Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After Malware removal all browers crashing


  • Please log in to reply
16 replies to this topic

#1 glorypam

glorypam

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 02 June 2010 - 06:10 PM

My computer had a malware that pretended to an anti-virus program and made my computer go to porn sites. I did not remove the malware. A friend did it for me using Malwarebytes.

The antivirus thing is gone and my computer is running normally except for the browsers and network card.

First, the network card gave me a cable unplugged message. The other computers are online and running great. I changed the ethernet cable with a new one. No luck.

I bought a usb wifi and tried to get online like my laptop does. At first it worked and then later when I launched Firefox it said "send error report." Well after several tries, my phone rang and distracted me. When I got back to the computer I noticed I was online behind the "send error report" popup. I dragged pop up out of the way and had no trouble online for couple hours. Weird.

I closed the browser and then reopened it. Got the pop up, moved it out of the way, but this time it crashed after 5 minutes and it kept happening.

I went into the plug-ins and extensions and disabled all of them. No luck. Still crashed.

So I thought Firefox was screwed up, and I tried to get online with IE. Nothing.

I tried installed opera, chrome, and safari. They could not get online.

Then I tried uninstalling firefox, (with revo uninstaller) and reinstalling a fresh one. The first time I opened the browser is worked great. Closed the browser and got the error report popup.

Currently, when I start up my computer, I have no problem getting online, as long as I never close the first firefox window I opened. If I do that by accident, the whole error pop up problem starts up and I have to reboot.

Sorry for the long note. I wanted to give you as much detail as possible.

(Also, my computer now makes a tiny beep noise about every eight minutes. It is coming from inside the computer. My speakers are off.)

______________


DDS (Ver_10-03-17.01) - NTFSx86
Run by Marilyn Doty at 18:46:59.78 on Wed 06/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.107 [GMT -4:00]

AV: Total Protection for Small Business *On-access scanning enabled* (Outdated) {8C354827-2F54-4E28-90DC-AD391E77808C}
AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\BookingBuilder\BBLoader.EXE
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Amaprt\MainSrv.exe
C:\Amaprt\AmaPrt.exe
C:\Amaprt\AmaPrt.exe
C:\Amaprt\ComAdapt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\BookingBuilder\BBComm.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Automatic Update\AutoUpdateGUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Marilyn Doty\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: LMBHO Class: {b2c9a858-a8be-426c-b1c7-7fd258b28caa} - c:\program files\bookingbuilder\LMIECTR2.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BookingBuilder GDS Interface] c:\program files\bookingbuilder\LMGDSInt.EXE
uRun: [BookingBuilder Loader] c:\program files\bookingbuilder\BBLoader.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\marilyn doty\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BookingBuilder GDS Interface] c:\program files\bookingbuilder\LMGDSInt.EXE
mRun: [BookingBuilder Loader] c:\program files\bookingbuilder\BBLoader.EXE
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\documents and settings\marilyn doty\start menu\programs\startup\ezTIPS.appref-ms
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aeuniversity.com
Trusted Zone: agentnet.com
Trusted Zone: amadeus.com
Trusted Zone: amadeus.com\*
Trusted Zone: amadeus.com\content
Trusted Zone: amadeus.com\webconfig
Trusted Zone: amadeus.net
Trusted Zone: amadeuscruise.com
Trusted Zone: amadeuscruise.com\*
Trusted Zone: amadeusferry.com
Trusted Zone: amadeusferry.com\*
Trusted Zone: amadeusporoweb.com
Trusted Zone: amadeusproprinter.com
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusproweb.com\*
Trusted Zone: amadeusVista
Trusted Zone: amadeusvista.com
Trusted Zone: amadeusvista.com\*
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
Trusted Zone: amadeus.com\*
Trusted Zone: amadeus.com\content
Trusted Zone: amadeus.com\webconfig
Trusted Zone: amadeus.net\content.1a
Trusted Zone: amadeuscruise.com
Trusted Zone: amadeuscruise.com\*
Trusted Zone: amadeusferry.com
Trusted Zone: amadeusferry.com\*
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusproweb.com\*
Trusted Zone: amadeusvista.com
Trusted Zone: amadeusvista.com\*
Trusted Zone: amadeusvista.com\Muc.http.farm6.software
Trusted Zone: amadeusvista.com\Muc.http.farm8.software
Trusted Zone: amadeusvista.com\Muc.https.farm11.software
Trusted Zone: amadeusvista.com\Muc.https.farm5.software
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {051FE707-9706-11D5-A836-000102A7C938} - hxxp://amadeusvista.com/AutomaticUpdate/AutoUpdateATL.CAB
DPF: {0EE3D181-E3DB-4ADD-9AEE-82FDD4B8921F} - hxxp://content.amadeus.com/Scripts/JetBlue/install.cab
DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} - hxxp://amadeusvista.com/vwp/common/cabs/VistaPWComms.CAB
DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} - hxxp://amadeusvista.com/vwp/common/cabs/SP2Patch.CAB
DPF: {5472BF37-B79D-4D23-8A70-43233F54D614} - hxxp://content.amadeus.com/Scripts/eSupport/Install.CAB
DPF: {5CCB8990-66EF-4466-B051-CD27FA3821DF} - hxxp://extranets.us.amadeus.com/techservices/documents/SoftwareDistribution/Amadeus-CS-MIA/AmadeusCanadaLibrary/msi/V1.0.2/install.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174317041328
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
DPF: {E2E92FDA-7588-11D3-8F93-00008321C804} - hxxp://amadeuscruise.com/common/cabs/MSIInspect.CAB
DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} - hxxp://certificates.amadeusvista.com/certificateinfo/CCCert_Info.CAB
DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} - hxxp://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mljhiggg
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marily~1\applic~1\mozilla\firefox\profiles\yoh8wrgx.default\
FF - plugin: c:\documents and settings\marilyn doty\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-26 11608]
R2 AmadeusProPrinter;AmadeusProPrinter;c:\amaprt\Mainsrv.exe [2004-4-22 86079]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-26 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-26 60936]
R2 BBComm;BookingBuilder Communication Service;c:\program files\bookingbuilder\BBComm.EXE [2008-11-18 77824]
S1 4hT5344;4hT5344;c:\windows\system32\drivers\4hT5344.sys [2001-8-18 550272]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\program files\malwarebytes' anti-malware\catchme.sys --> c:\program files\malwarebytes' anti-malware\catchme.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-11-10 255600]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-11-10 87664]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-11-10 235120]
S4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe /servicestart --> c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [?]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]

