Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Laptop


  • This topic is locked This topic is locked
19 replies to this topic

#1 creativegd

creativegd

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:08:32 AM

Posted 11 February 2009 - 09:14 AM

I have a HP laptop that got infected while on the internet. At first it seemed it had the XP Police software. After reading your tutorial how to get rid of this through using Malwarebytes. That seemed to take care of this. However, now every time I do a scan it finds more and more trojans, spyware and so many other things. I have experienced the Blue screen twice and tried to remedy the problem in safe mode. It always seems that it is cleaned up and virus free then Internet Explorer is hijacked with popups and ads and the computer gets very slow. I have run the following scans:

Malwarebytes
A-Squared
AVG
Ewido
Hijackthis

I have also run the dds as recommended in your tutorials. It is posted here with the hijack this log.

Please advice if you need me to do anything further or need more information.

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:32 AM

Posted 23 February 2009 - 11:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.

Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to

every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below

so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may

have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean

and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet

and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 creativegd

creativegd
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:08:32 AM

Posted 26 February 2009 - 08:30 PM

Hi, Thank you for your reply.

I have attached the results of a new DDS scan here. Overall there seems to be improvement as the pop ups have stoped to a large degree. I was getting alot of freezing and computer shut down for no apparent reason but the laptop has been ok for a little time now. I hope it will continue.

Please let me know if you still see anything that needs to be dealt with and what I need to do.

Thank you
Heidi


DDS (Ver_09-02-01.01) - NTFSx86
Run by Srila Gurudeva at 20:20:41.17 on Thu 02/26/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1160 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090226-0] *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\JungleDisk\junglediskmonitor.exe
C:\Program Files\Targus BT Mouse\MulMouse.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Targus BT Mouse\osd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Srila Gurudeva\Desktop\Software\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: {61A2FC70-E829-44E9-B290-4B51F67F35F0} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {D4F9E87F-3EAF-467B-AC2A-43EA4DF694FB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\srilag~1\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\jungle~1.lnk - c:\program files\jungledisk\junglediskmonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\targus~1.lnk - c:\program files\targus bt mouse\MulMouse.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://install.charter.com/diskless/bin/tgctlcm.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://ids.southeasterntech.edu/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168308030671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: 4858b92c530 - c:\windows\system32\EpPicPrt32.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: awtqpQIA - awtqpQIA.dll
AppInit_DLLs: c:\windows\system32\EpPicPrt32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\srilag~1\applic~1\mozilla\firefox\profiles\86vw6dxx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - FireSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.ffsearch.net/s/?ref=adr&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-10 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-11 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-15 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-1 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-15 107272]
R1 BtFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\BtFltr.sys [2007-2-19 13849]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-2-11 421496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-11 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-11 138680]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-15 298264]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-7-30 110200]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-11 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-11 352920]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10741.sys [?]
S4 Letterhead Fonts Service;Letterhead Fonts Service;c:\program files\letterhead fonts\LHFService.exe [2007-2-25 266240]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-02-15 22:27 <DIR> -cd-h--- C:\$AVG8.VAULT$
2009-02-15 22:13 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-15 22:13 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-15 22:13 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-15 22:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-15 22:13 <DIR> --d----- c:\docume~1\srilag~1\applic~1\AVGTOOLBAR
2009-02-15 22:13 <DIR> --d----- c:\program files\AVG
2009-02-15 22:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-15 21:49 <DIR> --dsh--- C:\found.000
2009-02-15 20:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-15 20:02 161,792 a------- c:\windows\swreg.exe
2009-02-15 20:02 98,816 a------- c:\windows\sed.exe
2009-02-13 00:44 0 a------- c:\windows\system32\16B.tmp
2009-02-13 00:44 0 a------- c:\windows\system32\16A.tmp
2009-02-11 10:57 529 a------- c:\windows\system32\winlogon2.exe
2009-02-11 07:50 <DIR> --d----- c:\docume~1\srilag~1\applic~1\IObit
2009-02-11 07:50 <DIR> --d----- c:\program files\IObit
2009-02-11 01:48 9,446 a------- c:\windows\GnuHashes.ini
2009-02-11 01:40 1,417 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-02-11 01:40 <DIR> --dsh--- c:\windows\system32\LocalService32
2009-02-11 01:15 <DIR> --d----- c:\program files\a-squared Free
2009-02-11 01:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-02-11 01:11 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-02-11 00:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-11 00:54 <DIR> --d----- c:\docume~1\srilag~1\applic~1\SUPERAntiSpyware.com
2009-02-10 13:05 <DIR> --d----- c:\docume~1\srilag~1\applic~1\Twain
2009-02-10 13:00 <DIR> --d----- c:\program files\WebShow
2009-02-10 12:55 <DIR> --d----- c:\program files\Mjcore
2009-02-10 09:55 <DIR> --d----- c:\docume~1\srilag~1\applic~1\cogad
2009-02-10 09:55 <DIR> -cd----- c:\temp\sTMP3
2009-02-10 09:45 59 a------- c:\windows\system32\senekakrrvdrcs.dat
2009-02-10 09:45 1,104 a------- c:\windows\ofhqbrwe
2009-02-10 09:40 47,166 a------- c:\windows\system32\senekatjlkqpjb.dat
2009-02-10 09:36 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-10 09:24 0 a------- c:\windows\PROTOCOL.INI
2009-02-10 09:23 <DIR> --d----- c:\program files\TypingMaster
2009-02-10 09:23 299,520 a------- c:\windows\uninst.exe
2009-02-10 09:23 <DIR> --d----- c:\documents and settings\srila gurudeva\WINDOWS

