Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vimax Ads, Antivirus sites not opening, no updates for definitions, AVG, McAfee, SuperAntiSpyware did not help


  • This topic is locked This topic is locked
3 replies to this topic

#1 PrinceHector

PrinceHector

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 17 March 2009 - 03:42 PM

I am facing issues with the suspected virus/trojan attack.

I run WinXP on my machine and I noticed this issue when I started seeing Vimax ads on my yahoo account. I initially was amused, but then I noticed the automatic updates to my McAfee installation are failing. Also, I'm unable to play any sounds on my machine.

Too some extent I was able to tie audio not available issue to Windows Service being in terminated status. For the internet connectivity issue, I am able to connect to most sites; except a few which provide anti-virus services.
Even after starting all networking services, I am unable to see any items under my "Network Connections". The Windows service for XP themes also gets terminated after few minutes from restart.

I also check the EventViewer logs, and most services have logged unexpected termination.

I tried performing cleanups by using "Malwarebytes' Anti-Malware".
The C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) keeps appearing in mbam logs when I run mbam utility after booting the system in safe mode. Strangely enough, mbam identifies it as infection, but doesn't quarantine the file and just says "No Action Taken".
Upon deleting the C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent), it keeps re-appearing with each reboot.

Can you please help me getting rid of this completely?

Appreciate all your help.

Thanks.

Attaching the log as per the prep guide.

-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by gsa at 1:56:01.70 on Wed 03/18/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.118 [GMT 5.5:30]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\6747f62c-ec49-4a33-8b79-d9ee98f6c4ae.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\gsa\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p7 /q c:\docume~1\gsa\locals~1\temp\suppor~1.sh! c:\docume~1\gsa\locals~1\tempor~1\content.ie5\cfo96bkb\defaul~1.sh! c:\docume~1\gsa\locals~1\tempor~1\content.ie5\zi1bcm56\mvtapp~1.sh! c:\docume~1\gsa\locals~1\tempor~1\content.ie5\cfo96bkb\SCANRE~1.SH!
uRun: [Google Update] "c:\documents and settings\gsa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\18158a9b-1f85-4f1d-93d5-1f401f420f37.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\windows\installer\{b2ae44cb-2aab-4c08-a54b-d264bd604da8}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://www.eset.com.sg/softdown/files/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {356CFCCC-0DA0-431A-8EF6-48E4606CAA92} = 192.168.1.1,61.1.96.71
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gsa\applic~1\mozilla\firefox\profiles\93gh7ftf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\documents and settings\gsa\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-10 130424]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-10 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-10 1095560]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-24 201320]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 206096]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-24 359248]
S2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-8-24 144704]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-24 695624]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-24 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-24 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-24 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-24 40488]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-8-15 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-8-15 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-03-18 01:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-18 01:13 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-18 01:13 <DIR> --d----- c:\docume~1\gsa\applic~1\SUPERAntiSpyware.com
2009-03-18 00:54 <DIR> a-dshr-- C:\autorun.inf
2009-03-17 11:37 4,408 a------- c:\windows\system32\tmp.reg
2009-03-17 11:16 <DIR> --d----- c:\program files\ESET
2009-03-15 15:45 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-15 12:17 <DIR> --d----- c:\docume~1\gsa\applic~1\Malwarebytes
2009-03-15 12:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-15 12:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 12:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 12:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-14 09:18 <DIR> --d----- c:\docume~1\gsa\applic~1\True Sword
2009-03-14 09:18 <DIR> --d----- c:\program files\True Sword 5
2009-03-13 16:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-13 16:16 <DIR> --d----- c:\program files\AVG
2009-03-13 16:07 <DIR> --d----- C:\New Folder
2009-03-11 14:28 44,544 a------- c:\windows\system32\msxml4a.dll
2009-03-11 14:28 <DIR> --d----- c:\program files\Spyware Doctor Enterprise Server
2009-03-11 14:25 <DIR> --d----- C:\PC Tools Spyware Doctor Enterprise
2009-03-10 20:27 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-10 20:26 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-10 20:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-10 20:23 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-10 20:23 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-10 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-10 20:23 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-10 20:23 <DIR> --d----- c:\docume~1\gsa\applic~1\PC Tools
2009-03-08 08:58 <DIR> --d----- c:\program files\Collapse II
2009-03-07 23:43 <DIR> --d----- C:\Gamehouse
2009-02-26 12:46 74,760 a------- c:\windows\system32\drivers\UniversalDD.sys
2009-02-26 12:46 25,608 a------- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-02-21 13:04 <DIR> --d----- C:\Photos
2009-02-20 00:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-19 08:59 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-19 08:59 208,744 a------- c:\windows\system32\muweb.dll
2009-02-19 08:59 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-18 11:23 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-01-04 20:32 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 1:57:42.04 ===============

-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-

Attached Files


Edited by PrinceHector, 18 March 2009 - 11:16 AM.


