Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Automatic update keeps appearing, slow computer, add/remove program button disappeared


  • This topic is locked This topic is locked
16 replies to this topic

#1 davidl7

davidl7

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 20 September 2011 - 08:11 PM

Last week, I noticed that my PC has been getting frequent windows update(the yellow icon). I realized that non of my other pc's were updating. Than I noticed that it was very slow to boot and sometimes the cursor would irratically move. I went into add/remove programs to find the remove buttons missing from all of the programs. I used Avast, adaware, spybot,malwarebyte, trendmicro, microsoft security and more. But it keeps coming back. I even tried restoring back 30 days to no avail.

Please help!


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Run by David at 19:40:14 on 2011-09-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.1661 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Trademanager\aliim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = www.alibaba.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [NoteZilla] c:\program files\conceptworld\notezilla\NoteZilla.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [aliim] c:\program files\trademanager\aliim.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QuickBooksDB19] c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -n qb_tfdave_19 -qs -gd all -gk all -gp 4096 -gu all -ch 128m -c 64m -x tcpip(broadcastlistener=no;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe c:\docume~1\alluse~1\applic~1\intuit\quickb~2\DBSTAR~1.LOG -y
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
StartupFolder: c:\documents and settings\david\start menu\programs\startup\Music System.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\easyse~1.lnk - c:\program files\lg soft india\easysetpackage\bin\EasySetPackage.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~2.lnk - c:\ups\wstd\WSTDMessaging.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~1.lnk - c:\ups\wstd\wstdPldReminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{2486E29B-D1FD-441C-A9F4-129363946030} : DhcpNameServer = 10.1.10.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\ipe6jdfv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\documents and settings\david\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\david\local settings\application data\alibaba\alisetup\0.1.0.52\npAliSetupOneClick.dll
FF - plugin: c:\documents and settings\david\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npww.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-7 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-19 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-19 320856]
R1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [2007-10-31 53984]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-19 251560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-19 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-19 44768]
R2 FedExAdminService;FedEx Administration Service;c:\program files\fedex\shipmanager\bin\AdminService.exe [2010-4-16 24576]
R2 FedExLoggingService;FedEx Logging Service;c:\program files\fedex\shipmanager\bin\FedEx.Gsm.Common.LoggingService.exe [2010-4-16 7168]
R2 FedExTransactionService;FedEx Transaction Engine;c:\program files\fedex\shipmanager\bin\TransEngineService.exe [2010-4-16 6656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-4 2152152]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-21 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-16 366152]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-9-19 160576]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-9-19 286000]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-3 583640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-4 15232]
R3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [2010-10-15 16384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-16 22216]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-9-19 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-9-19 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-9-19 125248]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-4 11520]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]
S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [2010-10-15 19456]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-9-19 57536]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-4-8 132464]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
.
=============== Created Last 30 ================
.
2011-09-21 00:25:40 388096 ----a-r- c:\documents and settings\david\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-21 00:25:39 -------- d-----w- c:\program files\Trend Micro
2011-09-20 23:14:05 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e32d0993-f36b-4333-a826-9631d2855945}\mpengine.dll
2011-09-20 22:27:49 -------- d-s---w- C:\ComboFix
2011-09-20 21:55:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-20 21:55:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-20 00:19:32 -------- d-----w- c:\documents and settings\david\application data\PCToolsFirewallPlus
2011-09-20 00:17:56 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-20 00:17:56 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-20 00:17:47 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-20 00:16:56 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-09-20 00:16:56 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-09-20 00:16:56 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-09-20 00:16:48 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-09-20 00:16:10 -------- d-----w- c:\program files\PC Tools Firewall Plus
2011-09-19 23:54:21 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-19 23:53:37 41184 ----a-w- c:\windows\avastSS.scr
2011-09-19 23:53:15 -------- d-----w- c:\program files\AVAST Software
2011-09-19 23:53:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-09-19 21:50:03 -------- d-sha-r- C:\cmdcons
2011-09-19 21:47:10 98816 ----a-w- c:\windows\sed.exe
2011-09-19 21:47:10 518144 ----a-w- c:\windows\SWREG.exe
2011-09-19 21:47:10 256000 ----a-w- c:\windows\PEV.exe
2011-09-19 21:47:10 208896 ----a-w- c:\windows\MBR.exe
2011-09-19 16:31:21 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-09-19 15:17:25 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-19 15:17:25 215920 ----a-w- c:\windows\system32\muweb.dll
2011-09-19 15:17:25 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-09-16 19:31:23 -------- d-----w- c:\documents and settings\david\application data\QuickScan
2011-09-16 18:55:03 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-16 18:35:31 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d90585d5-e259-4039-a2e7-81fbedb41653}\mpengine.dll
2011-09-16 18:09:55 -------- d-----w- c:\documents and settings\david\application data\Malwarebytes
2011-09-16 18:09:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-16 18:09:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-16 18:09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-16 16:58:52 -------- d-----w- c:\documents and settings\david\application data\f-secure
2011-09-16 16:58:33 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2011-09-13 15:35:13 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-09-13 15:35:11 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-09-13 15:35:10 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-09-13 15:35:08 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-09-13 15:35:05 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-09-13 15:33:57 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-09-13 15:32:57 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-09-13 15:31:57 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-09-13 15:30:58 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-09-13 15:29:58 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-09-13 15:28:57 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-09-13 15:27:59 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-09-13 15:26:58 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-09-13 15:25:58 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-09-13 15:24:58 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2011-09-13 15:23:56 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-09-13 15:22:59 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-09-13 15:21:55 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-09-13 15:20:58 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2011-09-13 15:19:57 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2011-09-13 15:18:58 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-09-13 15:17:59 29768 -c--a-w- c:\windows\system32\dllcache\divasu.dll
2011-09-13 15:16:57 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2011-09-13 15:15:58 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-08-29 17:51:52 -------- d-----w- c:\program files\WinSCP
2011-08-25 15:35:05 -------- d-----w- c:\program files\Topsevenreviews
2011-08-25 15:09:13 -------- d-----w- c:\program files\Hamster Soft
2011-08-24 22:22:31 -------- d-----w- c:\documents and settings\david\application data\AVS4YOU
2011-08-24 22:20:59 -------- d-----w- c:\program files\common files\AVSMedia
2011-08-24 22:19:21 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-08-24 22:19:21 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-08-24 22:19:21 -------- d-----w- c:\program files\AVS4YOU
2011-08-24 22:19:21 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(2).dll
2011-08-11 16:03:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 21:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 21:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 21:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 21:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-30 21:09:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 19:42:58.96 ===============

