Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Automatic Updates is disabled


  • This topic is locked This topic is locked
8 replies to this topic

#1 Kaerfca

Kaerfca

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario.
  • Local time:12:54 PM

Posted 28 June 2011 - 10:09 PM

Hello.

I have a virus problem. Right now, I am unable to turn on Automatic Updates. Windows Security Center is displaying that red shield and is telling me Auto Updates are off. When I try to enable them from the Security Center, it won't do it. When I go to the Control Panel and do it from there, it tells me that it's already on. Also, when I try to update manually from the Windows Update web site, it also gives me an error.

Additionally, whenever I run MBAM it always finds the same DisabledSecurityCenter infection. I always have to restart and of course that red shield comes back.

Additionally, Windows Defender will not update. It always gives me an error. I have a feeling that this is due to that same infection.

I am using Windows XP Pro, Service Pack 3. My anti-virus is AVG Free. I'm hoping you can help me with this. :)

.
DDS (Ver_2011-06-23.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Nicholas Martin at 3:47:23 on 2011-06-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.198 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG10\AVGCHSVX.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
SVCHOST.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\AVG\AVG10\AVGRSX.EXE
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.ca/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [LaunchApp] Alaunch
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278605482046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C38B817F-5661-47F1-995E-2D10DD761F70} : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nicholas martin\application data\mozilla\firefox\profiles\qzdbplzu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da76877&v=7.005.030.004&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.60401.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-1 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-14 947528]
S3 cpuz132;cpuz132;\??\c:\docume~1\nichol~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\nichol~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-1 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-1 39984]
.
=============== Created Last 30 ================
.
2011-06-24 02:17:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-24 02:17:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-24 02:16:58 -------- d-----w- c:\program files\iPod
2011-06-24 02:16:55 -------- d-----w- c:\program files\iTunes
2011-06-20 00:34:37 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-06-20 00:34:35 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-06-20 00:34:34 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-06-20 00:34:34 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-06-17 03:48:34 -------- d-----w- c:\program files\SpywareBlaster
2011-06-17 03:05:22 -------- d-----w- c:\program files\Defraggler
2011-06-17 03:04:46 -------- d-----w- c:\program files\CCleaner
2011-06-17 02:57:15 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-17 02:57:15 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-17 02:57:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-16 21:06:20 -------- d-----w- c:\program files\AMD APP
2011-06-16 03:29:25 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-16 03:27:35 276992 ------w- c:\windows\system32\audiodev.dll
2011-06-16 03:26:42 -------- d-----w- c:\windows\system32\LogFiles
2011-06-16 03:18:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-16 03:09:20 -------- d-----w- c:\program files\ATI
2011-06-16 03:08:21 -------- d-----w- C:\ATI
2011-06-16 02:46:24 -------- d-----w- c:\program files\FileHippo.com
2011-06-06 16:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-04 19:07:52 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-06-04 19:07:52 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-06-02 03:29:38 -------- d-----w- c:\documents and settings\nicholas martin\application data\Malwarebytes
2011-06-02 03:29:26 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 03:29:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-02 03:29:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 03:29:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 19:07:00 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-06-16 03:17:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-16 03:14:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 03:44:26 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-25 03:43:50 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-04-20 02:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-29 19:09:32 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-03-29 19:09:30 37376 ----a-w- c:\windows\system32\libusb0.dll
.
============= FINISH: 3:48:50.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 06 July 2011 - 08:03 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 Kaerfca

Kaerfca
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario.
  • Local time:12:54 PM

Posted 07 July 2011 - 01:41 AM

Thanks for helping. :) Here you go:

.
DDS (Ver_2011-06-23.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Nicholas Martin at 2:16:29 on 2011-07-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.559 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG10\AVGCHSVX.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG10\AVGRSX.EXE
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.ca/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [LaunchApp] Alaunch
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runreg~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278605482046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C38B817F-5661-47F1-995E-2D10DD761F70} : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nicholas martin\application data\mozilla\firefox\profiles\qzdbplzu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da76877&v=7.005.030.004&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.60401.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-1 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-14 947528]
S3 cpuz132;cpuz132;\??\c:\docume~1\nichol~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\nichol~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-1 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-1 39984]
.
=============== Created Last 30 ================
.
2011-07-02 00:28:51 -------- d-----w- c:\program files\WiFiConnector
2011-06-24 02:17:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-24 02:17:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-24 02:16:58 -------- d-----w- c:\program files\iPod
2011-06-24 02:16:55 -------- d-----w- c:\program files\iTunes
2011-06-20 00:34:37 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-06-20 00:34:35 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-06-20 00:34:34 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-06-20 00:34:34 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-06-17 03:48:34 -------- d-----w- c:\program files\SpywareBlaster
2011-06-17 03:05:22 -------- d-----w- c:\program files\Defraggler
2011-06-17 03:04:46 -------- d-----w- c:\program files\CCleaner
2011-06-17 02:57:15 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-17 02:57:15 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-17 02:57:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-16 21:06:20 -------- d-----w- c:\program files\AMD APP
2011-06-16 03:29:25 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-16 03:27:35 276992 ------w- c:\windows\system32\audiodev.dll
2011-06-16 03:26:42 -------- d-----w- c:\windows\system32\LogFiles
2011-06-16 03:18:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-16 03:09:20 -------- d-----w- c:\program files\ATI
2011-06-16 03:08:21 -------- d-----w- C:\ATI
2011-06-16 02:46:24 -------- d-----w- c:\program files\FileHippo.com
.
==================== Find3M ====================
.
2011-07-01 02:41:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 03:17:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 03:44:26 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-25 03:43:50 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-04-20 02:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
============= FINISH: 2:17:40.70 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2010 2:46:46 PM
System Uptime: 7/7/2011 12:33:58 AM (2 hours ago)
.
Motherboard: Acer | | E946GZ
Processor: Intel® Celeron® D CPU 3.20GHz | Socket 775 | 3199/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 77 GiB total, 40.541 GiB free.
D: is FIXED (NTFS) - 35 GiB total, 34.471 GiB free.
E: is FIXED (NTFS) - 35 GiB total, 34.742 GiB free.
F: is CDROM (UDF)
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_80561019&REV_12\4&2AD917F4&0&00E1
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_80561019&REV_12\4&2AD917F4&0&00E1
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_21961019&REV_01\3&2411E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_21961019&REV_01\3&2411E6FE&0&FB
Service:
.
==== System Restore Points ===================
.
RP290: 4/23/2011 3:22:30 PM - System Checkpoint
RP291: 4/24/2011 4:34:05 PM - System Checkpoint
RP292: 4/25/2011 7:37:41 PM - System Checkpoint
RP293: 4/26/2011 11:32:22 PM - System Checkpoint
RP294: 4/27/2011 4:22:48 PM - Software Distribution Service 3.0
RP295: 4/28/2011 7:11:06 PM - System Checkpoint
RP296: 4/29/2011 7:54:22 PM - System Checkpoint
RP297: 4/30/2011 7:59:12 PM - System Checkpoint
RP298: 5/1/2011 8:29:48 AM - Software Distribution Service 3.0
RP299: 5/2/2011 9:29:49 AM - System Checkpoint
RP300: 5/3/2011 10:27:36 AM - System Checkpoint
RP301: 5/4/2011 10:34:36 AM - System Checkpoint
