Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

something in registry (spyware or adware)


  • This topic is locked This topic is locked
12 replies to this topic

#1 beboe

beboe

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 09 October 2011 - 04:29 AM

This is in regards to my laptop. I was surfing on the internet and came to an unfamiliar site and backed out of it, but it was too late. Before visiting the site, my computer had lots of speed. Immediately afterwards, the computer got extremely slow and has been that way ever since. Thank for the help and hope we can resolve the problem.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Bill Vaughn at 3:38:14 on 2011-10-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1934 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 24.154.1.7 24.154.1.8
TCP: Interfaces\{A31DE355-ECAF-4FF3-90F5-62530E8E4F95} : DhcpNameServer = 163.244.112.71 10.101.101.100 163.244.101.69 163.244.100.254
TCP: Interfaces\{F88E1AF4-C2A0-450A-8614-20CD54A9731E} : DhcpNameServer = 24.154.1.7 24.154.1.8
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bill vaughn\appdata\roaming\mozilla\firefox\profiles\sypg6bc3.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=68689557&tool_id=62781&qkw=
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2011-10-2 85312]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-9-21 64080]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-10-2 20288]
.
=============== Created Last 30 ================
.
2011-10-08 06:31:51 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{440f3329-64b2-47a5-8aa9-ab9045db3d96}\offreg.dll
2011-10-07 06:09:13 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{440f3329-64b2-47a5-8aa9-ab9045db3d96}\mpengine.dll
2011-10-06 08:35:50 388096 ----a-r- c:\users\bill vaughn\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-06 06:18:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-02 06:29:41 -------- d-----w- c:\users\bill vaughn\appdata\local\Sophos
2011-10-02 06:25:38 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-10-02 06:23:43 -------- d-----w- c:\program files\common files\Cisco Systems
2011-10-02 06:23:30 23552 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-10-02 06:23:14 -------- d-----w- c:\programdata\Sophos
2011-10-02 06:18:38 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-10-02 06:18:36 85312 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-10-02 06:17:50 -------- d-----w- C:\stdtsa
2011-09-30 06:46:59 65536 ----a-r- c:\users\bill vaughn\appdata\roaming\microsoft\installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-09-30 06:46:58 65536 ----a-r- c:\users\bill vaughn\appdata\roaming\microsoft\installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-09-30 06:46:58 65536 ----a-r- c:\users\bill vaughn\appdata\roaming\microsoft\installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2011-09-30 06:46:52 -------- d-----w- c:\program files\Sophos
2011-09-25 20:13:20 -------- d-----w- c:\programdata\PCPitstop
2011-09-25 20:13:17 -------- d-----w- c:\program files\PCPitstop
2011-09-21 07:27:01 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-09-21 07:26:46 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-09-21 07:26:45 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-09-21 07:26:45 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-21 07:13:20 -------- d-----w- c:\programdata\Trend Micro
2011-09-21 07:13:16 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-10-06 06:35:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-15 07:32:47 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-15 07:32:40 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-08-06 08:28:30 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-06 08:24:26 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-08-04 10:09:14 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-04 10:09:14 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-04 10:01:50 72704 ----a-w- c:\windows\system32\admparse.dll
2011-08-04 10:01:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-04 09:54:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-04 09:54:38 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-04 09:48:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-04 09:48:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-04 09:48:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-04 09:48:30 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-04 09:48:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-04 09:48:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-04 09:48:29 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-04 09:48:28 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-04 09:41:36 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-04 09:41:33 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-04 09:41:33 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-04 09:41:32 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-04 09:41:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-04 09:41:31 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-04 09:41:22 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-04 09:38:18 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-04 09:38:15 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-08-04 09:38:11 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-08-04 09:34:59 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-04 09:28:49 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-04 09:28:49 2868224 ----a-w- c:\windows\system32\mf.dll