BC AdBot (Login to Remove)

 


#2 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 21 September 2011 - 10:31 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:14, on 9/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Trademanager\aliim.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.alibaba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickBooksDB19] C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_TFDAVE_19 -qs -gd ALL -gk all -gp 4096 -gu all -ch 128M -c 64M -x tcpip(BroadcastListener=NO;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit\QUICKB~2\DBSTAR~1.LOG -y
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [NoteZilla] C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Eye-Fi] "C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [aliim] C:\Program Files\Trademanager\aliim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Music System.exe
O4 - Global Startup: EasySetPackage.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FedEx Administration Service (FedExAdminService) - Unknown owner - C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
O23 - Service: FedEx Logging Service (FedExLoggingService) - FedEx Corporation - C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
O23 - Service: FedEx Transaction Engine (FedExTransactionService) - FedEx Corporation - C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15271 bytes

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 AM

Posted 25 September 2011 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419804 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 27 September 2011 - 11:45 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by David at 11:37:01 on 2011-09-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.1121 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trademanager\AliIM.exe
C:\Program Files\Trademanager\AliIM.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = www.alibaba.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [NoteZilla] c:\program files\conceptworld\notezilla\NoteZilla.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QuickBooksDB19] c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -n qb_tfdave_19 -qs -gd all -gk all -gp 4096 -gu all -ch 128m -c 64m -x tcpip(broadcastlistener=no;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe c:\docume~1\alluse~1\applic~1\intuit\quickb~2\DBSTAR~1.LOG -y
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\documents and settings\david\start menu\programs\startup\Music System.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\easyse~1.lnk - c:\program files\lg soft india\easysetpackage\bin\EasySetPackage.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~2.lnk - c:\ups\wstd\WSTDMessaging.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~1.lnk - c:\ups\wstd\wstdPldReminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{2486E29B-D1FD-441C-A9F4-129363946030} : DhcpNameServer = 10.1.10.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\ipe6jdfv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\ipe6jdfv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\david\local settings\application data\alibaba\alisetup\0.1.0.52\npAliSetupOneClick.dll
FF - plugin: c:\documents and settings\david\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npww.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-7 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-19 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-19 320856]
R1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [2007-10-31 53984]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl4b16fff0;MpKsl4b16fff0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76e9866d-17d7-447c-a9d2-58427a6ead0f}\MpKsl4b16fff0.sys [2011-9-26 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-19 251560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-19 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-19 44768]
R2 FedExAdminService;FedEx Administration Service;c:\program files\fedex\shipmanager\bin\AdminService.exe [2010-4-16 24576]
R2 FedExLoggingService;FedEx Logging Service;c:\program files\fedex\shipmanager\bin\FedEx.Gsm.Common.LoggingService.exe [2010-4-16 7168]
R2 FedExTransactionService;FedEx Transaction Engine;c:\program files\fedex\shipmanager\bin\TransEngineService.exe [2010-4-16 6656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-4 2152152]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-21 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-16 366152]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-9-19 160576]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-9-19 286000]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-3 583640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [2010-10-15 16384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-16 22216]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-9-19 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-9-19 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-9-19 125248]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-4 11520]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-4 15232]
S3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [2010-10-15 19456]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-9-19 57536]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-4-8 132464]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