BC AdBot (Login to Remove)

 


#2 PrinceHector

PrinceHector
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 19 March 2009 - 07:59 AM

I am facing issues with the suspected virus/trojan attack.

I run WinXP on my machine and I noticed this issue when I started seeing Vimax ads on my yahoo account. I initially was amused, but then I noticed the automatic updates to my McAfee installation are failing. Also, I'm unable to play any sounds on my machine.

Too some extent I was able to tie audio not available issue to Windows Service being in terminated status. For the internet connectivity issue, I am able to connect to most sites; except a few which provide anti-virus services.
Even after starting all networking services, I am unable to see any items under my "Network Connections". The Windows service for XP themes also gets terminated after few minutes from restart.

I also check the EventViewer logs, and most services have logged unexpected termination.

I tried performing cleanups by using "Malwarebytes' Anti-Malware".
The C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) keeps appearing in mbam logs when I run mbam utility after booting the system in safe mode. Strangely enough, mbam identifies it as infection, but doesn't quarantine the file and just says "No Action Taken".
Upon deleting the C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent), it keeps re-appearing with each reboot.

Can you please help me getting rid of this completely?

Appreciate all your help.

Thanks.

Attaching the log as per the prep guide.

-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-

DDS (Ver_09-03-16.01) - NTFSx86
Run by gsa at 18:16:13.87 on Thu 03/19/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6172\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Google Update] "c:\documents and settings\gsa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\18158a9b-1f85-4f1d-93d5-1f401f420f37.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://www.eset.com.sg/softdown/files/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {356CFCCC-0DA0-431A-8EF6-48E4606CAA92} = 192.168.1.1,61.1.96.71
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gsa\applic~1\mozilla\firefox\profiles\93gh7ftf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: c:\program files\siteadvisor\6172\ff\components\FFHook.dll
FF - plugin: c:\documents and settings\gsa\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-19 12:12 1,625 a------- c:\windows\system32\Config.MPF
2009-03-19 12:06 <DIR> --d----- c:\program files\SiteAdvisor
2009-03-19 12:06 <DIR> --d----- c:\docume~1\gsa\applic~1\SiteAdvisor
2009-03-19 12:05 33,800 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-19 12:05 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-19 12:05 201,288 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-19 12:05 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-19 12:05 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-19 12:05 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-03-19 12:05 <DIR> --d----- c:\program files\McAfee.com
2009-03-19 12:05 <DIR> --d----- c:\program files\common files\McAfee
2009-03-18 01:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-18 01:13 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-18 01:13 <DIR> --d----- c:\docume~1\gsa\applic~1\SUPERAntiSpyware.com
2009-03-18 00:54 <DIR> a-dshr-- C:\autorun.inf
2009-03-17 11:37 4,408 a------- c:\windows\system32\tmp.reg
2009-03-17 11:16 <DIR> --d----- c:\program files\ESET
2009-03-15 15:45 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-15 12:17 <DIR> --d----- c:\docume~1\gsa\applic~1\Malwarebytes
2009-03-15 12:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-15 12:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 12:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 12:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-14 09:18 <DIR> --d----- c:\docume~1\gsa\applic~1\True Sword
2009-03-14 09:18 <DIR> --d----- c:\program files\True Sword 5
2009-03-13 16:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-13 16:16 <DIR> --d----- c:\program files\AVG
2009-03-13 16:07 <DIR> --d----- C:\New Folder
2009-03-11 14:28 44,544 a------- c:\windows\system32\msxml4a.dll
2009-03-11 14:28 <DIR> --d----- c:\program files\Spyware Doctor Enterprise Server
2009-03-11 14:25 <DIR> --d----- C:\PC Tools Spyware Doctor Enterprise
2009-03-10 20:27 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-10 20:26 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-10 20:26 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-10 20:23 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-10 20:23 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-10 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-10 20:23 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-10 20:23 <DIR> --d----- c:\docume~1\gsa\applic~1\PC Tools
2009-03-08 08:58 <DIR> --d----- c:\program files\Collapse II
2009-03-07 23:43 <DIR> --d----- C:\Gamehouse
2009-02-26 12:46 74,760 a------- c:\windows\system32\drivers\UniversalDD.sys
2009-02-26 12:46 25,608 a------- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-02-21 13:04 <DIR> --d----- C:\Photos
2009-02-20 00:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-19 08:59 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-19 08:59 208,744 a------- c:\windows\system32\muweb.dll
2009-02-19 08:59 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-18 11:23 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-01-04 20:32 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 18:23:40.71 ===============

-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-

For the sake of context and continuity, topics have been merged. ~ OB

Edited by Orange Blossom, 19 March 2009 - 06:19 PM.


#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 28 March 2009 - 12:19 PM

Hello PrinceHector,

I apologise for the delay, the forum is busy.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
----------------------------------------------
Can you also post the latest Malwarebytes' Anti-Malware report? You will find it in Logs Tab.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 03 April 2009 - 11:12 AM

Due to the lack of feedback, this Topic is now closed and will not be reopened.
If you still need help, begin a new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users