2011-08-04 09:28:48 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-04 09:28:48 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-04 09:28:47 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-04 09:17:21 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-04 09:06:05 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-04 09:03:30 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-04 09:03:29 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-04 08:38:33 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-04 08:34:38 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-04 08:34:38 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-04 08:34:37 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-04 08:34:37 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-04 08:34:36 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-04 08:34:36 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-04 08:27:59 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2011-08-04 08:26:59 4495360 ----a-w- c:\windows\system32\NlsData0414.dll
2011-08-04 08:26:58 4495360 ----a-w- c:\windows\system32\NlsData0416.dll
2011-08-04 08:26:57 4495360 ----a-w- c:\windows\system32\NlsData0816.dll
2011-08-04 08:26:56 1965056 ----a-w- c:\windows\system32\NlsData081a.dll
2011-08-04 08:26:55 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll
2011-08-04 08:26:54 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll
2011-08-04 08:20:10 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-08-04 08:12:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-08-04 08:12:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-08-04 08:09:07 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-08-04 08:09:07 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-08-04 08:09:06 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-04 08:09:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-08-04 08:03:24 37888 ----a-w- c:\windows\system32\printcom.dll
2011-08-04 07:59:18 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-08-04 07:57:33 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-08-04 07:57:33 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-08-04 07:57:32 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-08-04 07:57:24 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-08-04 07:57:21 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-08-04 07:57:20 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-08-04 07:48:27 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-08-04 07:47:14 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-08-04 07:46:16 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-08-04 07:42:09 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-04 07:42:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-04 07:42:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-04 07:29:07 243712 ----a-w- c:\windows\system32\rastls.dll
2011-08-04 07:27:59 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-08-04 07:22:58 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-08-04 07:22:58 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-08-04 07:22:58 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-08-04 07:22:58 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-08-04 07:22:58 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-08-04 07:22:57 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-08-04 07:22:55 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-08-04 07:22:54 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-08-04 07:22:54 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-08-04 07:22:54 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-08-04 07:21:26 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-08-01 13:19:59 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-08-01 13:19:11 98304 ----a-w- c:\windows\system32\cabview.dll
2011-08-01 12:55:29 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-08-01 12:53:23 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-08-01 12:52:11 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-08-01 12:52:10 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-07-22 13:54:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 3:43:33.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 14 October 2011 - 04:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422602 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 beboe

