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r193316\vista\rtlupd.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\gdphome\liveupdate_ex.exe
06192730 W32/Sality.AA Virus No 0 Yes No c:\dell\drivers\r100928\dj2_a02.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================





AVG 2011 Anti-Virus command line scanner
Copyright © 1992 - 2010 AVG Technologies
Program version 10.0.1144, engine 10.0.422
Virus Database: Version 422/3213 2010-10-22

C:\Users\Family Computer\AppData\Roaming\mjusbsp\cdloader2.exe Virus found Win32/Heur Object was moved to Virus Vault.
HKU\S-1-5-21-227957727-225015110-4046808138-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cdloader Found registry key with reference to infected file C:\Users\Family Computer\AppData\Roaming\mjusbsp\cdloader2.exe Object was moved to Virus Vault.
C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\DELL\docs\EXTRACT.EXE Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R193316\ChCfg.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R193316\SetCDfmt.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R193316\Setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R193316\Vista\AERTSrv.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\DELL\drivers\R88925\Setup.EXE Virus found Win32/Heur Object was moved to Virus Vault.
C:\Documents and Settings\ Locked file. Not tested.
C:\Drivers\printer\5600-6600\Applications\Autoprnt\AutoPrnt.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\Applications\ToolBar\setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\Applications\ToolBarOffice\setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\drivers\win_xp2k\i386\LXDUupd.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\drivers\win_xp2k\i386\LXDUwbgw.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\drivers\win_xp2k\i386\LXDUwupd.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\printer\5600-6600\Setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\hkcmd.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxcfg.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxext.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxpers.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxsrvc.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxtray.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igfxzoom.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Drivers\video\R180788\igxpun.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\GDPHOME\liveupdate.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\GDPHOME\setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\pagefile.sys Locked file. Not tested.
C:\Program Files\Microsoft Works\MSWorks.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\Setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WkCalRem.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WkChkMU.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WkDStore.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WkRegAmu.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\wksab.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WksCal.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WksDict.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\wksss.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Program Files\Microsoft Works\WksWP.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\ProgramData\Adobe\Photoshop Elements\5.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\ProgramData\AVG10\log\avg-161cde71-cc96-4e63-95bc-17121f8a9870.tmp Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6832e518755fa9e14acf087a01f9887_51642c6d-a341-4608-9944-392fff34ad98 Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\Adobe\Reader 9.1\Setup Files\Setup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Users\Family Computer\AppData\Local\Apps\2.0\R1R8EJB2.E80\QQAGKRH3.5GR\clic...exe_f84b370c827b5c7a_0001.0002_none_c4007a823033b006\GoogleUpdateSetup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Users\Family Computer\AppData\Local\Apps\2.0\R1R8EJB2.E80\QQAGKRH3.5GR\goog...app_f84b370c827b5c7a_0001.0002_d758a7131f1c552c\GoogleUpdateSetup.exe Virus found Win32/Heur Object was moved to Virus Vault.
C:\Users\Family Computer\AppData\Local\History\ Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L370829G\SkypeSetupFull[1].exe Corrupted executable file Object was moved to Virus Vault.
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Family Computer\AppData\Local\VirtualStore\Windows\System32\net.net Trojan horse Clicker.AAPC Object was moved to Virus Vault.
C:\Users\Family Computer\Documents\My Music\ Locked file. Not tested.
C:\Users\Family Computer\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Family Computer\Documents\My Videos\ Locked file. Not tested.
C:\Users\Family Computer\NetHood\ Locked file. Not tested.
C:\Users\Family Computer\ntuser.dat Locked file. Not tested.
C:\Users\Family Computer\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Family Computer\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Family Computer\PrintHood\ Locked file. Not tested.
C:\Users\Family Computer\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\components Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\default Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\sam Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\security Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\software Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\system Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\systemprofile\AppData\Local\History\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\My Music\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\My Pictures\ Locked file. Not tested.
C:\Windows\System32\config\systemprofile\Documents\My Videos\ Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 2187442
Found infections : 40
Found PUPs : 0
Healed infections : 40
Healed PUPs : 0
Warnings : 2

Edited by Budapest, 28 October 2010 - 04:07 PM.
Topics merged ~BP


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:28 AM

Posted 31 October 2010 - 04:28 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:28 AM

Posted 06 November 2010 - 05:58 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users