Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A.exe,B.exe,C.exe, sshnas.dll,slow internet browser and download, very difficult connect internet lan, DDE server window, ccSvcHst.exe, can't login YM


  • This topic is locked This topic is locked
24 replies to this topic

#1 justnone

justnone

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 23 January 2010 - 10:57 PM

A.exe,B.exe,C.exe, sshnas.dll,slow internet browser and download, very difficult connect internet lan, DDE server window, ccSvcHst.exe, cannot login in yahoo messenger
Hi, I was buy a new Notebook Lenovo E43 in Dec 2009
• Microsoft Windows XP Professional version 2002 service pack 3 OEM version

I use internet with 512 kbps with installation:
• Utp cable with RJ-45 connector
• Router D Link DI-604 with 4 port H/W .:F5 S/W .:320
• Scientific Atlanta 2100 A Cisco company Modem
First , server and flash disk was infected (A,B,C).exe virus. And notebook was infected A.exe,B.exe,C.exe after I plug flashdisk into it. Then when I shutdown windows appear sshnas.dll popup. I was uninstall and reinstall Broadcom Ethernet driver 7 times this not solve the problem. I was uninstall Norton because ccSvcHst.exe popup appear when I want to shutdown windows.
Now my notebook is very difficult to connect internet although another user not use it, I was rename my MAC address with my server MAC address because with Original MAC address I rather difficult to connect internet. With Mac Address server almost when I first start or wake up from stand by I must disable and enable icon LAN connection, and sometimes must be go to Restart for connect or must be eject the Broadcom Ethernet in task bar menu then unplug and plug RJ 45 again. I use manually TCP/IP Address because when I use automatically TCP/IP never connect to internet. If connected use manually tcp/ip the notebook cannot shared use wireless
The internet very slow when browsing or download I use Down ThemAll and I see when downloading process speed nearly 0 and after that almost 0 byte/second
I cannot run windows recovery console and cannot disk defragment harddisk
I don’t really sure the virus was removed from the notebook because i still having problem with my notebook. I can't uninstall because the drivers in drive D and thing the drivers was infected too. Too many many data in harddisk and i don't know how to install this lenovo notebook
Help me,
Can the virus infected the router?
can I have my notebook in normally run without uninstall, please help me, thank’s for all
answer and helpers

Here I post DDS.text

DDS (Ver_09-12-01.01) - FAT32x86
Run by AM-06 at 22:42:29.60 on Sat 01/23/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.889.480 [GMT 7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\WINDOWS\System32\IgrsSvcs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\AM-06\My Documents\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://lenovo.live.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {6D826889-0D4E-4F55-967F-345084E8CD9C} = 202.73.99.4,61.247.0.4
TCP: {F42577EB-6A9C-48A1-881F-BBB92AA1BE18} = 202.73.99.4,61.247.0.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\am-06\applic~1\mozilla\firefox\profiles\9k9a6msd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-12-17 8832]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-14 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-1 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-1 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-1 360584]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-14 185089]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-1 285392]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-14 56816]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-12-17 36480]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-8-14 430080]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-8-14 47432]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-8-14 9472]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-11-24 174592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-12-17 8832]
S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 LNCDRV;LNCDRV;c:\windows\system32\drivers\lncdrv.sys [2008-12-23 10880]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-8-14 81192]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\ct_ztemt_u_usbser.sys --> c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [?]

=============== Created Last 30 ================

2010-01-19 12:52:30 0 d-sh--w- C:\FOUND.001
2010-01-15 15:00:19 0 d-----w- c:\docume~1\am-06\applic~1\.purple
2010-01-15 14:59:17 0 d-----w- c:\program files\Pidgin
2010-01-15 14:59:09 0 d-----w- c:\program files\common files\GTK
2010-01-09 02:37:32 0 d-sh--w- C:\FOUND.000
2010-01-08 03:54:58 0 d-----w- c:\docume~1\am-06\applic~1\ZTEMTUI
2010-01-08 03:53:41 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-08 03:53:41 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-08 00:41:36 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-01-08 00:41:29 0 d-----w- c:\windows\PrimoPDF4
2010-01-08 00:41:29 0 d-----w- c:\program files\activePDF
2010-01-04 13:59:55 0 d-----w- C:\VMWare XP Basic
2010-01-04 11:17:36 0 d-----w- c:\program files\Yahoo!

==================== Find3M ====================

2009-12-17 23:14:46 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 23:08:54 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-14 08:52:48 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-01 03:27:32 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-01 03:27:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 03:27:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-11-05 01:50:48 8050536 ----a-w- c:\program files\Firefox Setup 3.5.2.exe
2009-10-29 07:47:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:47:00 832512 ------w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:47:00 233472 ------w- c:\windows\system32\dllcache\webcheck.dll
2009-10-28 14:36:12 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:12 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-08-13 20:04:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 22:42:59.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 29 January 2010 - 07:17 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

Do you still require help?