beboe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 17 October 2011 - 04:18 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Bill Vaughn at 3:32:11 on 2011-10-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1970 [GMT -4:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 24.154.1.7 24.154.1.8
TCP: Interfaces\{A31DE355-ECAF-4FF3-90F5-62530E8E4F95} : DhcpNameServer = 163.244.112.71 10.101.101.100 163.244.101.69 163.244.100.254
TCP: Interfaces\{F88E1AF4-C2A0-450A-8614-20CD54A9731E} : DhcpNameServer = 24.154.1.7 24.154.1.8
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bill vaughn\appdata\roaming\mozilla\firefox\profiles\sypg6bc3.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=68689557&tool_id=62781&qkw=
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-12-19 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-1 136176]
S3 GLLBQVM;GLLBQVM;c:\users\billva~1\appdata\local\temp\gllbqvm.exe --> c:\users\billva~1\appdata\local\temp\GLLBQVM.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-1 136176]
S3 YQBQ;YQBQ;c:\users\billva~1\appdata\local\temp\yqbq.exe --> c:\users\billva~1\appdata\local\temp\YQBQ.exe [?]
.
=============== Created Last 30 ================
.
2011-10-14 08:07:37 -------- d-----w- c:\program files\SUPERANTISPYWARE
2011-10-14 07:58:55 -------- d-----w- c:\users\bill vaughn\appdata\roaming\AVG2012
2011-10-14 07:55:40 -------- d-----w- c:\programdata\AVG2012
2011-10-13 14:59:58 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 14:59:57 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 14:59:57 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 14:59:57 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 14:59:51 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 14:58:24 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 14:58:24 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 14:58:24 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 14:58:22 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 14:44:48 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bf26e2c4-a44a-401f-a0e1-487bb4b6c0f4}\mpengine.dll
2011-10-06 06:18:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-02 06:29:41 -------- d-----w- c:\users\bill vaughn\appdata\local\Sophos
2011-10-02 06:23:14 -------- d-----w- c:\programdata\Sophos
2011-10-02 06:17:50 -------- d-----w- C:\stdtsa
2011-09-25 20:13:20 -------- d-----w- c:\programdata\PCPitstop
2011-09-25 20:13:17 -------- d-----w- c:\program files\PCPitstop
2011-09-21 07:13:20 -------- d-----w- c:\programdata\Trend Micro
.
==================== Find3M ====================
.
2011-10-06 06:35:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-16 16:15:15 834048 ----a-w- c:\windows\system32\wininet.dll
2011-08-16 14:20:55 389632 ----a-w- c:\windows\system32\html.iec
2011-08-15 07:32:47 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-15 07:32:40 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-08-06 08:28:30 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-06 08:24:26 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-08-04 10:09:14 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-04 10:09:14 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-04 10:01:50 72704 ----a-w- c:\windows\system32\admparse.dll
2011-08-04 10:01:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-04 09:54:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-04 09:54:38 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-04 09:48:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-04 09:48:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-04 09:48:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-04 09:48:30 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-04 09:48:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-04 09:48:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-04 09:48:29 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-04 09:48:28 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-04 09:41:36 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-04 09:41:33 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-04 09:41:33 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-04 09:41:32 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-04 09:41:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-04 09:41:31 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-04 09:41:22 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-04 09:38:18 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-04 09:38:15 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-08-04 09:38:11 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-08-04 09:34:59 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-04 09:28:49 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-04 09:28:49 2868224 ----a-w- c:\windows\system32\mf.dll
2011-08-04 09:28:48 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-04 09:28:48 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-04 09:28:47 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-04 09:17:21 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-04 09:06:05 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-04 09:03:30 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-04 09:03:29 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-04 08:38:33 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-04 08:34:38 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-04 08:34:38 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-04 08:34:37 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-04 08:34:37 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-04 08:34:36 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-04 08:34:36 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-04 08:27:59 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2011-08-04 08:26:59 4495360 ----a-w- c:\windows\system32\NlsData0414.dll
2011-08-04 08:26:58 4495360 ----a-w- c:\windows\system32\NlsData0416.dll
2011-08-04 08:26:57 4495360 ----a-w- c:\windows\system32\NlsData0816.dll
2011-08-04 08:26:56 1965056 ----a-w- c:\windows\system32\NlsData081a.dll
2011-08-04 08:26:55 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll
2011-08-04 08:26:54 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll
2011-08-04 08:20:10 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-08-04 08:12:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-08-04 08:12:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-08-04 08:09:07 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-08-04 08:09:07 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-08-04 08:09:06 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-04 08:09:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-08-04 08:03:24 37888 ----a-w- c:\windows\system32\printcom.dll
2011-08-04 07:59:18 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-08-04 07:57:33 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-08-04 07:57:33 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-08-04 07:57:32 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-08-04 07:57:24 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-08-04 07:57:21 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-08-04 07:57:20 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-08-04 07:48:27 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-08-04 07:47:14 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-08-04 07:46:16 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-08-04 07:42:09 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-04 07:42:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-04 07:42:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-04 07:29:07 243712 ----a-w- c:\windows\system32\rastls.dll
2011-08-04 07:27:59 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-08-04 07:22:58 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-08-04 07:22:58 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-08-04 07:22:58 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-08-04 07:22:58 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-08-04 07:22:58 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-08-04 07:22:57 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-08-04 07:22:55 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-08-04 07:22:54 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-08-04 07:22:54 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-08-04 07:22:54 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-08-04 07:21:26 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-08-01 13:19:59 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-08-01 13:19:11 98304 ----a-w- c:\windows\system32\cabview.dll
2011-08-01 12:55:29 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-08-01 12:53:23 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-08-01 12:52:11 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-08-01 12:52:10 33792 ----a-w- c:\windows\system32\wuapp.exe
.
============= FINISH: 3:34:53.85 ===============