.
=============== Created Last 30 ================
.
2011-09-26 19:09:46 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76e9866d-17d7-447c-a9d2-58427a6ead0f}\MpKsl4b16fff0.sys
2011-09-26 19:09:34 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76e9866d-17d7-447c-a9d2-58427a6ead0f}\offreg.dll
2011-09-26 19:09:31 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{76e9866d-17d7-447c-a9d2-58427a6ead0f}\mpengine.dll
2011-09-23 02:11:40 -------- d-----w- c:\windows\pss
2011-09-21 00:25:40 388096 ----a-r- c:\documents and settings\david\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-21 00:25:39 -------- d-----w- c:\program files\Trend Micro
2011-09-20 22:27:49 -------- d-s---w- C:\ComboFix
2011-09-20 21:55:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-20 21:55:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-20 00:19:32 -------- d-----w- c:\documents and settings\david\application data\PCToolsFirewallPlus
2011-09-20 00:17:56 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-20 00:17:56 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-20 00:17:47 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-20 00:16:56 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-09-20 00:16:56 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-09-20 00:16:56 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-09-20 00:16:48 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-09-20 00:16:10 -------- d-----w- c:\program files\PC Tools Firewall Plus
2011-09-19 23:54:21 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-19 23:53:37 41184 ----a-w- c:\windows\avastSS.scr
2011-09-19 23:53:15 -------- d-----w- c:\program files\AVAST Software
2011-09-19 23:53:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-09-19 21:50:03 -------- d-sha-r- C:\cmdcons
2011-09-19 21:47:10 98816 ----a-w- c:\windows\sed.exe
2011-09-19 21:47:10 518144 ----a-w- c:\windows\SWREG.exe
2011-09-19 21:47:10 256000 ----a-w- c:\windows\PEV.exe
2011-09-19 21:47:10 208896 ----a-w- c:\windows\MBR.exe
2011-09-19 16:31:21 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-09-19 15:17:25 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-19 15:17:25 215920 ----a-w- c:\windows\system32\muweb.dll
2011-09-19 15:17:25 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-09-16 19:31:23 -------- d-----w- c:\documents and settings\david\application data\QuickScan
2011-09-16 18:55:03 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-16 18:35:31 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d90585d5-e259-4039-a2e7-81fbedb41653}\mpengine.dll
2011-09-16 18:09:55 -------- d-----w- c:\documents and settings\david\application data\Malwarebytes
2011-09-16 18:09:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-16 18:09:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-16 18:09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-16 16:58:52 -------- d-----w- c:\documents and settings\david\application data\f-secure
2011-09-16 16:58:33 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2011-09-13 15:35:13 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-09-13 15:35:11 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-09-13 15:35:10 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-09-13 15:35:08 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-09-13 15:35:05 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-09-13 15:33:57 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-09-13 15:32:57 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-09-13 15:31:57 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-09-13 15:30:58 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-09-13 15:29:58 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-09-13 15:28:57 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-09-13 15:27:59 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-09-13 15:26:58 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-09-13 15:25:58 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-09-13 15:24:58 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2011-09-13 15:23:56 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-09-13 15:22:59 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-09-13 15:21:55 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-09-13 15:20:58 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2011-09-13 15:19:57 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2011-09-13 15:18:58 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-09-13 15:17:59 29768 -c--a-w- c:\windows\system32\dllcache\divasu.dll
2011-09-13 15:16:57 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2011-09-13 15:15:58 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-08-29 17:51:52 -------- d-----w- c:\program files\WinSCP
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(2).dll
2011-08-11 16:03:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 21:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 21:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 21:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 21:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-30 21:09:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
============= FINISH: 11:42:23.12 ===============

