Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a virus or a malware


  • This topic is locked This topic is locked
31 replies to this topic

#1 bigredlimo

bigredlimo

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 10 February 2011 - 12:17 PM

I recently upgraded AVG (free) and AD-AWARE (free) to their latest versions respectively. For some reason I can not connect to the respective servers for updates (Grisoft and Lavasoft). Also, I can not generate an ID Number for AMMYY Admin (it says "error" instead of generating an ID Number). In the case of AVG the error message says: "UPDATING PROGRESS. Update fail. The connection with update server failed. Please follow these steps: make sure internet connection is active..... Make sure the connection parameters are set properly". In the case of AD-AWARE, the error message says: "Connection error, check your settings. (Error code: -1)". In the case of AMMYY Admin, the error message says: "error (12029) occured while connecting to server HxxP://RL.AMMYY.COM. Would you like to change proxy setting?"

It should be noted that I have no problems browsing the internet, including entering the respective websites of the three companies who provide those softwares (Lavasoft, Grisoft, and AMMYY Admin). It should also be noted that in addition to this computer, I have another computer, as well as a laptop. Using the othe computer and the laptop I do not have a problem updating AVG and AD-AWARE, and no problem generating an ID Number for AMMYY Admin. All three computers are using the same Router.

Here is the DDS.txt:


