Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't delete files


  • This topic is locked This topic is locked
2 replies to this topic

#1 sowji520

sowji520

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 11 June 2013 - 06:31 AM

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by AdMiN at 16:43:15 on 2013-06-11
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.3061.505 [GMT 5.5:30]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Program Files\Desk 365\deskSvc.exe
C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\AdMiN\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\AdMiN\Local Settings\Temp\hsperfdata_AdMiN\explorer.exe
C:\Program Files\Desk 365\desk365.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\AdMiN\Application Data\uTorrent\uTorrent.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Optimizer Pro\OptProSmartScan.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\IPMsg\ipmsg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\AdMiN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500418AS_9VMNMWASXXXX9VMNMWAS&ts=1369821075
uDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500418AS_9VMNMWASXXXX9VMNMWAS&ts=1369821075
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500418AS_9VMNMWASXXXX9VMNMWAS&ts=1369821075
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500418AS_9VMNMWASXXXX9VMNMWAS&ts=1369821075
mSearchAssistant = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3500418AS_9VMNMWASXXXX9VMNMWAS&ts=0
mCustomizeSearch = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3500418AS_9VMNMWASXXXX9VMNMWAS&ts=0
uURLSearchHooks: <No Name>: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: DealPly Shopping: {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - c:\program files\dealply\DealPlyIE.dll
BHO: tuvaro Helper Object: {5CB02877-EFBC-4317-B608-9E24B11BAB40} - c:\program files\tuvaro\tuvaro\1.8.17.3\bh\tuvaro.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: SelectionLinks: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - c:\program files\oapps\SelectionLinks.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\admin\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\windows searchqu toolbar\datamngr\toolbar\searchqudtx.dll
BHO: Ask Search Assistant BHO: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Ask Toolbar BHO: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: Ask Toolbar: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: Ask Toolbar: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\windows searchqu toolbar\datamngr\toolbar\searchqudtx.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Tuvaro Toolbar: {6F001652-AF51-45C6-B029-86E0265A1851} - c:\program files\tuvaro\tuvaro\1.8.17.3\tuvaroTlbr.dll
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] <no file>
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NPSStartup] <no file>
dRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\ipmsgf~1.lnk - c:\program files\ipmsg\ipmsg.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{328B6984-5E2C-4832-9584-43730518D3F6} : NameServer = 202.56.250.5,125.22.47.125
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.0.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\browse~1\sprote~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {F4C1E312-9D6A-7ED3-E25E-E8C403C69C4C} - cmD.eXe   /q     /C     sTArt     ""    /i  /b JAvAw   -classpath    "c:\documents and settings\admin\local settings\temp\jar_cache1428701741580108800.tmp"  a
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008653&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en.v9.com/?utm_source=b&utm_medium=update&from=update&uid=ST3500418AS_9VMNMWASXXXX9VMNMWAS&ts=1369821075
FF - prefs.js: keyword.URL - 
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-04-17 13:21; {96f454ea-9d38-474f-b504-56193e00c1a5}; c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
FF - ExtSQL: 2013-04-18 12:22; avg@toolbar; c:\documents and settings\all users\application data\avg secure search\firefoxext\15.0.0.2
FF - ExtSQL: 2013-04-18 15:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-05-03 16:18; {E1B75450-31EA-492A-8734-11FF71FD12B8}; c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{E1B75450-31EA-492A-8734-11FF71FD12B8}
FF - ExtSQL: 2013-05-10 10:18; [email protected]; c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\[email protected]
FF - ExtSQL: 2013-05-29 15:21; [email protected]; c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\[email protected]
FF - ExtSQL: 2013-06-11 11:43; {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}; c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - ExtSQL: 2019-09-25 22:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\admin\application data\mozilla\firefox\profiles\n5b8ndrw.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.tuvaro.hpOld0 - hxxp://www.mysearchresults.com/?c=3513&t=07
FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=main&toolbarid=base&u=0c4109450000000000000019d1fabd12&q=
FF - user.js: extensions.tuvaro.id - 0c4109450000000000000019d1fabd12
FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