Attached Files



#4 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:03:51 AM

Posted 17 October 2011 - 05:52 PM

Hello and :welcome:

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#5 beboe

beboe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 18 October 2011 - 02:37 AM

ComboFix 11-10-17.02 - Bill Vaughn 10/18/2011 3:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.2072 [GMT -4:00]
Running from: c:\users\Bill Vaughn\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 07:24 . 2011-10-18 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 08:07 . 2011-10-18 07:14 -------- d-----w- c:\program files\SUPERANTISPYWARE
2011-10-14 07:58 . 2011-10-14 07:58 -------- d-----w- c:\users\Bill Vaughn\AppData\Roaming\AVG2012
2011-10-14 07:55 . 2011-10-14 08:12 -------- d-----w- c:\programdata\AVG2012
2011-10-13 14:59 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 14:59 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 14:59 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 14:59 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 14:59 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 14:58 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 14:58 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 14:58 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 14:58 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 14:44 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF26E2C4-A44A-401F-A0E1-487BB4B6C0F4}\mpengine.dll
2011-10-06 06:18 . 2011-09-29 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-02 06:29 . 2011-10-02 06:29 -------- d-----w- c:\users\Bill Vaughn\AppData\Local\Sophos
2011-10-02 06:23 . 2011-10-14 07:38 -------- d-----w- c:\programdata\Sophos
2011-10-02 06:17 . 2011-10-02 06:18 -------- d-----w- C:\stdtsa
2011-09-25 20:13 . 2011-09-27 06:37 -------- d-----w- c:\programdata\PCPitstop
2011-09-25 20:13 . 2011-09-28 06:39 -------- d-----w- c:\program files\PCPitstop
2011-09-21 07:13 . 2011-10-14 07:42 -------- d-----w- c:\programdata\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 06:35 . 2011-08-25 10:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 10:30 . 2011-09-13 10:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-15 07:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-15 07:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-08-06 08:28 . 2011-08-06 08:28 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-06 08:24 . 2011-08-06 08:24 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-08-04 10:09 . 2011-08-04 10:09 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-04 10:09 . 2011-08-04 10:09 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-04 10:01 . 2011-08-04 10:01 72704 ----a-w- c:\windows\system32\admparse.dll
2011-08-04 10:01 . 2011-08-04 10:01 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-04 09:54 . 2011-08-04 09:54 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-04 09:54 . 2011-08-04 09:54 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-04 09:48 . 2011-08-04 09:48 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-04 09:48 . 2011-08-04 09:48 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-04 09:48 . 2011-08-04 09:48 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-04 09:48 . 2011-08-04 09:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-04 09:48 . 2011-08-04 09:48 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-04 09:48 . 2011-08-04 09:48 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-04 09:48 . 2011-08-04 09:48 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-04 09:48 . 2011-08-04 09:48 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-04 09:41 . 2011-08-04 09:41 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-04 09:41 . 2011-08-04 09:41 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-04 09:41 . 2011-08-04 09:41 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-04 09:41 . 2011-08-04 09:41 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-04 09:41 . 2011-08-04 09:41 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-04 09:41 . 2011-08-04 09:41 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-04 09:41 . 2011-08-04 09:41 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-04 09:38 . 2011-08-04 09:38 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-04 09:38 . 2011-08-04 09:38 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-08-04 09:38 . 2011-08-04 09:38 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-08-04 09:34 . 2011-08-04 09:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-04 09:28 . 2011-08-04 09:28 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-04 09:28 . 2011-08-04 09:28 2868224 ----a-w- c:\windows\system32\mf.dll
2011-08-04 09:28 . 2011-08-04 09:28 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-04 09:28 . 2011-08-04 09:28 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-04 09:28 . 2011-08-04 09:28 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-04 09:17 . 2011-08-04 09:17 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-04 09:06 . 2011-08-04 09:06 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-04 09:03 . 2011-08-04 09:03 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-04 09:03 . 2011-08-04 09:03 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-04 08:38 . 2011-08-04 08:38 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-04 08:34 . 2011-08-04 08:34 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-04 08:34 . 2011-08-04 08:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-04 08:34 . 2011-08-04 08:34 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-04 08:34 . 2011-08-04 08:34 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-04 08:34 . 2011-08-04 08:34 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-04 08:34 . 