DDS (Ver_10-12-12.02) - NTFSx86
Run by hillel at 2:13:22.42 on Thu 02/10/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2559.1698 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
I:\Program Files\IOGEAR\Wireless USB\WiCenterService.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
I:\Program Files\IOGEAR\Wireless USB\dfu\al_dfu.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\ffpsrv.exe
C:\Program Files\Norton GoBack\GBPoll.exe
I:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\hptsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
C:\WINDOWS\system32\KMDEVMONSRV.exe
C:\WINDOWS\system32\KMdevmonx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
I:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
I:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\RAMASST.exe
I:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\hillel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.co.il/
uSearch Bar =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar_en_2.0.107-big.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - i:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {F1F22D55-CA2D-4C8A-976B-0D6389DC296E} - No File
EB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - i:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - i:\program files\copernic desktop search - home\DeskbandIntegration302010008.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {44226DFF-747E-4EDC-B30C-78752E50CD0C} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [PowerBar]
uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\launchPd.EXE"
uRun: [Gadwin PrintScreen 3.5] i:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Copernic Desktop Search - Home] "i:\program files\copernic desktop search - home\DesktopSearchService.exe" /tray
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\Flashget3.exe" -minimize
uRun: [fsm]
uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource5\go\CTCMSGoU.exe" /SCB
uRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [ScriptSentry] c:\program files\script sentry\ScriptSentry.exe /check
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [POINTER] point32.exe
mRun: [Onelive]
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "i:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [QuickTime Task] "i:\program files\quicktime\qttask.exe" -atboottime
mRun: [SPAMfighter Agent] "f:\program files\spamfighter\SFAgent.exe" update delay 60
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "i:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\hillel\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\hillel\startm~1\programs\startup\webshots.lnk - f:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - i:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - i:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\norton~1.lnk - c:\program files\norton goback\GBTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panaso~1.lnk - i:\program files\panasonic\multi-function station\StatusMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - f:\program files\zone labs\zonealarm\zapro.exe
mPolicies-explorer: <NO NAME> =
IE: &Google Search - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmcache.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://i:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://i:\program files\free download manager\dlselected.htm
IE: Download Video - http://www.viloader.net/addon.htm
IE: Download video with Free Download Manager - file://i:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://i:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Si&milar Pages - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmtrans.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AFC3FA82-AD07-45cd-8B57-983435B9899E} - c:\program files\free surfer\FS20.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} - hxxp://www.jasons-toolbox.com/BrowserSecurity/ActiveXTester/ActiveXTester.ocx
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} - hxxp://video.icellcom.co.il/TCM3Viewer.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125119651750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128262976195
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - hxxp://irc.tapuz.co.il/BlogTVU/launcher.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {3950FB4C-F0B0-4B52-B1A0-40A6A4D794DF} = 208.67.220.220,208.67.222.222
TCP: {3E93E17B-7835-47A4-B103-3818DF60A9F3} = 208.67.220.220,208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - f:\program files\symantec\winfax\WfxSeh32.Dll
SEH: SpySubtract Shell Extension: {fa010552-4a27-4cb1-a1bb-3e2d697f1639} - f:\program files\intermute\spysubstract\sshook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2003-12-31 9344]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-5 64288]
R0 rr174x;rr174x;c:\windows\system32\drivers\rr174x.sys [2007-8-22 99584]
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2003-8-7 73856]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2000-9-11 10816]
R1 FDCDNT;FDCDNT;c:\windows\system32\FDCDNT.SYS [2004-2-21 42656]
R2 al_dfu_winusb;Alereon DFU;i:\program files\iogear\wireless usb\dfu\al_dfu.exe [2008-9-16 61440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FileAndFolderProtector_S;File and Folder Protector;c:\windows\system32\ffpsrv.exe [2004-4-6 78336]
R2 hptsvr;HighPoint RAID Management Service;i:\program files\highpoint technologies, inc\highpoint raid management software\service\hptsvr.exe [2007-8-22 45056]
R2 KMDevmonSrv;Multi-Function Station Device Monitor;c:\windows\system32\KMDEVMONSRV.exe [2006-6-4 24576]
R2 KMsmfpi;KMSMFPI;c:\windows\system32\drivers\KMsmfpi.sys [2006-6-4 21536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2000-6-6 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2001-9-4 19534]
R2 VECP;VECP;c:\windows\system32\drivers\VECP.SYS [2006-6-4 40800]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-9-7 171496]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-4-18 102400]
R2 wicenterservice;Wireless USB Manager;i:\program files\iogear\wireless usb\WiCenterService.exe [2008-8-28 24576]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
R3 qdatwin;qdatwin;c:\windows\system32\drivers\qdatwin.sys [2006-8-1 10240]
S1 GhPciScan;GhostPciScanner;\??\f:\program files\symantec\norton ghost 2003\ghpciscan.sys --> f:\program files\symantec\norton ghost 2003\ghpciscan.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SPAMfighter Update Service;SPAMfighter Update Service;"f:\program files\spamfighter\sfus.exe" --> f:\program files\spamfighter\sfus.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 4mmdat;4mmdat;c:\windows\system32\drivers\4mmdat.sys [2003-8-7 12288]
S3 al56xxpt;Alereon 56XX DWA admin mode driver;c:\windows\system32\drivers\al56xxpt.sys [2009-3-20 18944]
S3 AODP202;Bushnell ImageView;c:\windows\system32\drivers\aodp202.sys [2006-3-2 227200]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2001-2-14 106552]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [2005-3-11 24059]
S3 DGIUSB;Panasonic MFSUSB Driver;c:\windows\system32\drivers\KMdgiusb.sys [2006-6-4 15008]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [2003-8-31 42432]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\Icdusb.sys [2005-2-17 26409]
S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [2004-10-27 39048]
S3 PanasonicKXTG57_59USBD;Panasonic GIGARANGE USB;c:\windows\system32\drivers\pccusm06.sys [2006-11-2 47936]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2003-8-12 11520]
S3 SS1CBAFDV;Stonestreet One CBAF;c:\windows\system32\drivers\SS1CBAFDV.sys [2009-3-19 19504]
S3 SS1DWADV;Stonestreet One Device Wire Adapter;c:\windows\system32\drivers\SS1DWADV.sys [2009-3-19 116784]
S3 SS1PALHWA;Host Wire-Adapter;c:\windows\system32\drivers\SS1PALHWA.sys [2009-3-19 152240]
S3 SS1USBPAL;WUSB Radio Controller Interface;c:\windows\system32\drivers\SS1USBPAL.sys [2009-3-19 83760]
S3 VVRUSB;VVRUSB Device;c:\windows\system32\drivers\VVRUSB.sys [2003-12-18 38479]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2000-9-11 30398]