FF - user.js: extensions.tuvaro.instlDay - 15828
FF - user.js: extensions.tuvaro.vrsn - 1.8.17.3
FF - user.js: extensions.tuvaro.vrsni - 1.8.17.3
FF - user.js: extensions.tuvaro.vrsnTs - 1.8.17.317:42:13
FF - user.js: extensions.tuvaro.prtnrId - tuvaro
FF - user.js: extensions.tuvaro.prdct - tuvaro
FF - user.js: extensions.tuvaro.aflt - orgnl
FF - user.js: extensions.tuvaro.smplGrp - none
FF - user.js: extensions.tuvaro.tlbrId - base
FF - user.js: extensions.tuvaro.instlRef - 4c3f95e5
FF - user.js: extensions.tuvaro.dfltLng - 
FF - user.js: extensions.tuvaro.excTlbr - false
FF - user.js: extensions.tuvaro.ffxUnstlRst - false
FF - user.js: extensions.tuvaro.admin - false
FF - user.js: extensions.tuvaro.cam - 
FF - user.js: extensions.tuvaro.autoRvrt - false
FF - user.js: extensions.tuvaro.rvrt - false
FF - user.js: extensions.tuvaro.hmpg - true
FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=homepage&toolbarid=base&u=0c4109450000000000000019d1fabd12
FF - user.js: extensions.tuvaro.dfltSrch - true
FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=4c3f95e5&tbp=url&toolbarid=base&u=0c4109450000000000000019d1fabd12&q=
FF - user.js: extensions.tuvaro.dnsErr - true
FF - user.js: extensions.tuvaro.newTab - true
FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=4c3f95e5&tbp=tab&u=0c4109450000000000000019d1fabd12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2012-2-1 22312]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2013-5-21 24640]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-2-11 572928]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\admin\application data\defaulttab\defaulttab\DTUpdate.exe [2013-4-5 107520]
R2 desksvc;Desk 365 service;c:\program files\desk 365\deskSvc.exe [2013-4-16 424016]
R2 eSafeSvc;eSafe Service;c:\documents and settings\all users\application data\esafe\eGdpSvc.exe [2013-4-16 969280]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-2-1 238952]
R2 UDisk Monitor;UDisk Monitor;c:\program files\mblaze ui\bin\MonServiceUDisk.exe [2011-11-4 512000]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-23 1015984]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-2-1 36608]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-4-18 37664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2011-11-4 104704]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-06-11 07:21:52 -------- d-----w- c:\program files\WinPcap
2013-06-11 07:20:01 -------- d-----w- c:\windows\WM Recorder
2013-06-11 07:20:01 -------- d-----w- c:\program files\WMR14
2013-06-10 07:55:43 -------- d-----w- c:\program files\RAR Password Unlocker
2013-06-06 06:35:12 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-06-06 06:35:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-06-06 06:35:11 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-06-06 06:35:11 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-05-30 06:46:03 -------- d-----w- c:\documents and settings\admin\local settings\application data\Sun
2013-05-29 09:51:38 -------- d-----w- c:\documents and settings\admin\application data\DealPly
2013-05-29 09:51:33 -------- d-----w- c:\program files\DealPly
2013-05-29 05:39:59 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe
2013-05-29 05:39:59 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-05-29 05:39:59 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2013-05-29 05:39:59 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2013-05-29 05:39:59 3076504 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2013-05-29 05:39:59 279448 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2013-05-29 05:39:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-05-29 05:39:59 193824 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2013-05-29 05:39:59 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-05-29 05:39:59 117144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2013-05-29 05:39:59 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-05-25 09:47:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-22 10:47:22 -------- d-----w- c:\documents and settings\admin\local settings\application data\Help
2013-05-22 08:12:34 -------- d-----w- c:\program files\InPage 2012
2013-05-21 06:52:39 -------- d---a-w- C:\xampp
.
==================== Find3M  ====================
.
2013-05-25 09:47:22 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-25 09:47:21 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-25 09:47:21 788896 -c--a-w- c:\windows\system32\deployJava1.dll
2013-05-23 06:28:13 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-17 12:19:40 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-17 12:19:40 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 08:39:00 2516 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2013-04-16 08:38:35 88 -csh--r- c:\documents and settings\all users\application data\1B82EF7598.sys
.
============= FINISH: 16:48:59.60 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 11 June 2013 - 08:07 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.

 

 

 

 

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 14 June 2013 - 03:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users