Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected issues - unsure which is causing problem


  • This topic is locked This topic is locked
7 replies to this topic

#1 kitten.pickle

kitten.pickle

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:Seattle
  • Local time:06:09 AM

Posted 26 April 2009 - 04:22 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by xxxxxxx at 14:13:57.23 on Sun 04/26/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.218 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\xxxxxxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\xxxxxxx\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot2\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\xxxxxxx\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AS00_WPN511] c:\program files\netgear\wpn511\utility\WPN511.exe -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot2\spybot~1\SDHelper.dll
LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xxxxxxx\applic~1\mozilla\firefox\profiles\n5dfy0ne.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\xxxxxxx\application data\mozilla\firefox\profiles\n5dfy0ne.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\xxxxxxx\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\xxxxxxx\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-20 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-20 55024]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-13 47640]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-8-22 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-8-22 122368]
R2 PAVDRV;Panda anti-virus driver;c:\windows\system32\drivers\PAVDRV51.SYS [2005-7-1 60160]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2009-1-15 16194]
R3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\drivers\wpn511.sys [2009-1-15 488992]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 12192]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-20 7408]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\comfiltr.sys --> c:\windows\system32\drivers\COMFiltr.sys [?]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2003-1-24 24197]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [2005-3-7 184832]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-3-1 245760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 PAVFIRES;Panda Firewall Service;c:\program files\panda software\panda platinum internet security\firewall\Pavfires.exe [2005-7-1 155648]
S4 PAVSRV;Panda anti-virus service;c:\program files\panda software\panda platinum internet security\PAVSRV51.EXE [2005-7-1 233534]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-04-17 15:10 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-04-17 15:10 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-15 07:06 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 07:06 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-15 07:06 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 07:06 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 07:06 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 07:06 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 07:06 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 07:06 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 07:06 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 07:05 <DIR> --d-h--- c:\windows\$hf_mig$
2009-04-07 21:59 1,409 a------- c:\windows\QTFont.for
2009-04-07 21:59 54,156 a---h--- c:\windows\QTFont.qfn

==================== Find3M ====================

2009-04-07 20:18 229,312 ac------ c:\docume~1\xxxxxxx\applic~1\GDIPFONTCACHEV1.DAT
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 07:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 03:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 03:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 03:20 723,456 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 03:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 03:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 03:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 10:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 10:24 2,180,480 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 10:22 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 09:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 09:54 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 09:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 09:49 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 09:49 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 13:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 13:08 55,808 -------- c:\windows\system32\dllcache\secur32.dll
2008-03-23 01:25 724,984 a------- c:\documents and settings\xxxxxxx\gotomypc_437.exe
2008-03-06 20:09 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-02-27 17:28 0 ac------ c:\program files\temp01
2007-02-09 23:57 722,176 ac------ c:\documents and settings\xxxxxxx\gotomypc_428.exe
2006-08-22 23:36 563,712 ac------ c:\documents and settings\xxxxxxx\gotomypc_370.exe
2008-09-01 01:14 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat
2008-09-03 15:03 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 14:14:49.92 ===============

Attached Files


Edited by kitten.pickle, 26 April 2009 - 04:22 PM.


BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:09 PM

Posted 10 May 2009 - 03:51 AM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue please post a fresh DSS log back here :thumbup2:
Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:09 PM

Posted 14 May 2009 - 11:09 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:09 PM

Posted 14 May 2009 - 10:18 PM

Topic reopened :thumbup2:
Posted Image

#5 kitten.pickle

kitten.pickle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:Seattle
  • Local time:06:09 AM

Posted 17 May 2009 - 01:34 PM

I had added Avast since the last DDS and disabled it, hope this is working correctly.

Most of these progs listed in the log are not used and not even in the add/remove screen. :thumbup2:

Attached Files


Edited by kitten.pickle, 17 May 2009 - 01:45 PM.


#6 kitten.pickle

kitten.pickle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:Seattle
  • Local time:06:09 AM

Posted 17 May 2009 - 01:44 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by xxxxxx at 11:36:56.33 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.215 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090510-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\xxxxxx\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\xxxxxx\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot2\spybot~1\SDHelper.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\xxxxxx\local settings\application

data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot2\spybot - search & destroy\TeaTimer.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program

files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

{53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot2\spybot~1\SDHelper.dll
LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -

hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -

hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -

hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common

files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xxxxxx\applic~1\mozilla\firefox\profiles\n5dfy0ne.default\
FF - prefs.js: browser.search.selectedEngine - Google@Omgili
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\xxxxxx\application

data\mozilla\firefox\profiles\n5dfy0ne.default\extensions\logmeinclient@logmein.com\plugins\n

pRACtrl.dll
FF - plugin: c:\documents and settings\xxxxxx\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\xxxxxx\local settings\application

data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-12 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys

[2009-5-12 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-12

108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-20 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-20 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe

[2009-5-12 138680]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-12 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys

[2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System

Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-13 47640]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe

[2005-8-22 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe

[2005-8-22 122368]
R2 PAVDRV;Panda anti-virus driver;c:\windows\system32\drivers\PAVDRV51.SYS [2005-7-1

60160]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2009-1-15

16194]
R3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter

Service;c:\windows\system32\drivers\wpn511.sys [2009-1-15 488992]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24

12192]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-20 7408]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe

[2009-5-12 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil

software\avast4\ashWebSv.exe [2009-5-12 352920]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\comfiltr.sys -->

c:\windows\system32\drivers\COMFiltr.sys [?]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\ftd2xx.sys -->

c:\windows\system32\drivers\FTD2XX.sys [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys

[2005-3-7 184832]
S3 mcupdmgr.exe;McAfee SecurityCenter Update

Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-3-1 245760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 PAVFIRES;Panda Firewall Service;c:\program files\panda software\panda platinum internet

security\firewall\pavfires.exe --> c:\program files\panda software\panda platinum internet

security\firewall\PavFires.exe [?]
S4 PAVSRV;Panda anti-virus service;"c:\program files\panda software\panda platinum internet

security\pavsrv51.exe" --> c:\program files\panda software\panda platinum internet

security\pavsrv51.exe [?]

=============== Created Last 30 ================

2009-05-17 11:12 <DIR> --d----- c:\windows\pss
2009-05-16 10:00 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-15 15:20 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-05-12 12:04 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-12 11:48 <DIR> -cd-h--- C:\$AVG8.VAULT$
2009-05-12 11:34 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-12 11:34 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-12 11:34 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-12 11:34 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-12 11:33 <DIR> --d----- c:\program files\AVG
2009-05-12 11:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-12 10:47 <DIR> --d----- c:\windows\peernet
2009-05-12 10:47 <DIR> --d----- c:\program files\common files\mssoap
2009-05-12 10:33 <DIR> --d----- c:\windows\Registration
2009-05-11 19:01 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-11 17:44 <DIR> --d----- c:\program files\DellSupport
2009-05-11 16:55 272,128 a------- c:\windows\system32\dllcache\bthport.sys
2009-05-11 16:55 202,752 a------- c:\windows\system32\dllcache\rmcast.sys
2009-05-11 16:55 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-11 16:55 333,184 a------- c:\windows\system32\dllcache\srv.sys
2009-05-11 16:55 683,520 a------- c:\windows\system32\dllcache\inetcomm.dll
2009-05-11 14:24 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2009-05-11 14:06 <DIR> --d----- c:\windows\system32\scripting
2009-05-11 14:06 <DIR> --d----- c:\windows\system32\en
2009-05-11 14:06 <DIR> --d----- c:\windows\system32\bits
2009-05-11 13:55 510,976 a------- c:\windows\system32\dllcache\wab32.dll
2009-05-11 13:54 983,552 a------- c:\windows\system32\setupapi.dll
2009-05-11 13:29 <DIR> --d----- c:\program files\Uniblue
2009-05-11 13:29 <DIR> --d----- c:\docume~1\xxxxxx\applic~1\Uniblue
2009-05-11 13:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-05-07 14:52 161,792 a------- c:\windows\SWREG.exe
2009-05-07 14:52 98,816 a------- c:\windows\sed.exe
2009-04-17 15:10 0 a---h---

c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-04-17 15:10 0 a---h---

c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

==================== Find3M ====================

2009-05-12 00:31 87,691 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-07 20:18 229,312 ac------

c:\docume~1\xxxxxx\applic~1\GDIPFONTCACHEV1.DAT
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 07:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 07:44 283,648 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-03-23 01:25 724,984 a------- c:\documents and settings\xxxxxx\gotomypc_437.exe
2008-03-06 20:09 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-02-09 23:57 722,176 ac------ c:\documents and settings\xxxxxx\gotomypc_428.exe
2006-08-22 23:36 563,712 ac------ c:\documents and settings\xxxxxx\gotomypc_370.exe

============= FINISH: 11:38:26.84 ===============

#7 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:09 PM

Posted 17 May 2009 - 10:35 PM

Hello

Step #1
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either avast! Antivirus or AVG Free 8.5.

Step #2
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

My Way Search Assistant

Step #3
Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Step #4

Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Click Update -tab and click Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Step #5
Please post a Mbam results and a fresh DSS.log back here :thumbup2:
Posted Image

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:09 PM

Posted 26 May 2009 - 10:31 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users