==================== Find3M ====================

2009-02-10 09:40 884,768 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-02-10 09:40 5,152 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-02-08 22:15 7,978,016 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-08 22:15 64,456 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-20 11:37 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-06-27 21:31 133 a------- c:\program files\AutoUpdate.dat
2007-08-29 15:43 191,624 a------- c:\docume~1\srilag~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 20:21:15.78 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2006 6:46:54 PM
System Uptime: 2/26/2009 9:41:28 AM (11 hours ago)

Motherboard: Hewlett-Packard | | 30A7
Processor: Genuine Intel® CPU T2600 @ 2.16GHz | U1 | 2161/mhz
Processor: Genuine Intel® CPU T2600 @ 2.16GHz | U1 | 2161/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 11.382 GiB free.
D: is CDROM ()
F: is NetworkDisk (FAT) - 112 GiB total, 11.382 GiB free.
J: is NetworkDisk (FAT) - 112 GiB total, 11.382 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP124: 2/10/2009 9:45:41 AM - System Checkpoint
RP125: 2/10/2009 9:45:43 AM - System Checkpoint
RP126: 2/10/2009 9:45:46 AM - Installed Java™ 6 Update 11
RP127: 2/10/2009 9:45:49 AM - Installed Java Runtime Environment
RP128: 2/10/2009 9:45:53 AM - System Checkpoint
RP129: 2/10/2009 9:45:54 AM - System Checkpoint
RP130: 2/10/2009 9:45:57 AM - System Checkpoint
RP131: 2/10/2009 9:45:58 AM - System Checkpoint
RP132: 2/10/2009 9:45:58 AM - System Checkpoint
RP133: 2/10/2009 9:45:58 AM - System Checkpoint
RP134: 2/10/2009 9:45:59 AM - System Checkpoint
RP135: 2/10/2009 9:46:01 AM - System Checkpoint
RP136: 2/10/2009 9:46:04 AM - System Checkpoint
RP137: 2/10/2009 9:46:06 AM - System Checkpoint
RP138: 2/10/2009 9:46:07 AM - System Checkpoint
RP139: 2/10/2009 9:46:07 AM - System Checkpoint
RP140: 2/15/2009 10:13:12 PM - Installed AVG Free 8.0
RP141: 2/16/2009 6:50:21 AM - Software Distribution Service 3.0
RP142: 2/16/2009 10:38:21 PM - Avg8 Update
RP143: 2/17/2009 11:01:45 PM - System Checkpoint
RP144: 2/19/2009 11:30:23 PM - System Checkpoint
RP145: 2/20/2009 11:37:24 PM - System Checkpoint
RP146: 2/22/2009 10:31:02 AM - System Checkpoint
RP147: 2/24/2009 12:29:14 PM - System Checkpoint
RP148: 2/25/2009 1:37:07 AM - Software Distribution Service 3.0
RP149: 2/26/2009 12:18:10 PM - Software Distribution Service 3.0