Attached Files



#5 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 27 September 2011 - 02:06 PM

I can't seem to run GMER without having my comp crash or freeze.

wuauclt.exe been appearing again, so I disabled the auto update for now.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:06 AM

Posted 28 September 2011 - 07:50 PM

Hi,

Please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 29 September 2011 - 01:22 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-29 10:08:48
-----------------------------
10:08:48.984 OS Version: Windows 5.1.2600 Service Pack 3
10:08:48.984 Number of processors: 4 586 0xF0B
10:08:48.984 ComputerName: TFDAVE UserName: David
10:08:50.421 Initialize success
10:08:50.484 AVAST engine defs: 11092900
10:09:08.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:09:08.578 Disk 0 Vendor: Intel___ 1.0. Size: 476937MB BusType: 8
10:09:08.578 Disk 0 MBR read successfully
10:09:08.578 Disk 0 MBR scan
10:09:08.578 Disk 0 Windows XP default MBR code
10:09:08.578 Disk 0 scanning sectors +976735935
10:09:08.640 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:15.421 Service scanning
10:09:15.937 Service MpKsl74ad78ed C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A3DFDB1-3CA4-4CAD-978F-5A0183FBCF2A}\MpKsl74ad78ed.sys **LOCKED** 32
10:09:16.609 Modules scanning
10:09:20.234 Disk 0 trace - called modules:
10:09:20.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:09:20.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a557ab8]
10:09:20.250 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a95f030]
10:09:20.921 AVAST engine scan C:\WINDOWS
10:09:37.562 AVAST engine scan C:\WINDOWS\system32
10:11:01.500 AVAST engine scan C:\WINDOWS\system32\drivers
10:11:15.078 AVAST engine scan C:\Documents and Settings\David
11:56:49.968 AVAST engine scan C:\Documents and Settings\All Users
12:01:09.515 Scan finished successfully
13:20:31.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David\Desktop\MBR.dat"
13:20:31.078 The log file has been saved successfully to "C:\Documents and Settings\David\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:06 AM

Posted 29 September 2011 - 03:57 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 30 September 2011 - 10:06 AM

Combofix.txt attached

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:06 AM

Posted 30 September 2011 - 06:48 PM

Hi,

The log is showing there are three antivirus products on this computer

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}


Please uninstall two of them, having more than one causes system slowdowns, conflicts and crashes.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 03 October 2011 - 08:12 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7859

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/3/2011 8:11:44 PM
mbam-log-2011-10-03 (20-11-44).txt

Scan type: Quick scan
Objects scanned: 197830
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 04 October 2011 - 11:37 AM

Attached is ESETSCAN.

Attached Files



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:06 AM

Posted 04 October 2011 - 05:51 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip	
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip	
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip	
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip	
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip	
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip	
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\6.0\15\2b3688cf-7a9fa905	
C:\Documents and Settings\David\My Documents\Downloads\media.player.codec.pack.v3.9.6.setup.exe	
C:\Documents and Settings\David\My Documents\Downloads\CS5 Master Collection EN Retail NLUPPER\CS5 Master Collection EN Retail\Disk 1\MasterCollection_CS5_D1_Win.iso	

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 05 October 2011 - 12:21 PM

Runs Great!

Thank you!

#15 davidl7

davidl7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 05 October 2011 - 12:22 PM

Donation sent!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users