=============== File Associations ===============

JSEFile=c:\program files\script sentry\ScriptSentry.exe "%1" %*
regfile=c:\program files\script sentry\ScriptSentry.exe "%1" %*
VBEFile=c:\program files\script sentry\ScriptSentry.exe "%1" %*
VBSFile=c:\program files\script sentry\ScriptSentry.exe "%1" %*

=============== Created Last 30 ================

2011-02-10 02:33:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\AMMYY
2011-02-05 17:40:54 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-05 17:40:23 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-05 17:39:57 -------- d-----w- c:\program files\Lavasoft
2011-02-05 05:16:03 270 ---ha-w- C:\aaw7boot.cmd
2011-02-05 02:59:07 -------- d-----w- c:\docume~1\hillel\applic~1\AVG10
2011-02-05 02:57:05 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-05 02:55:29 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-05 02:55:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-05 02:24:01 -------- d-----w- C:\AVGTemp
2011-02-05 02:02:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-05 00:58:17 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-02-05 00:58:17 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-05 00:57:50 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-02-05 00:57:42 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-05 00:57:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-05 00:52:49 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-02-05 00:10:35 14048 ------w- c:\windows\system32\spmsg2.dll
2011-02-05 00:10:03 -------- d-----w- c:\windows\system32\he-IL

==================== Find3M ====================

2011-02-05 04:06:19 26112 ----a-w- c:\windows\system32\userinit.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2004-07-09 08:08:36 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 08:08:34 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 07:03:10 62976 ----a-w- c:\program files\DSETUP.dll
2004-03-11 17:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2001-08-23 17:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 2:15:01.18 ===============

Attached Files


Edited by Orange Blossom, 10 February 2011 - 04:24 PM.
deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:42 AM

Posted 16 February 2011 - 10:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 bigredlimo

bigredlimo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 18 February 2011 - 02:33 AM

Hello oneof4,

I don't think I used the computer since I posted the original logs, but in any event, here is the new DDS log with the requested attachments:


DDS (Ver_10-12-12.02) - NTFSx86
Run by hillel at 18:42:11.62 on Thu 02/17/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2559.1835 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
I:\Program Files\IOGEAR\Wireless USB\WiCenterService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
I:\Program Files\IOGEAR\Wireless USB\dfu\al_dfu.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\ffpsrv.exe
C:\Program Files\Norton GoBack\GBPoll.exe
I:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\hptsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\KMDEVMONSRV.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\KMdevmonx.exe
I:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
I:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
I:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton GoBack\GBTray.exe
I:\Program Files\Panasonic\Multi-Function Station\StatusMon.exe
C:\WINDOWS\system32\RAMASST.exe
I:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\MDM.EXE
C:\Documents and Settings\hillel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.co.il/
uSearch Bar =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar_en_2.0.107-big.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - i:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {F1F22D55-CA2D-4C8A-976B-0D6389DC296E} - No File
EB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - i:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - i:\program files\copernic desktop search - home\DeskbandIntegration302010008.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {44226DFF-747E-4EDC-B30C-78752E50CD0C} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [PowerBar]
uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\launchPd.EXE"
uRun: [Gadwin PrintScreen 3.5] i:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Copernic Desktop Search - Home] "i:\program files\copernic desktop search - home\DesktopSearchService.exe" /tray
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\Flashget3.exe" -minimize
uRun: [fsm]
uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource5\go\CTCMSGoU.exe" /SCB
uRun: [CTRegRun] c:\windows\CTRegRun.EXE
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [ScriptSentry] c:\program files\script sentry\ScriptSentry.exe /check
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [POINTER] point32.exe
mRun: [Onelive]
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "i:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [QuickTime Task] "i:\program files\quicktime\qttask.exe" -atboottime
mRun: [SPAMfighter Agent] "f:\program files\spamfighter\SFAgent.exe" update delay 60
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "i:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [RogersServicepointAgent.exe] "c:\program files\rogers online protection\rogers servicepoint agent\RogersServicepointAgent.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\hillel\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\hillel\startm~1\programs\startup\webshots.lnk - f:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - i:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - i:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\norton~1.lnk - c:\program files\norton goback\GBTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panaso~1.lnk - i:\program files\panasonic\multi-function station\StatusMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - f:\program files\zone labs\zonealarm\zapro.exe
mPolicies-explorer: <NO NAME> =
IE: &Google Search - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmcache.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://i:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://i:\program files\free download manager\dlselected.htm
IE: Download Video - http://www.viloader.net/addon.htm
IE: Download video with Free Download Manager - file://i:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://i:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Si&milar Pages - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmtrans.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AFC3FA82-AD07-45cd-8B57-983435B9899E} - c:\program files\free surfer\FS20.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} - hxxp://www.jasons-toolbox.com/BrowserSecurity/ActiveXTester/ActiveXTester.ocx
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} - hxxp://video.icellcom.co.il/TCM3Viewer.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125119651750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128262976195
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - hxxp://irc.tapuz.co.il/BlogTVU/launcher.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {3950FB4C-F0B0-4B52-B1A0-40A6A4D794DF} = 208.67.220.220,208.67.222.222
TCP: {3E93E17B-7835-47A4-B103-3818DF60A9F3} = 208.67.220.220,208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - f:\program files\symantec\winfax\WfxSeh32.Dll
SEH: SpySubtract Shell Extension: {fa010552-4a27-4cb1-a1bb-3e2d697f1639} - f:\program files\intermute\spysubstract\sshook.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 70.38.40.185 www.ammyy.com
Hosts: 70.38.40.185 ammyy.com
Hosts: 70.38.40.185 rl.ammyy.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2003-12-31 9344]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-5 64288]
R0 rr174x;rr174x;c:\windows\system32\drivers\rr174x.sys [2007-8-22 99584]
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2003-8-7 73856]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2000-9-11 10816]
R1 FDCDNT;FDCDNT;c:\windows\system32\FDCDNT.SYS [2004-2-21 42656]
R2 al_dfu_winusb;Alereon DFU;i:\program files\iogear\wireless usb\dfu\al_dfu.exe [2008-9-16 61440]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FileAndFolderProtector_S;File and Folder Protector;c:\windows\system32\ffpsrv.exe [2004-4-6 78336]
R2 hptsvr;HighPoint RAID Management Service;i:\program files\highpoint technologies, inc\highpoint raid management software\service\hptsvr.exe [2007-8-22 45056]
R2 KMDevmonSrv;Multi-Function Station Device Monitor;c:\windows\system32\KMDEVMONSRV.exe [2006-6-4 24576]
R2 KMsmfpi;KMSMFPI;c:\windows\system32\drivers\KMsmfpi.sys [2006-6-4 21536]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2000-6-6 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2001-9-4 19534]
R2 VECP;VECP;c:\windows\system32\drivers\VECP.SYS [2006-6-4 40800]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-9-7 171496]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-4-18 102400]
R2 wicenterservice;Wireless USB Manager;i:\program files\iogear\wireless usb\WiCenterService.exe [2008-8-28 24576]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 qdatwin;qdatwin;c:\windows\system32\drivers\qdatwin.sys [2006-8-1 10240]
S1 GhPciScan;GhostPciScanner;\??\f:\program files\symantec\norton ghost 2003\ghpciscan.sys --> f:\program files\symantec\norton ghost 2003\ghpciscan.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
S2 SPAMfighter Update Service;SPAMfighter Update Service;"f:\program files\spamfighter\sfus.exe" --> f:\program files\spamfighter\sfus.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 4mmdat;4mmdat;c:\windows\system32\drivers\4mmdat.sys [2003-8-7 12288]
S3 al56xxpt;Alereon 56XX DWA admin mode driver;c:\windows\system32\drivers\al56xxpt.sys [2009-3-20 18944]
S3 AODP202;Bushnell ImageView;c:\windows\system32\drivers\aodp202.sys [2006-3-2 227200]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2001-2-14 106552]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [2005-3-11 24059]
S3 DGIUSB;Panasonic MFSUSB Driver;c:\windows\system32\drivers\KMdgiusb.sys [2006-6-4 15008]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [2003-8-31 42432]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\Icdusb.sys [2005-2-17 26409]
S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [2004-10-27 39048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 PanasonicKXTG57_59USBD;Panasonic GIGARANGE USB;c:\windows\system32\drivers\pccusm06.sys [2006-11-2 47936]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2003-8-12 11520]
S3 SS1CBAFDV;Stonestreet One CBAF;c:\windows\system32\drivers\SS1CBAFDV.sys [2009-3-19 19504]
S3 SS1DWADV;Stonestreet One Device Wire Adapter;c:\windows\system32\drivers\SS1DWADV.sys [2009-3-19 116784]
S3 SS1PALHWA;Host Wire-Adapter;c:\windows\system32\drivers\SS1PALHWA.sys [2009-3-19 152240]
S3 SS1USBPAL;WUSB Radio Controller Interface;c:\windows\system32\drivers\SS1USBPAL.sys [2009-3-19 83760]
S3 VVRUSB;VVRUSB Device;c:\windows\system32\drivers\VVRUSB.sys [2003-12-18 38479]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2000-9-11 30398]