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 justnone

justnone
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 31 January 2010 - 05:46 AM

hi thank's for your reply my problem question. my new problem is went open the notebook the antivir cannot automaticly activated and cannot connect the internet without activated antivir, sometimes went i shutdown appear 'iia monitor notification'
here i post a new dds.log and rootrepeal like you want.
dds.text

DDS (Ver_09-12-01.01) - FAT32x86
Run by AM-06 at 16:40:42.39 on Sun 01/31/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.889.493 [GMT 7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\WINDOWS\System32\IgrsSvcs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AM-06\My Documents\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://lenovo.live.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {6D826889-0D4E-4F55-967F-345084E8CD9C} = 202.73.99.4,61.247.0.4
TCP: {F42577EB-6A9C-48A1-881F-BBB92AA1BE18} = 202.73.99.4,61.247.0.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\am-06\applic~1\mozilla\firefox\profiles\9k9a6msd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.indowebster.com/2_VBNET2005WroxBeginningVisualBasic2005Nov2005.html
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-12-17 8832]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-14 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-1 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-1 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-1 360584]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-14 185089]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-1 285392]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-14 56816]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-12-17 36480]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-8-14 430080]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-8-14 47432]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-8-14 9472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-12-17 8832]
S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-11-24 174592]
S3 LNCDRV;LNCDRV;c:\windows\system32\drivers\lncdrv.sys [2008-12-23 10880]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-8-14 81192]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\ct_ztemt_u_usbser.sys --> c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [?]

=============== Created Last 30 ================

2010-01-29 15:07:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-29 15:04:19 0 d-----w- c:\program files\Skype
2010-01-24 07:33:22 0 d-----w- c:\program files\Mobile Partner
2010-01-19 12:52:30 0 d-sh--w- C:\FOUND.001
2010-01-15 15:00:19 0 d-----w- c:\docume~1\am-06\applic~1\.purple
2010-01-15 14:59:17 0 d-----w- c:\program files\Pidgin
2010-01-15 14:59:09 0 d-----w- c:\program files\common files\GTK
2010-01-09 02:37:32 0 d-sh--w- C:\FOUND.000
2010-01-08 03:54:58 0 d-----w- c:\docume~1\am-06\applic~1\ZTEMTUI
2010-01-08 03:53:41 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-08 03:53:41 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-08 00:41:36 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-01-08 00:41:29 0 d-----w- c:\windows\PrimoPDF4
2010-01-08 00:41:29 0 d-----w- c:\program files\activePDF
2010-01-04 13:59:55 0 d-----w- C:\VMWare XP Basic
2010-01-04 11:17:36 0 d-----w- c:\program files\Yahoo!

==================== Find3M ====================

2009-12-17 23:14:46 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 23:08:54 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-14 08:52:48 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-01 03:27:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-11-05 01:50:48 8050536 ----a-w- c:\program files\Firefox Setup 3.5.2.exe
2009-08-13 20:04:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 16:41:16.92 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 31 January 2010 - 02:47 PM

Hello again,

QUOTE
hi thank's for your reply my problem question. my new problem is went open the notebook the antivir cannot automaticly activated and cannot connect the internet without activated antivir, sometimes went i shutdown appear 'iia monitor notification'

I'm not quite understanding what you're trying to say there. Are you saying that Avira doesn't startup correctly when you boot up the system?

Is that the only issue you have currently?

Can you run an online scan for me please.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 justnone

justnone
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 03 February 2010 - 07:08 AM

hi sorry late reply your post
I am sorry if you cann't understand my problem.
here i explain the problems, i experienced were until i post this email
- i am still have my first email problem in my notebook(ex like very difficult connect with internet by LAN cable with RJ 45 etc)
- i am still have my second email problem (Avira doesn't startup correctly when you boot up the system and sometimes iia monitor notify popup when shutdown system)
- i having new problems sometimes when shutdown system rundll popup appear in monitor
Please read my all post again if do not objections
thank's
i was scan with kaspersky like you want in 8 hours

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 04 February 2010 - 08:01 PM

Okay. Let's begin with Combofix.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 justnone

justnone
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 06 February 2010 - 03:50 AM

dear extremeboy here i post log.txt of combofix like you want. thank You

Attached Files

  • Attached File  log.txt   20.85KB   11 downloads


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 07 February 2010 - 02:11 PM

Hello again.

Okay, let's get an online scan done now.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 12 February 2010 - 04:42 PM

Hello.