RP302: 5/5/2011 10:35:13 AM - System Checkpoint
RP303: 5/6/2011 11:34:25 AM - System Checkpoint
RP304: 5/7/2011 12:09:43 PM - System Checkpoint
RP305: 5/8/2011 2:22:16 PM - System Checkpoint
RP306: 5/9/2011 2:57:19 PM - System Checkpoint
RP307: 5/10/2011 11:38:07 PM - System Checkpoint
RP308: 5/11/2011 4:29:18 PM - Software Distribution Service 3.0
RP309: 5/12/2011 6:54:28 PM - System Checkpoint
RP310: 5/14/2011 10:48:40 AM - System Checkpoint
RP311: 5/15/2011 11:40:12 AM - System Checkpoint
RP312: 5/16/2011 12:35:43 PM - System Checkpoint
RP313: 5/17/2011 1:28:11 PM - System Checkpoint
RP314: 5/18/2011 1:34:16 PM - System Checkpoint
RP315: 5/19/2011 2:30:18 PM - System Checkpoint
RP316: 5/20/2011 3:30:19 PM - System Checkpoint
RP317: 5/21/2011 4:24:48 PM - System Checkpoint
RP318: 5/22/2011 5:28:47 PM - System Checkpoint
RP319: 5/24/2011 6:16:00 PM - Removed Google Earth.
RP320: 5/26/2011 7:49:16 AM - System Checkpoint
RP321: 5/27/2011 11:58:54 AM - System Checkpoint
RP322: 5/28/2011 3:40:12 PM - System Checkpoint
RP323: 5/29/2011 4:02:11 PM - System Checkpoint
RP324: 5/30/2011 4:34:37 PM - System Checkpoint
RP325: 5/31/2011 6:50:19 PM - System Checkpoint
RP326: 6/2/2011 8:41:49 AM - System Checkpoint
RP327: 6/4/2011 1:46:28 AM - System Checkpoint
RP328: 6/5/2011 11:55:37 AM - System Checkpoint
RP329: 6/6/2011 12:23:17 PM - System Checkpoint
RP330: 6/7/2011 12:23:41 PM - System Checkpoint
RP331: 6/9/2011 8:19:41 AM - System Checkpoint
RP332: 6/10/2011 9:12:30 AM - System Checkpoint
RP333: 6/11/2011 12:12:26 PM - System Checkpoint
RP334: 6/12/2011 3:20:21 AM - Removed Adobe Reader 7.0
RP335: 6/12/2011 3:20:51 AM - Installed Adobe Reader X (10.0.1).
RP336: 6/13/2011 8:18:48 AM - System Checkpoint
RP337: 6/14/2011 8:50:44 AM - System Checkpoint
RP338: 6/15/2011 9:36:26 AM - System Checkpoint
RP339: 6/15/2011 10:25:13 PM - Installed Windows Media Player 11
RP340: 6/15/2011 10:55:55 PM - Removed Adobe Reader X (10.0.1).
RP341: 6/15/2011 10:56:24 PM - Installed Adobe Reader X (10.1.0).
RP342: 6/15/2011 11:17:08 PM - Removed Java™ 6 Update 21
RP343: 6/15/2011 11:17:40 PM - Installed Java™ 6 Update 26
RP344: 6/15/2011 11:25:54 PM - Installed Windows Media Player 11
RP345: 6/15/2011 11:26:38 PM - Installed Windows XP Wudf01000.
RP346: 6/15/2011 11:30:05 PM - Installed Windows XP MSCompPackV1.
RP347: 6/16/2011 11:17:13 PM - Installed Windows Defender
RP348: 6/18/2011 3:57:37 PM - System Checkpoint
RP349: 6/19/2011 4:08:25 PM - System Checkpoint
RP350: 6/20/2011 4:29:06 PM - System Checkpoint
RP351: 6/20/2011 11:53:36 PM - Removed Windows Defender
RP352: 6/20/2011 11:54:43 PM - Installed Windows Defender
RP353: 6/22/2011 10:45:53 AM - System Checkpoint
RP354: 6/23/2011 11:36:28 AM - System Checkpoint
RP355: 6/23/2011 9:50:30 PM - Removed iTunes
RP356: 6/23/2011 9:53:03 PM - Removed Microsoft .NET Framework 1.1
RP357: 6/23/2011 10:16:42 PM - Installed iTunes
RP358: 6/25/2011 2:41:53 AM - System Checkpoint
RP359: 6/26/2011 5:46:16 AM - System Checkpoint
RP360: 6/27/2011 3:19:35 PM - System Checkpoint
RP361: 6/28/2011 4:02:21 PM - System Checkpoint
RP362: 6/29/2011 4:49:24 PM - System Checkpoint
RP363: 6/30/2011 5:57:14 PM - System Checkpoint
RP364: 7/1/2011 8:27:21 PM - Unsigned driver install
RP365: 7/3/2011 1:22:24 AM - System Checkpoint
RP366: 7/3/2011 11:32:42 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP367: 7/5/2011 4:02:01 AM - System Checkpoint
RP368: 7/6/2011 7:43:46 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.0)
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
ATI Control Panel
ATI Display Driver
AVG 2011
Bonjour
CCleaner
Defraggler
EA Download Manager
FileHippo.com Update Checker
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
iTunes
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Standard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
Nintendo Wi-Fi USB Connector Registration Tool
NTI Backup NOW! 4
NTI CD & DVD-Maker
PowerDVD
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
SpywareBlaster 4.4
The Sims™ 2 Apartment Life
The Sims™ 2 Best of Business Collection
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 Fun with Pets Collection
The Sims™ 2 Seasons
The Sims™ 2 University Life Collection
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
7/1/2011 8:22:33 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
6/30/2011 12:07:23 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.1, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
6/30/2011 11:27:59 PM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
.
==== End Of File ===========================