==== Installed Programs ======================


a-squared Free 4.0
ABBYY FineReader 5.0 Sprint Plus
Able2Extract Professional v5.0
Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Bridge 1.0
Adobe Color Common Settings
Adobe Common File Installer
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Photoshop CS2 Functional Content
Adobe Production Studio
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Video Suite Extras
Advanced SystemCare 3
AdwarePro 1.0
AnswerWorks 5.0 English Runtime
AOL Coach Version 1.0(Build:20030807.3)
AOL Registration
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
AudiMovie
Audio DVD Creator 1.9.1.0
avast! Antivirus
AVG Free 8.0
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Canon MF Toolbox 4.9.1.1.mf06
Canon MF4200 Series
CCleaner (remove only)
Charter High Speed Internet Self-Installation Wizard
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Diacritic Fonts
DVD Audio Ripper 4
DVD Decoder Pak for Windows XP
EPSON Copy Utility 3
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ErrorKiller
FileZilla (remove only)
Folder Marker v 1.4
GetDataBack for NTFS
GMail Drive Shell Extension
Google Gmail Notifier
Google Updater
GoToMeeting/GoToWebinar 3.0.0.198
Group Mail
Hardlock Patch Files
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896243)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Integrated Module with Bluetooth wireless technology
HP Quick Launch Buttons 6.00 G2
HP Wireless Assistant 2.00 E1
Intel® PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Jungle Disk for Windows
Learn2 Player (Uninstall Only)
Letterhead Fonts
LimeWire PRO 4.10.3
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.6)
MP3 to SWF Converter 2.6 build 918
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyFonts Order M743838
Nero - Burning Rom
Netflix Movie Viewer
NetWaiting
Nokia Connectivity Adapter Cable DKU-5
Norton Security Scan
NVIDIA Drivers
NVIDIA DVD Decoder
Octoshape add-in for Adobe Flash Player
OpenOffice.org Installer 1.0
Panda ActiveScan 2.0
Picasa 2
Plaxo Toolbar for Outlook and Outlook Express
Qlock Lite
Quicken 2008
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
RegCure 1.5.0.0
Registry Mechanic 6.0
Roxio Easy Media Creator 7
Safari
Samsung ML-2010 Series
ScreenPrint32 v3.5
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sony Sound Forge 8.0b
SopCast 1.1.1
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Targus BT Mouse 1.00.01 (Build 1000)
TBS WMP Plug-in
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Uniblue DriverScanner 2009
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
Wireless Home Network Setup
XoftSpy

==== Event Viewer Messages From Past Week ========

2/19/2009 8:31:12 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/19/2009 8:31:12 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/19/2009 8:31:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
2/24/2009 10:48:21 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2/25/2009 9:26:58 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2/25/2009 9:33:19 AM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.

==== End Of File ===========================

Edited by Billy O'Neal, 26 February 2009 - 09:28 PM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:32 AM

Posted 26 February 2009 - 09:31 PM

Hello, creativegd
You appear to have a Registry Cleaner installed!
The following is referring to Advanced SystemCare 3
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
We need to back up your registry
  • Please download ERUNT and save it to your desktop.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 creativegd

creativegd
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:08:32 AM

Posted 27 February 2009 - 06:26 PM

Hi Thank you for your advice. I have followed everything you mentioned including removing the Advanced SystemCare 3. I was installing everything I could to get rid of the virus/s.

Here are the logs you asked for.

Let me know what needs to be done further.