=============== Created Last 30 ================

2010-06-02 22:39:54 0 d-----w- c:\program files\Trend Micro
2010-06-02 09:22:18 0 d-----w- C:\ComboFix
2010-06-01 16:27:38 0 d-----w- c:\program files\CCleaner
2010-05-27 12:27:08 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-27 12:27:06 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-27 12:27:06 7846 ----a-w- c:\windows\system32\rt73.cat
2010-05-27 12:27:06 245248 ----a-w- c:\windows\system32\rt73.sys
2010-05-27 12:27:05 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-05-27 12:27:05 245248 ----a-w- c:\windows\system32\drivers\rt73.sys
2010-05-27 12:27:05 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-27 12:27:00 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2010-05-27 12:27:00 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2010-05-27 12:27:00 17992 ----a-w- c:\windows\bcm42rly.sys
2010-05-27 12:26:59 32768 ----a-w- c:\windows\system32\GTGina.dll
2010-05-27 12:26:50 0 d-----w- c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2010-05-27 12:26:46 1361 ----a-w- c:\windows\system32\WLAN.INI
2010-05-27 12:25:49 0 d-----w- C:\Linksys Driver
2010-05-26 18:15:28 7680 --sha-w- c:\windows\Thumbs.db
2010-05-26 14:59:51 0 d-----w- c:\docume~1\marily~1\applic~1\Avira
2010-05-26 14:54:11 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-26 14:53:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-05-26 14:53:49 0 d-----w- c:\program files\Avira
2010-05-25 14:39:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-17 18:27:11 0 d-----w- C:\spoolerlogs

==================== Find3M ====================

2010-03-19 20:33:09 82160 ----a-w- c:\docume~1\marily~1\applic~1\GDIPFONTCACHEV1.DAT
2010-03-19 19:15:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2008-04-16 22:39:20 275176 --sha-w- c:\windows\system32\gggihjlm.ini2
2010-01-25 16:21:39 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-01-25 16:21:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012520100126\index.dat

============= FINISH: 18:48:21.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 05 June 2010 - 09:35 PM

Hi and welcome. smile.gif

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 05 June 2010 - 11:29 PM

Thanks EB. I really appreciate the help. It is 12:28am here in NY. When I wake up tomorrow I will post the logs.

Have a good night!

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 06 June 2010 - 01:41 PM

Sounds good.