2011-08-04 08:34 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-04 08:28 . 2011-08-04 08:28 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-08-04 08:28 . 2011-08-04 08:28 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-08-04 08:28 . 2011-08-04 08:28 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2011-08-04 08:28 . 2011-08-04 08:28 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2011-08-04 08:28 . 2011-08-04 08:28 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2011-08-04 08:28 . 2011-08-04 08:28 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2011-08-04 08:28 . 2011-08-04 08:28 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2011-08-04 08:28 . 2011-08-04 08:28 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2011-08-04 08:28 . 2011-08-04 08:28 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2011-08-04 08:28 . 2011-08-04 08:28 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2011-08-04 08:28 . 2011-08-04 08:28 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2011-08-04 08:28 . 2011-08-04 08:28 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2011-08-04 08:28 . 2011-08-04 08:28 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2011-08-04 08:27 . 2011-08-04 08:27 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2011-08-04 08:27 . 2011-08-04 08:27 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2011-08-04 08:27 . 2011-08-04 08:27 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2011-08-04 08:27 . 2011-08-04 08:27 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2011-08-04 08:27 . 2011-08-04 08:27 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2011-08-04 08:27 . 2011-08-04 08:27 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2011-08-04 08:27 . 2011-08-04 08:27 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2011-08-04 08:27 . 2011-08-04 08:27 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2011-08-04 08:27 . 2011-08-04 08:27 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2011-08-04 08:27 . 2011-08-04 08:27 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2011-08-04 08:27 . 2011-08-04 08:27 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2011-08-04 08:27 . 2011-08-04 08:27 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2011-08-04 08:27 . 2011-08-04 08:27 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2011-08-04 08:27 . 2011-08-04 08:27 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2011-08-04 08:27 . 2011-08-04 08:27 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2011-08-04 08:27 . 2011-08-04 08:27 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2011-08-04 08:27 . 2011-08-04 08:27 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2011-08-04 08:27 . 2011-08-04 08:27 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2011-08-04 08:27 . 2011-08-04 08:27 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2011-08-04 08:27 . 2011-08-04 08:27 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2011-08-04 08:27 . 2011-08-04 08:27 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2011-08-04 08:27 . 2011-08-04 08:27 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2011-08-04 08:27 . 2011-08-04 08:27 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2011-08-04 08:27 . 2011-08-04 08:27 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2011-08-04 08:27 . 2011-08-04 08:27 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2011-08-04 08:27 . 2011-08-04 08:27 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2011-08-04 08:27 . 2011-08-04 08:27 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2011-08-04 08:27 . 2011-08-04 08:27 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
2011-08-04 08:27 . 2011-08-04 08:27 1965056 ----a-w- c:\windows\system32\NlsData0026.dll
2011-08-04 08:27 . 2011-08-04 08:27 4495360 ----a-w- c:\windows\system32\NlsData0010.dll
2011-08-04 08:27 . 2011-08-04 08:27 2657280 ----a-w- c:\windows\system32\NlsData0011.dll
2011-08-04 08:27 . 2011-08-04 08:27 3466752 ----a-w- c:\windows\system32\NlsData0013.dll
2011-08-04 08:27 . 2011-08-04 08:27 1965056 ----a-w- c:\windows\system32\NlsData0018.dll
2011-09-29 06:53 . 2011-10-06 06:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 22:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 19:40 16384 ----a-w- c:\dell\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 11:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-29 05:54 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-07 18:23 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 15:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
R3 GLLBQVM;GLLBQVM;c:\users\BILLVA~1\AppData\Local\Temp\GLLBQVM.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7CFC.tmp [x]
R3 YQBQ;YQBQ;c:\users\BILLVA~1\AppData\Local\Temp\YQBQ.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 14:02]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 14:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
TCP: DhcpNameServer = 24.154.1.7 24.154.1.8
FF - ProfilePath - c:\users\Bill Vaughn\AppData\Roaming\Mozilla\Firefox\Profiles\sypg6bc3.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=68689557&tool_id=62781&qkw=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-DellSupport - c:\program files\DellSupport\DSAgnt.exe
MSConfigStartUp-Panda Security URL Filtering - c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe
MSConfigStartUp-PSUNMain - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 03:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7CFC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-18 03:31:50
ComboFix-quarantined-files.txt 2011-10-18 07:31
.
Pre-Run: 122,597,601,280 bytes free
Post-Run: 122,542,260,224 bytes free
.
- - End Of File - - A56D42C7F0D59F7B6AC90C29A805C26A

