Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan or spyware


  • Please log in to reply
1 reply to this topic

#1 peck4

peck4

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 23 July 2010 - 10:22 PM

The computer is slow, I get a message “Save to Normal” and there files in the start up section that I can’t delete crypt32chain, cryptnet, dimsntfy


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/22/2007 1:23:30 PM
System Uptime: 7/23/2010 3:51:06 PM (2 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2657/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 15.553 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&3B1CAF2B&0&31F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&3B1CAF2B&0&31F0
Service:

==== System Restore Points ===================

RP749: 6/29/2010 3:01:04 AM - Software Distribution Service 3.0
RP750: 6/30/2010 3:01:09 AM - Software Distribution Service 3.0
RP751: 7/1/2010 3:01:09 AM - Software Distribution Service 3.0
RP752: 7/2/2010 3:01:29 AM - Software Distribution Service 3.0
RP753: 7/2/2010 3:51:59 PM - Software Distribution Service 3.0
RP754: 7/4/2010 4:09:37 PM - System Checkpoint
RP755: 7/5/2010 3:01:11 AM - Software Distribution Service 3.0
RP756: 7/6/2010 3:01:00 AM - Software Distribution Service 3.0
RP757: 7/7/2010 3:01:03 AM - Software Distribution Service 3.0
RP758: 7/8/2010 3:01:01 AM - Software Distribution Service 3.0
RP759: 7/9/2010 3:01:02 AM - Software Distribution Service 3.0
RP760: 7/10/2010 3:01:08 AM - Software Distribution Service 3.0
RP761: 7/11/2010 3:01:03 AM - Software Distribution Service 3.0
RP762: 7/12/2010 3:01:05 AM - Software Distribution Service 3.0
RP763: 7/13/2010 3:01:11 AM - Software Distribution Service 3.0
RP764: 7/13/2010 6:58:04 AM - Software Distribution Service 3.0
RP765: 7/13/2010 8:56:28 AM - Software Distribution Service 3.0
RP766: 7/14/2010 3:00:57 AM - Software Distribution Service 3.0
RP767: 7/15/2010 3:01:13 AM - Software Distribution Service 3.0
RP768: 7/16/2010 3:01:31 AM - Software Distribution Service 3.0
RP769: 7/17/2010 3:01:26 AM - Software Distribution Service 3.0
RP770: 7/18/2010 3:01:12 AM - Software Distribution Service 3.0
RP771: 7/19/2010 3:01:17 AM - Software Distribution Service 3.0
RP772: 7/20/2010 3:01:13 AM - Software Distribution Service 3.0
RP773: 7/20/2010 8:55:44 AM - Software Distribution Service 3.0
RP774: 7/21/2010 3:01:21 AM - Software Distribution Service 3.0
RP775: 7/21/2010 7:12:51 PM - Software Distribution Service 3.0
RP776: 7/21/2010 7:59:24 PM - avast! Free Antivirus Setup
RP777: 7/21/2010 8:07:09 PM - Removed QuickBooks Contact Sync
RP778: 7/21/2010 8:24:42 PM - Installed AVG Free 9.0
RP779: 7/21/2010 9:05:21 PM - Avg Update
RP780: 7/22/2010 12:51:36 AM - Software Distribution Service 3.0
RP781: 7/22/2010 2:50:07 PM - Software Distribution Service 3.0
RP782: 7/23/2010 3:01:16 AM - Software Distribution Service 3.0
RP783: 7/23/2010 12:42:26 PM - Software Distribution Service 3.0
RP784: 7/23/2010 12:44:53 PM - Software Distribution Service 3.0
RP785: 7/23/2010 3:37:38 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
AVG Free 9.0
BCM Monitor
Broadcom 440x 10/100 Integrated Controller
Business Series Terminals Desktop Assistant v 1.3
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon EOS-1D Mark II WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 20D WIA Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities EOS Capture 1.2
Canon Utilities EOS Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
EOS Capture 1.2
EOS Viewer Utility 1.2.1
Form Fill (Windows Live Toolbar)
Free Window Registry Repair
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics Driver
Java™ 6 Update 13
Junk Mail filter update
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MovieEdit Task
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Norstar ICS Remote Tools 11.0
Norstar Voice Mail Manager 3.0.10
Norstar Voice Mail Manager 4.0.04
Nortel Business Element Manager
Nortel Networks Desktop Assistant v 1.3
OGA Notifier 2.0.0048.0
OneCare Advisor (Windows Live Toolbar)
PhotoStitch
Popup Blocker (Windows Live Toolbar)
QuickBooks Customer Manager Version 2
QuickBooks Pro 2008
Quicken 2008
RAW Image Task 2.1
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Smart Menus (Windows Live Toolbar)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
TweakNow PowerPack 2010
TweakNow RegCleaner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast-Ethernet Adapter
Weather Add-in for Windows Live Toolbar
WebFldrs XP
Windows Desktop Search
Windows Desktop Search (KB926356-V2)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/23/2010 3:50:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/23/2010 3:50:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/22/2010 2:56:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
7/22/2010 12:41:09 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
7/21/2010 9:47:30 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
7/21/2010 9:47:30 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 9:47:30 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 9:47:30 AM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 9:47:30 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 9:47:30 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2010 9:46:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/21/2010 9:06:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
7/20/2010 9:00:57 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 000F1F551FB3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/20/2010 8:58:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB976382).
7/20/2010 8:58:32 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB982311).
7/20/2010 8:58:17 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2003 (KB980373).
7/20/2010 8:58:01 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB979771).
7/20/2010 8:57:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Access 2003 (KB981716).
7/20/2010 8:57:13 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Publisher 2003 (KB982122).
7/20/2010 8:56:57 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2003 (KB982134).
7/20/2010 8:56:41 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2202122).
7/20/2010 8:56:25 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2003 (KB982157).
7/20/2010 8:56:10 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office InfoPath 2003 (KB980923).
7/20/2010 3:04:36 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB982133).