Thank you
Heidi

Attached Files



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:32 AM

Posted 27 February 2009 - 06:37 PM

Hello, creativegd
We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTLI
    FF - prefs.js..browser.search.selectedEngine: "FireSearch"
    O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {61A2FC70-E829-44E9-B290-4B51F67F35F0} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {D4F9E87F-3EAF-467B-AC2A-43EA4DF694FB} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-839522115-57989841-725345543-1003\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-839522115-57989841-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Value error. File not found
    O15 - HKLM\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
    O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
    O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\S-1-5-21-839522115-57989841-725345543-1003\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
    O15 - HKU\S-1-5-21-839522115-57989841-725345543-1003\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\EpPicPrt32.dll) - C:\WINDOWS\System32\EpPicPrt32.dll File not found
    O20 - Winlogon\Notify\__c00E6ACA: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\4858b92c530: DllName - C:\WINDOWS\System32\EpPicPrt32.dll - C:\WINDOWS\System32\EpPicPrt32.dll File not found
    O20 - Winlogon\Notify\awtqpQIA: DllName - awtqpQIA.dll -  File not found
    O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O33 - MountPoints2\{beb1cd32-6837-11db-8bb0-90d21089110d}\Shell\AutoRun\command - "" = setupSNK.exe
    O33 - MountPoints2\{cc599f06-80d6-11db-8bc4-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{cc599f06-80d6-11db-8bc4-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cc599f06-80d6-11db-8bc4-00038a000015}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\url.DLL -- [2008/12/20 18:15:39 | 00,105,984 | ---- | M] (Microsoft Corporation)
    :commands
    [ResetHosts]
    [Reboot]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 12.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

In your next reply, please include the following:
  • OTListIt2 Fix Log
  • A new OTListIt2 log (Scan Mode Again)

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 creativegd

creativegd
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:08:32 AM

Posted 04 March 2009 - 01:52 AM

Thank you for the fixes and advice. I have followed everything that you sent including the Java uninstall and reinstall. One thing was when I was running the OTListIt2.exe it did ask me to reboot so there was no log report after rebooting. I ran the scan and got the text report from that and then after some time this other report poped up so I am assuming this is the log you mentioned. Let me know if I need to run again if this is not right.

Heidi

Attached Files



#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:32 AM

Posted 04 March 2009 - 11:42 PM

Hello, creativegd
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbup2:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:32 AM

Posted 09 March 2009 - 07:51 PM

Hello, creativegd
Are you still here?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 creativegd

creativegd
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:08:32 AM

Posted 09 March 2009 - 09:01 PM

Yes, I am still here. Let e run the combo fix as you suggest and I will post the log.

Thank you
Heidi

#11 creativegd

creativegd
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:08:32 AM

Posted 09 March 2009 - 09:42 PM

Please find here the combo fix log. Had trouble disabling AVG. It seems to not a full shut down mode. I tried uninstalling it and it would not let me due to an error. Combofix completed and everthing seems ok. Please let me know if I need to redo.

Thank you

Attached Files



#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:32 AM

Posted 09 March 2009 - 09:47 PM

Hello, creativegd
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:32 AM

Posted 11 March 2009 - 08:23 PM

Hello, creativegd
Are you still here?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:32 AM

Posted 13 March 2009 - 07:07 PM

Hello, creativegd
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 creativegd

creativegd
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:08:32 AM

Posted 13 March 2009 - 11:01 PM

Please see the previous thread titled Infected Laptop. Billy was helping me resolve the problem. I could not get back to the computer in time before the thread was closed.

Please find here the log report Billy asked for from an Eset online scan. One infection was found.

Also found that IE would not work for some reason so reinstalled. Also I am getting the firefox browser hyjacked with google toolbar. Everytime firefox is opened up I get 3 tabs - one being the google toorbar ad and installation. It never goes away.

Anyway I hope this report will be helpful and again I apologize for not being able to get back in time.

Heidi

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3936 (20090313)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9ec0f6d7d0abc24c9c9fc2d1dc8db237
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-14 02:43:16
# local_time=2009-03-13 10:43:16 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=457035
# found=1
# scan_time=6610
C:\WINDOWS\system32\LocalService32\47.music.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) D8F73BE5A34F7B9EEC5DAC29C4F8E173




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users