#6 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:03:51 AM

Posted 18 October 2011 - 06:43 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\BILLVA~1\AppData\Local\Temp\GLLBQVM.exe
c:\users\BILLVA~1\AppData\Local\Temp\YQBQ.exe

Driver::
GLLBQVM
YQBQ


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe. ComboFix may request an update; please allow it.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Also, can you let me know how the system is running now?
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#7 beboe

beboe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 20 October 2011 - 04:16 AM

Good Morning, Before I go any futher, I want to thank you and the staff for all your help and the time you took to assist me on this. You wanted the log file on the combofix and wanted to know how the computer is doing now. The computer is doing much better, and has gained some speed. I realize it may never get back to the speed it once had because of age. However it has improved greatly. Now for the log file.

ComboFix 11-10-19.06 - Bill Vaughn 10/20/2011 3:19.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.2060 [GMT -4:00]
Running from: c:\users\Bill Vaughn\Desktop\ComboFix.exe
Command switches used :: c:\users\Bill Vaughn\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\BILLVA~1\AppData\Local\Temp\GLLBQVM.exe"
"c:\users\BILLVA~1\AppData\Local\Temp\YQBQ.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
.
.
2011-10-20 07:40 . 2011-10-20 07:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 15:18 . 2011-10-20 07:41 -------- d-----w- c:\users\Bill Vaughn\AppData\Local\temp
2011-10-14 08:07 . 2011-10-18 07:36 -------- d-----w- c:\program files\SUPERANTISPYWARE
2011-10-14 07:58 . 2011-10-14 07:58 -------- d-----w- c:\users\Bill Vaughn\AppData\Roaming\AVG2012
2011-10-14 07:55 . 2011-10-14 08:12 -------- d-----w- c:\programdata\AVG2012
2011-10-13 14:59 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 14:59 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 14:59 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 14:59 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 14:59 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 14:58 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 14:58 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 14:58 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 14:58 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 14:44 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF26E2C4-A44A-401F-A0E1-487BB4B6C0F4}\mpengine.dll
2011-10-06 06:18 . 2011-09-29 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-02 06:29 . 2011-10-02 06:29 -------- d-----w- c:\users\Bill Vaughn\AppData\Local\Sophos
2011-10-02 06:23 . 2011-10-14 07:38 -------- d-----w- c:\programdata\Sophos
2011-10-02 06:17 . 2011-10-02 06:18 -------- d-----w- C:\stdtsa
2011-09-25 20:13 . 2011-09-27 06:37 -------- d-----w- c:\programdata\PCPitstop
2011-09-25 20:13 . 2011-09-28 06:39 -------- d-----w- c:\program files\PCPitstop
2011-09-21 07:13 . 2011-10-14 07:42 -------- d-----w- c:\programdata\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 06:35 . 2011-08-25 10:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 10:30 . 2011-09-13 10:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-15 07:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-15 07:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-08-06 08:28 . 2011-08-06 08:28 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-06 08:24 . 2011-08-06 08:24 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-08-04 10:09 . 2011-08-04 10:09 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-04 10:09 . 2011-08-04 10:09 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-04 10:01 . 2011-08-04 10:01 72704 ----a-w- c:\windows\system32\admparse.dll
2011-08-04 10:01 . 2011-08-04 10:01 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-04 09:54 . 2011-08-04 09:54 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-04 09:54 . 2011-08-04 09:54 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-04 09:48 . 2011-08-04 09:48 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-04 09:48 . 2011-08-04 09:48 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-04 09:48 . 2011-08-04 09:48 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-04 09:48 . 2011-08-04 09:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-04 09:48 . 2011-08-04 09:48 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-04 09:48 . 2011-08-04 09:48 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-04 09:48 . 2011-08-04 09:48 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-04 09:48 . 2011-08-04 09:48 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-04 09:41 . 2011-08-04 09:41 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-04 09:41 . 2011-08-04 09:41 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-04 09:41 . 2011-08-04 09:41 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-04 09:41 . 2011-08-04 09:41 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-04 09:41 . 2011-08-04 09:41 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-04 09:41 . 2011-08-04 09:41 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-04 09:41 . 2011-08-04 09:41 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-04 09:38 . 2011-08-04 09:38 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-04 09:38 . 2011-08-04 09:38 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-08-04 09:38 . 2011-08-04 09:38 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-08-04 09:34 . 2011-08-04 09:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-04 09:28 . 2011-08-04 09:28 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-04 09:28 . 2011-08-04 09:28 2868224 ----a-w- c:\windows\system32\mf.dll