=============== File Associations ===============

JSEFile=c:\program files\script sentry\ScriptSentry.exe "%1" %*
regfile=c:\program files\script sentry\ScriptSentry.exe "%1" %*
VBEFile=c:\program files\script sentry\ScriptSentry.exe "%1" %*
VBSFile=c:\program files\script sentry\ScriptSentry.exe "%1" %*

=============== Created Last 30 ================

2011-02-10 02:33:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\AMMYY
2011-02-05 17:40:54 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-05 17:40:23 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-05 17:39:57 -------- d-----w- c:\program files\Lavasoft
2011-02-05 05:16:03 270 ---ha-w- C:\aaw7boot.cmd
2011-02-05 02:59:07 -------- d-----w- c:\docume~1\hillel\applic~1\AVG10
2011-02-05 02:57:05 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-05 02:55:29 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-05 02:55:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-05 02:24:01 -------- d-----w- C:\AVGTemp
2011-02-05 02:02:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-05 00:58:17 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-02-05 00:58:17 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-05 00:57:50 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-02-05 00:57:42 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-05 00:57:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-05 00:52:49 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-02-05 00:10:35 14048 ------w- c:\windows\system32\spmsg2.dll
2011-02-05 00:10:03 -------- d-----w- c:\windows\system32\he-IL

==================== Find3M ====================

2011-02-05 04:06:19 26112 ----a-w- c:\windows\system32\userinit.exe
2004-07-09 08:08:36 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 08:08:34 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 07:03:10 62976 ----a-w- c:\program files\DSETUP.dll
2004-03-11 17:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2001-08-23 17:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 18:43:13.29 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:42 PM

Posted 19 February 2011 - 05:19 AM

Hello and sorry for the delay.

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or AdAware.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 bigredlimo

bigredlimo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 19 February 2011 - 11:02 AM

Hello Elise,

I uninstalled Ad-aware as per your instructions.
I disabled Windows Firewall.
I disabled/ SpywareGuard.
I disabled AVG.

I then downloaded ComboFix to my desktop, and double-clicked to install and run it. It gave me the following message: "CombFix cannot run when AVG is installed. This is due to AVG's targeting of ComboFix's files/processes. It would be dangerous to continue. Please uninstall AVG or use another tool".

Do you want me to uninstall AVG and then continue with ComboFix? I thougt it would be safer to ask you before continuing.

Thanks,
Hillel

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:42 PM

Posted 19 February 2011 - 11:28 AM

Yes, please uninstall it and then continue. Sorry, I should have mentioned that Combofix might prompt you for that.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 bigredlimo

bigredlimo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 20 February 2011 - 12:14 AM

Thanks Elise.