Are you still there? Do you still require help?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 justnone

justnone
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 18 February 2010 - 09:51 AM

Dear, Extremboy

I sorry i am late repy your post, i cannot do your instruction because my internet very slow and my experience scan online with kaspersky want 8-10hour and i still work in monday to friday, and i cannot do this, can you give some day again in holiday if you still advice me to scan with kaspersky online, thank you

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 19 February 2010 - 05:10 PM

Okay, I see. If you can't get it done, then just forget about it and just take a new DDS scan for me and post it so I can see. The previous logs were looking good. smile.gif
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 26 February 2010 - 09:51 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 27 February 2010 - 02:04 PM

Re-opened upon user's request.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 justnone

justnone
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 28 February 2010 - 02:15 AM

Dear Extremeboy,
First I thank's to your re-open my topic. here i post dds.text, attach.text like you want


DDS (Ver_09-12-01.01) - FAT32x86
Run by AM-06 at 11:04:06.34 on Sat 02/27/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.889.499 [GMT 7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\IgrsSvcs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\AM-06\My Documents\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://lenovo.live.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {6D826889-0D4E-4F55-967F-345084E8CD9C} = 202.73.99.4,61.247.0.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\am-06\applic~1\mozilla\firefox\profiles\9k9a6msd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-12-17 8832]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-14 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-1 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-1 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-1 360584]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-14 185089]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-1 285392]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-14 56816]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-12-17 36480]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-8-14 430080]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-8-14 47432]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-8-14 9472]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-11-24 174592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-12-17 8832]
S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 LNCDRV;LNCDRV;c:\windows\system32\drivers\lncdrv.sys [2008-12-23 10880]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-8-14 81192]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\ct_ztemt_u_usbser.sys --> c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [?]

=============== Created Last 30 ================

2010-02-06 11:48:43 0 d-sh--w- C:\Recycled
2010-02-06 08:15:02 98816 ----a-w- c:\windows\sed.exe
2010-02-06 08:15:02 77312 ----a-w- c:\windows\MBR.exe
2010-02-06 08:15:02 261632 ----a-w- c:\windows\PEV.exe
2010-02-06 08:15:02 161792 ----a-w- c:\windows\SWREG.exe
2010-02-04 02:11:20 0 d-----w- C:\FOUND.003
2010-02-02 11:25:58 0 d-----w- C:\FOUND.002
2010-02-02 06:51:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-02 06:51:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-29 15:07:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-29 15:04:19 0 d-----w- c:\program files\Skype

==================== Find3M ====================

2009-12-17 23:14:46 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 23:08:54 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-01 03:27:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-05 01:50:48 8050536 ----a-w- c:\program files\Firefox Setup 3.5.2.exe
2009-11-02 11:05:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009110220091103\index.dat
2009-08-13 20:04:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 11:04:25.40 ===============


ATTACH.text


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2009 5:11:23 PM
System Uptime: 2/27/2010 10:51:39 AM (1 hours ago)

Motherboard: Lenovo | | LE9
Processor: Intel Pentium III Xeon processor | U2E1 | 1995/800mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 188 GiB total, 107.8 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 13.568 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/22/2009 10:15:53 AM - System Checkpoint
RP2: 12/23/2009 2:00:22 PM - Avg8 Update
RP3: 12/24/2009 9:22:56 AM - Installed Windows Media Player 11
RP4: 12/25/2009 11:53:05 AM - System Checkpoint
RP5: 12/29/2009 9:44:14 PM - System Checkpoint
RP6: 12/31/2009 5:08:44 PM - System Checkpoint
RP7: 1/2/2010 5:50:13 PM - Avg8 Update
RP8: 1/6/2010 11:54:41 AM - System Checkpoint
RP9: 1/7/2010 6:23:05 PM - System Checkpoint
RP10: 1/8/2010 7:41:40 AM - Printer Driver PrimoPDF Installed
RP11: 1/13/2010 8:21:47 PM - Software Distribution Service 3.0
RP12: 1/18/2010 2:38:52 PM - System Checkpoint
RP13: 1/19/2010 11:44:20 AM - Avg8 Update
RP14: 1/21/2010 7:37:21 PM - System Checkpoint
RP15: 1/23/2010 9:14:16 AM - System Checkpoint
RP16: 1/24/2010 2:34:51 PM - Unsigned driver install
RP17: 1/27/2010 8:28:10 AM - Avg8 Update
RP18: 2/2/2010 1:50:56 PM - Installed Java™ 6 Update 18
RP19: 2/3/2010 4:27:48 PM - System Checkpoint
RP20: 2/4/2010 9:36:13 PM - Unsigned driver install
RP21: 2/13/2010 10:10:08 AM - System Checkpoint
RP22: 2/16/2010 10:59:46 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
AVG Free 9.0
Avira AntiVir Personal - Free Antivirus
Broadcom Gigabit NetLink Controller
Business Contact Manager for Outlook 2007 SP1
Conexant HD Audio
Energy Management
GTK+ Runtime 2.14.7 rev a (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java™ 6 Update 18
Lenovo OneKey Recovery
Lenovo ReadyComm 4.0
Lenovo System Repair - Windows Update Monitor
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.8)
MSN
MSXML 6.0 Parser
Pidgin
Power2Go
PowerDVD
PrimoPDF
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 3.8
Synaptics Pointing Device Driver
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Toolbar
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== End Of File ===========================


#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:56 AM

Posted 28 February 2010 - 03:52 PM

Can you let me know how your computer is running now? Any problems/symptoms left?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users