2011-08-04 09:28 . 2011-08-04 09:28 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-04 09:28 . 2011-08-04 09:28 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-04 09:28 . 2011-08-04 09:28 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-04 09:17 . 2011-08-04 09:17 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-04 09:06 . 2011-08-04 09:06 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-04 09:03 . 2011-08-04 09:03 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-04 09:03 . 2011-08-04 09:03 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-04 08:38 . 2011-08-04 08:38 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-04 08:34 . 2011-08-04 08:34 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-04 08:34 . 2011-08-04 08:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-04 08:34 . 2011-08-04 08:34 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-04 08:34 . 2011-08-04 08:34 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-04 08:34 . 2011-08-04 08:34 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-04 08:34 . 2011-08-04 08:34 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-04 08:28 . 2011-08-04 08:28 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-08-04 08:28 . 2011-08-04 08:28 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-08-04 08:28 . 2011-08-04 08:28 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2011-08-04 08:28 . 2011-08-04 08:28 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2011-08-04 08:28 . 2011-08-04 08:28 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2011-08-04 08:28 . 2011-08-04 08:28 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2011-08-04 08:28 . 2011-08-04 08:28 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2011-08-04 08:28 . 2011-08-04 08:28 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2011-08-04 08:28 . 2011-08-04 08:28 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2011-08-04 08:28 . 2011-08-04 08:28 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2011-08-04 08:28 . 2011-08-04 08:28 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2011-08-04 08:28 . 2011-08-04 08:28 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2011-08-04 08:28 . 2011-08-04 08:28 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2011-08-04 08:27 . 2011-08-04 08:27 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2011-08-04 08:27 . 2011-08-04 08:27 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2011-08-04 08:27 . 2011-08-04 08:27 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2011-08-04 08:27 . 2011-08-04 08:27 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2011-08-04 08:27 . 2011-08-04 08:27 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2011-08-04 08:27 . 2011-08-04 08:27 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2011-08-04 08:27 . 2011-08-04 08:27 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2011-08-04 08:27 . 2011-08-04 08:27 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2011-08-04 08:27 . 2011-08-04 08:27 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2011-08-04 08:27 . 2011-08-04 08:27 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2011-08-04 08:27 . 2011-08-04 08:27 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2011-08-04 08:27 . 2011-08-04 08:27 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2011-08-04 08:27 . 2011-08-04 08:27 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2011-08-04 08:27 . 2011-08-04 08:27 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2011-08-04 08:27 . 2011-08-04 08:27 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2011-08-04 08:27 . 2011-08-04 08:27 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2011-08-04 08:27 . 2011-08-04 08:27 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2011-08-04 08:27 . 2011-08-04 08:27 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2011-08-04 08:27 . 2011-08-04 08:27 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2011-08-04 08:27 . 2011-08-04 08:27 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2011-08-04 08:27 . 2011-08-04 08:27 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2011-08-04 08:27 . 2011-08-04 08:27 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2011-08-04 08:27 . 2011-08-04 08:27 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2011-08-04 08:27 . 2011-08-04 08:27 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2011-08-04 08:27 . 2011-08-04 08:27 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2011-08-04 08:27 . 2011-08-04 08:27 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2011-08-04 08:27 . 2011-08-04 08:27 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2011-08-04 08:27 . 2011-08-04 08:27 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2011-08-04 08:27 . 2011-08-04 08:27 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
2011-08-04 08:27 . 2011-08-04 08:27 1965056 ----a-w- c:\windows\system32\NlsData0026.dll
2011-08-04 08:27 . 2011-08-04 08:27 4495360 ----a-w- c:\windows\system32\NlsData0010.dll
2011-08-04 08:27 . 2011-08-04 08:27 2657280 ----a-w- c:\windows\system32\NlsData0011.dll
2011-08-04 08:27 . 2011-08-04 08:27 3466752 ----a-w- c:\windows\system32\NlsData0013.dll
2011-08-04 08:27 . 2011-08-04 08:27 1965056 ----a-w- c:\windows\system32\NlsData0018.dll
2011-09-29 06:53 . 2011-10-06 06:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 22:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 19:40 16384 ----a-w- c:\dell\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 11:55 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-29 05:54 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-07 18:23 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 15:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7CFC.tmp [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 14:02]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 14:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
TCP: DhcpNameServer = 24.154.1.7 24.154.1.8
FF - ProfilePath - c:\users\Bill Vaughn\AppData\Roaming\Mozilla\Firefox\Profiles\sypg6bc3.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=68689557&tool_id=62781&qkw=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 03:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7CFC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-20 03:48:05
ComboFix-quarantined-files.txt 2011-10-20 07:47
ComboFix2.txt 2011-10-18 15:18
ComboFix3.txt 2011-10-18 07:31
.
Pre-Run: 122,367,143,936 bytes free
Post-Run: 122,354,892,800 bytes free
.
- - End Of File - - 1F502F104CB2BBE3B8719C066F14DA4C