I uninstalled AVG 2011 using Add & Remove Programs, and rebooted.
I disabled SpywareGuard again (as it automatically starts on reboot).
I ran ComboFix. It prompted me to install the Microsoft Windows Recovery Console. I did. It gave me the following message: "You do not appear to be connected to the internet. Kindly connect before clicking ok"
At that point I tried to open my browser, and it opened immediately. Seeing that I do have internet connection, I clicked "ok" to the message. It then gave me the following message: "Failed to download files. Aborting... Shall continue scan". That message disappeared by itself, and ComboFix started the scan.

I think that when you say "include the C:\combofix in your next reply" you mean as an attachment (as opposed to copy & paste). Let me know if you want me to send another reply with copy & paste.

Thanks,
Hillel

#8 bigredlimo

bigredlimo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 20 February 2011 - 12:22 AM

Oops, I think I forgot to click on "attach that file", so I am trying again. Sorry.

Attached Files



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:42 PM

Posted 20 February 2011 - 09:03 AM

Hi, how are things running at this point? Do you have internet access (are you able to surf and so on)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 bigredlimo

bigredlimo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 20 February 2011 - 02:32 PM

Hi Elise,

You asked me 1. How things ....., and 2. Can I browse the internt.
As to the second question, the answer is yes. I can surfe the internet, and I waqs able to do it all along, notwithstanding the message I had received whe ComboFix tried to install Microsoft Windows R

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:42 PM

Posted 20 February 2011 - 02:55 PM

And the answer to the first question? :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 bigredlimo

bigredlimo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 20 February 2011 - 03:01 PM

Sorry Elise, I don't know what happened, so lets try again.

You asked me 1. How things are running now, and 2. If I can surf the internet.

With regard to the second question, the answer is yes; I can surf the internet, and I was able to do so all along, notwithstanding the message I had received when ComboFix tried to install the Microsoft Windows Recovery Console (which I reported to you).

With regard to your first question, there is no simple yes or no answer. If you go to my first post in which I outlined my complaints, you will see that my complaints were limited to the fact that I couldn't use the update features of AVG and Ad-aware, as well as not being able to generate an access ID code using www.ammyy.com.

Since I uninstalled Ad-aware and AVG, there is no way for me to check if the problem has been rectified. However, I can tell you that I tried www.ammyy.com again, and I am still gettting the same error message. Other than that, the computer seems to be working fine.

But here is another thing that I tried that may help you in helping me resolve the problem: I rebooted the computer into Safe Mode, and tried two things: first I went to www.ammyy.com and ran it to try to generate an access ID code, AND IT WORKED FINE!! Then I ran ComboFix again (still in Safe Mode), and this time IT INSTALLED THE MICROSOFT WINDOWS RECOVERY CONSOLE WITH NO PROBLEMS!! I also let the ComboFix to continue to do the scan and to generate a new log (I will attach it). I than rebooted in Normal Mode, and tried AMMYY again - It did not work.

I have talked to few people who are better than me with computer problems, and the feedback I am getting is that there is a nasty virus/malware that is sitting somewhere in the computer.

That is basically all the new information I can give you. Hopefully you can continue from here, using this information.

Thanks,
Hillel

Attached Files



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:42 PM

Posted 20 February 2011 - 03:19 PM

Please let me know how things are after the following fix.
I recommend you to uninstall Spyware Guard. This program does not add any protection of value to your computer and can interfere with many other programs.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 bigredlimo

bigredlimo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 21 February 2011 - 01:24 AM

I uninstalled SpywareGuard.
I followed your instructions, and the new ComboFix log is attached.
No change that I can see. Everything seems to be working fine, except I am still getting the error message when I go to AMMYY to generate an ID access code. As you know, I uninstalled AVG and AD-AWARE, so I can not try their update feature, but I have a feeling that I would not be able to, unless in Safe Mode.

Will await your further instructions, and thank you for your patient.

Attached Files



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:42 PM

Posted 21 February 2011 - 03:48 AM

Hi again, can you access AMMYY using safe mode? Or were you only referring to the updating of

Please run the following as a CFScript (just like in our last post). I also recommend you reset your router (you can do that usually by pressing the reset button for approx 10 seconds with the router powered off). If you are not sure how to reset it, let me know what model router you have.

Driver::
autorun

File::
c:\huadio.tmp

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users