==== End Of File ===========================



DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 17:51:49.59 on Fri 07/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.150 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG9\avgupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QAI81DN2\dds[1].scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks pro\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-21 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-21 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-21 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-21 308136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-25 55152]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-21 430152]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-3-2 40832]

=============== Created Last 30 ================

2010-07-24 00:48:01 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-07-23 23:58:04 0 d-----w- c:\program files\Trend Micro
2010-07-23 18:57:22 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-23 15:58:29 1244 ----a-w- c:\windows\system32\tmp.reg
2010-07-22 21:34:06 0 d-----w- c:\program files\TweakNow RegCleaner
2010-07-22 21:34:06 0 d-----w- c:\docume~1\admini~1\applic~1\TweakNow RegCleaner
2010-07-22 07:14:51 1652688 ----a-w- c:\windows\PCTBDCore.dll.old
2010-07-22 03:30:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-22 03:30:04 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-22 03:29:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-22 03:29:21 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-22 03:29:15 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-07-22 03:25:12 0 d-----w- c:\program files\AVG
2010-07-22 03:24:43 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-21 23:58:36 0 d-----w- C:\VundoFix Backups
2010-07-20 17:39:49 0 d-----w- c:\program files\Free Window Registry Repair
2010-07-20 04:53:24 127 ----a-w- c:\windows\wininit.ini

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-08-02 18:12:41 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080220080803\index.dat

============= FINISH: 17:56:45.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:24 PM

Posted 31 July 2010 - 10:19 AM

Hello peck4

Welcome to BleepingComputer smile.gif
==========================
QUOTE
and there files in the start up section that I can’t delete crypt32chain, cryptnet, dimsntfy
These are legitimate for Windows where do you see them in startup?
If you are referring to starting up with the computer then they are services which are needed for Windows to work properly.
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users