You too. Seems we live in the same time zone. ;)
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 06 June 2010 - 02:36 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Marilyn Doty at 12:12:43.01 on Sun 06/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.281 [GMT -4:00]

AV: Total Protection for Small Business *On-access scanning enabled* (Outdated) {8C354827-2F54-4E28-90DC-AD391E77808C}
AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Amaprt\MainSrv.exe
C:\Amaprt\AmaPrt.exe
C:\Amaprt\AmaPrt.exe
C:\Amaprt\ComAdapt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\BookingBuilder\BBComm.EXE
C:\Program Files\BookingBuilder\BBLoader.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Automatic Update\AutoUpdateGUI.exe
C:\WINDOWS\system32\wuauclt.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Marilyn Doty\My Documents\Downloads\dds(2).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: LMBHO Class: {b2c9a858-a8be-426c-b1c7-7fd258b28caa} - c:\program files\bookingbuilder\LMIECTR2.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BookingBuilder GDS Interface] c:\program files\bookingbuilder\LMGDSInt.EXE
uRun: [BookingBuilder Loader] c:\program files\bookingbuilder\BBLoader.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\marilyn doty\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BookingBuilder GDS Interface] c:\program files\bookingbuilder\LMGDSInt.EXE
mRun: [BookingBuilder Loader] c:\program files\bookingbuilder\BBLoader.EXE
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\documents and settings\marilyn doty\start menu\programs\startup\ezTIPS.appref-ms
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aeuniversity.com
Trusted Zone: agentnet.com
Trusted Zone: amadeus.com
Trusted Zone: amadeus.com\*
Trusted Zone: amadeus.com\content
Trusted Zone: amadeus.com\webconfig
Trusted Zone: amadeus.net
Trusted Zone: amadeuscruise.com
Trusted Zone: amadeuscruise.com\*
Trusted Zone: amadeusferry.com
Trusted Zone: amadeusferry.com\*
Trusted Zone: amadeusporoweb.com
Trusted Zone: amadeusproprinter.com
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusproweb.com\*
Trusted Zone: amadeusVista
Trusted Zone: amadeusvista.com
Trusted Zone: amadeusvista.com\*
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
Trusted Zone: amadeus.com\*
Trusted Zone: amadeus.com\content
Trusted Zone: amadeus.com\webconfig
Trusted Zone: amadeus.net\content.1a
Trusted Zone: amadeuscruise.com
Trusted Zone: amadeuscruise.com\*
Trusted Zone: amadeusferry.com
Trusted Zone: amadeusferry.com\*
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusproweb.com\*
Trusted Zone: amadeusvista.com
Trusted Zone: amadeusvista.com\*
Trusted Zone: amadeusvista.com\Muc.http.farm6.software
Trusted Zone: amadeusvista.com\Muc.http.farm8.software
Trusted Zone: amadeusvista.com\Muc.https.farm11.software
Trusted Zone: amadeusvista.com\Muc.https.farm5.software
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {051FE707-9706-11D5-A836-000102A7C938} - hxxp://amadeusvista.com/AutomaticUpdate/AutoUpdateATL.CAB
DPF: {0EE3D181-E3DB-4ADD-9AEE-82FDD4B8921F} - hxxp://content.amadeus.com/Scripts/JetBlue/install.cab
DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} - hxxp://amadeusvista.com/vwp/common/cabs/VistaPWComms.CAB
DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} - hxxp://amadeusvista.com/vwp/common/cabs/SP2Patch.CAB
DPF: {5472BF37-B79D-4D23-8A70-43233F54D614} - hxxp://content.amadeus.com/Scripts/eSupport/Install.CAB
DPF: {5CCB8990-66EF-4466-B051-CD27FA3821DF} - hxxp://extranets.us.amadeus.com/techservices/documents/SoftwareDistribution/Amadeus-CS-MIA/AmadeusCanadaLibrary/msi/V1.0.2/install.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174317041328
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
DPF: {E2E92FDA-7588-11D3-8F93-00008321C804} - hxxp://amadeuscruise.com/common/cabs/MSIInspect.CAB
DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} - hxxp://certificates.amadeusvista.com/certificateinfo/CCCert_Info.CAB
DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} - hxxp://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mljhiggg
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marily~1\applic~1\mozilla\firefox\profiles\yoh8wrgx.default\
FF - plugin: c:\documents and settings\marilyn doty\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-26 11608]
R2 AmadeusProPrinter;AmadeusProPrinter;c:\amaprt\Mainsrv.exe [2004-4-22 86079]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-26 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-26 60936]
R2 BBComm;BookingBuilder Communication Service;c:\program files\bookingbuilder\BBComm.EXE [2008-11-18 77824]
S1 4hT5344;4hT5344;c:\windows\system32\drivers\4hT5344.sys [2001-8-18 550272]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\program files\malwarebytes' anti-malware\catchme.sys --> c:\program files\malwarebytes' anti-malware\catchme.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-11-10 255600]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-11-10 87664]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-11-10 235120]
S4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe /servicestart --> c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [?]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]