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-07 02:39:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 HDS728080PLA380 rev.PF2OA60A
Running: gmer.exe; Driver: C:\DOCUME~1\NICHOL~1\LOCALS~1\Temp\agdyipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7959738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF79597DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7959878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7959914]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\NICHOL~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2836] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3808] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:54 AM

Posted 07 July 2011 - 08:00 AM

Hello Kaerfca ,

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy and as you can see the logs we ask for are very extensive and take a lot of time to investigate.

Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.

Make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Please read carefully all directions and instructions. If you are instructed to save a tool to the desktop please save it to the desktop. If you have since resolved the original problem you were having, we would appreciate you letting us know.



=======================

Download Combofix from any of the links below, and save it to your desktop.

Note: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
If you have difficulty uninstalling the AV, download Opswat AppRemover http://www.appremover.com/supported-applications to completely remove the program.

If you need a temporary anti-virus you can download and install the the 32 bit version of Microsoft Security Essentials.


Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. <----Important
    Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



In your next reply please include the following:

ComboFix.txt



Thanks!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:54 AM

Posted 11 July 2011 - 03:57 AM

Hi Kaerfca,

Do you still need assistance?
PW

#6 Kaerfca

Kaerfca
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario.
  • Local time:12:54 PM

Posted 12 July 2011 - 01:15 PM

Yes I do. Sorry, I've just been away from my PC for a while, so I haven't had the chance too. I'm beginning it now.