#8 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:03:51 AM

Posted 20 October 2011 - 05:38 AM

Fantastic to hear the system is running at least a bit better now. Let's do a couple of other scans to be sure nothing else is lurking around. Different tools look in different places on the computer for malware so we like to do a couple of double checks. We'll also do some updates while we're at it.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7
  • Click the Download JRE button to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.





Update Adobe Reader
There have been updates to Adobe Reader to address security vulnerabilities. You should download the latest version from the Adobe website.




This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.


http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#9 beboe

beboe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 21 October 2011 - 02:55 AM

I ran Malware Bytes and it showed clean. I updated Java and Adobe as instructed. Then I downloaded ESet and it showed clean. I am putting the log in this note, because you're the pro and I didn't know if you still wanted to see it. My computer is running much faster now. I remember when I scrolled before you helped me, it use to be jumpy and jerky. now it goes fast and smooth. You don't know how much I appreciate the time and effort you put in to this. So here's the log. thanks.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=2cad4b41e4479f4a874a7f63abf0609b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-21 05:24:34
# local_time=2011-10-21 01:24:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 0 155772875 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=100767
# found=0
# cleaned=0
# scan_time=9329

#10 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:03:51 AM

Posted 21 October 2011 - 11:15 AM

Glad to hear things are running well now :thumbsup:

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click the Windows Key + R to open the Run box.
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Posted Image

If there are any remaining tools or logs on your desktop you can right-click and delete them. I would advise keeping Malwarebytes as it is a program you'll want to run regularly.



Great job! Your logs appear to be malware free and you do not appear to be experiencing any malware related problems.
Please follow these simple steps in order to keep your computer malware free and secure:

Use and Update your AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this. Simply using a Firewall in its default configuration can lower your risk greatly.

Use only one antivirus and one firewall on your machine
Having more than one anti-virus program and one firewall on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.

If you need more information on free anti-virus or firewall options please let me know and I will give you some recommendations.

Make your Internet Explorer more secure
This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to Prompt
6. Change the Download unsigned ActiveX controls to Disable
7. Change the Initialize and script ActiveX controls not marked as safe to Disable
8. Change the Installation of desktop items to Prompt
9. Change the Launching programs and files in an IFRAME to Prompt
10. Change the Navigate sub-frames across different domains to Prompt
11. When all these settings have been made, click on the OK button.
12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
13. Next press the Apply button and then the OK to exit the Internet Properties page.

Keep your Java, Adobe Reader and Adobe Flash Up to Date
Older versions of these programs can contain security vulnerabilities. It is very important to keep them updated.

Update and Run Malwarebytes Anti-Malware
Scan your computer with this program on a regular basis just as you would an antivirus software making sure you update definitions each time you scan.

To simplify making sure you have the latest version of many of your security programs and applications, you may want to consider:
Secunia's Personal Software Inspector (PSI). It is a free utility that scans your computer for installed applications and checks to see if they have the latest security patches and updates. If it finds any applications with possible security issues, links and/or instructions are provided for the necessariy updates.

Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

I would suggest you read:
Tony Klein's excellent article: How I got Infected in the First Place
PC Safety and Security--What Do I Need?
How to Prevent Malware

Good luck & Happy surfing!
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#11 beboe

beboe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 22 October 2011 - 02:49 AM

Will do what's advised and thanks very much.

#12 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:03:51 AM

Posted 22 October 2011 - 11:10 AM

You are very welcome!
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#13 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:03:51 AM

Posted 22 October 2011 - 11:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users