=============== Created Last 30 ================

2010-06-02 22:39:54 0 d-----w- c:\program files\Trend Micro
2010-06-02 09:22:18 0 d-----w- C:\ComboFix
2010-06-01 16:27:38 0 d-----w- c:\program files\CCleaner
2010-05-27 12:27:08 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-27 12:27:06 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-27 12:27:06 7846 ----a-w- c:\windows\system32\rt73.cat
2010-05-27 12:27:06 245248 ----a-w- c:\windows\system32\rt73.sys
2010-05-27 12:27:05 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-05-27 12:27:05 245248 ----a-w- c:\windows\system32\drivers\rt73.sys
2010-05-27 12:27:05 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-27 12:27:00 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2010-05-27 12:27:00 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2010-05-27 12:27:00 17992 ----a-w- c:\windows\bcm42rly.sys
2010-05-27 12:26:59 32768 ----a-w- c:\windows\system32\GTGina.dll
2010-05-27 12:26:50 0 d-----w- c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2010-05-27 12:26:46 1361 ----a-w- c:\windows\system32\WLAN.INI
2010-05-27 12:25:49 0 d-----w- C:\Linksys Driver
2010-05-26 18:15:28 7680 --sha-w- c:\windows\Thumbs.db
2010-05-26 14:59:51 0 d-----w- c:\docume~1\marily~1\applic~1\Avira
2010-05-26 14:54:11 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-26 14:53:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-05-26 14:53:49 0 d-----w- c:\program files\Avira
2010-05-25 14:39:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-17 18:27:11 0 d-----w- C:\spoolerlogs

==================== Find3M ====================

2010-03-19 20:33:09 82160 ----a-w- c:\docume~1\marily~1\applic~1\GDIPFONTCACHEV1.DAT
2010-03-19 19:15:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2008-04-16 22:39:20 275176 --sha-w- c:\windows\system32\gggihjlm.ini2
2010-01-25 16:21:39 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-01-25 16:21:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012520100126\index.dat

============= FINISH: 12:14:30.20 ===============

Attached Files



#6 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 06 June 2010 - 02:38 PM

The gmer took longer than I expected. Wow!

I haven't been using this computer since the problem. So I still have all the same issues as before.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 06 June 2010 - 06:26 PM

Hello.

Did you run Combofix previously? Post the C:\Combofix.txt to me.

With that said however...

ComboFix is an extremely powerful tool and you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Further, ComboFix logs are not permitted outside the Malware Removal forum forums and then only when requested by a Malware Reponse Team member.

--

Then, could you delete the Combofix if you still have it and run it again by re-downloading a new copy..

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 06 June 2010 - 07:10 PM

I have downloaded combofix. I disabled Avira. (The umbrella now looks closed in the task bar.)

I started combo fix and it said that I still had TotalProtection for Small Business running. I goggled "TotalProtection for Small Business" to find out how to turn it off and it seems to be a McAfee program.

I uninstalled macafee ages ago. I went to the control panel > uninstall programs and don't see any Mcafee products in my list. I did a control+alt+del and didn't see anything Mcafee or totalprotection in the list.

I can't figure out how to get rid of it or turn it off.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 06 June 2010 - 07:46 PM

Don't worry about it, that's just what was in the Windows Management Instrumental.

Go ahead and continue with Combofix.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 07 June 2010 - 06:53 AM

Combofix says it is preparing the log report. It's been running an hour and I'm letting it do it stuff.

(I am on a laptop. Not on the problem computer.)

#11 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 07 June 2010 - 08:11 AM

I have to leave for work. The infected computer is still running combofix. I will be back around 5:30pm. Hopefully we will have a report when I get back.



#12 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 07 June 2010 - 06:47 PM

ComboFix seems to be stuck on Completed Stage_32

#13 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 07 June 2010 - 07:59 PM

Disregard...after all these hours it has finally moved on to completed stage_50.

I will leave my computer alone. smile.gif

#14 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 08 June 2010 - 05:46 AM

It's been overnight and it is still stuck on Completed Stage_50.

Does this concern you or is this normal?

#15 glorypam

glorypam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 09 June 2010 - 05:26 PM

Update.

I uninstalled Avir and now I have no issues with my browsers. I need to put a virus program on my computer. What do you suggest?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users