---

ComboFix 11-07-12.07 - Nicholas Martin 07/12/2011 14:52:30.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.673 [GMT -4:00]
Running from: c:\documents and settings\Nicholas Martin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 17:55 . 2011-07-06 13:07 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-02 00:28 . 2011-07-02 00:28 -------- d-----w- c:\program files\WiFiConnector
2011-06-28 19:13 . 2011-06-28 19:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-28 19:13 . 2011-06-28 19:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-06-24 02:17 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-24 02:17 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-24 02:16 . 2011-06-24 02:17 -------- d-----w- c:\program files\iPod
2011-06-24 02:16 . 2011-06-24 02:16 -------- d-----w- c:\program files\iTunes
2011-06-24 02:16 . 2011-06-24 02:16 -------- d-----w- c:\program files\Apple Software Update
2011-06-21 03:54 . 2011-06-21 03:54 -------- d-----w- c:\program files\Windows Defender
2011-06-20 00:34 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-06-20 00:34 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-06-20 00:34 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-06-20 00:34 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-06-17 03:48 . 2011-06-17 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-17 03:48 . 2011-06-17 03:48 -------- d-----w- c:\program files\SpywareBlaster
2011-06-17 03:05 . 2011-06-17 03:05 -------- d-----w- c:\program files\Defraggler
2011-06-17 03:04 . 2011-06-17 03:04 -------- d-----w- c:\program files\CCleaner
2011-06-17 02:57 . 2011-07-06 05:52 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-17 02:57 . 2011-07-06 05:52 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-16 21:06 . 2011-06-16 21:06 -------- d-----w- c:\program files\AMD APP
2011-06-16 03:29 . 2011-06-16 03:29 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-16 03:27 . 2006-10-19 02:47 276992 ------w- c:\windows\system32\audiodev.dll
2011-06-16 03:26 . 2011-06-16 03:26 -------- d-----w- c:\windows\system32\LogFiles
2011-06-16 03:26 . 2011-06-16 03:26 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-16 03:18 . 2011-06-16 03:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-16 03:09 . 2011-06-16 03:09 -------- d-----w- c:\program files\ATI
2011-06-16 03:08 . 2011-06-16 03:08 -------- d-----w- C:\ATI
2011-06-16 02:46 . 2011-06-16 02:46 -------- d-----w- c:\program files\FileHippo.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 02:41 . 2011-05-15 15:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 03:17 . 2010-07-09 11:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 13:11 . 2011-06-02 03:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-06-02 03:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 03:44 . 2011-05-25 03:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-25 03:43 . 2011-05-25 03:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-10 12:06 . 2010-07-09 03:09 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2010-07-09 03:09 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-04-20 02:10 . 2011-04-20 02:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-06 13:07 . 2011-07-12 17:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-06-24 2423608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2005-03-18 106496]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2011-7-1 1175552]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2011 11:48 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2011 11:48 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/1/2011 11:29 PM 39984]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-02 03:48]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-02 03:48]
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2011-07-07 05:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.ca/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Nicholas Martin\Application Data\Mozilla\Firefox\Profiles\qzdbplzu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4da76877&v=7.005.030.004&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 14:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-07-12 14:57:47
ComboFix-quarantined-files.txt 2011-07-12 18:57
.
Pre-Run: 43,839,356,928 bytes free
Post-Run: 43,920,588,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3F876335E9C260511DD817D6FCFB02B3

---

Auto Updates is back now. I think everything is fixed, Essentials is showing no signs of viruses right now. I'll keep it like this until you reply, but I think it may have worked. Thank you!

Edited by Kaerfca, 12 July 2011 - 02:32 PM.


#7 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:54 AM

Posted 14 July 2011 - 08:53 AM

Hi Kaerfca,

I would like to do a couple of more scans to make sure you are clean.

I see you have CCleaner installed. I highly recommend this program but you need to be aware that it contains a registry cleaner.

Please be aware that Bleeping Computer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

More information about registry cleaners can be found at Miekiemoes Blog

I notice you have the Ask Toolbar installed. I suggest you unistall Ask Toolbar for the following reasons.
  • Promoting its toolbars on sites targeted to kids.
  • Promoting its toolbars through ads that appear to be part of other companies' sites.
  • Promoting its toolbars through other companies' spyware.
  • Installing without any disclosure whatsoever and without any consent whatsoever.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
More information can be found here


If you decide to remove it please go to Start | Control Panel | Add / Remove Programs to uninstall.


Step 1.


Please rerun MBAM that appears to already be installed on your computer.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2.

We need to run a Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <<----Important
3. Open notepad and copy/paste the text in the codebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-

DDS::
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If Combofix prompts you to update the program please allow it to do so.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 3.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

The log is located at:

C:\Program Files\ESET\ESET Online Scanner\log.txt


In your next reply please include the following:

MBAM log
ComboFix.txt
ESET scan results <--Note: If nothing is found there will be no report.


Still no problems?


Thanks!!

Edited by pwgib, 14 July 2011 - 08:55 AM.

PW

#8 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:54 AM

Posted 18 July 2011 - 08:02 AM

Hi Kaerfca,


Do you still need assistance?

Edited by pwgib, 18 July 2011 - 08:03 AM.

PW

#9 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:54 AM

Posted 22 July 2011 - 08:10 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users