Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help read Hijack This File


  • This topic is locked This topic is locked
28 replies to this topic

#1 Green Country

Green Country

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 01 June 2012 - 04:08 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:41 PM, on 6/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Trend Micro\renamedhi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Judy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5700 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:08 PM

Posted 05 June 2012 - 02:16 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Green Country

Green Country
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 07 June 2012 - 04:19 PM

Security Check says 'The procedure entry point MigrateWindsockConfiguration' could not be located in the dynamic link library MSWOCK.dill

In the black box it said, 'preparing done'.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:08 PM

Posted 07 June 2012 - 04:32 PM

skip it then

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:08 PM

Posted 10 June 2012 - 12:09 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Green Country

Green Country
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 10 June 2012 - 05:40 PM

Have had difficulty getting anything to open up. Home page will show but when I put in any address.....nothing.
Still trying. (I use another computer to reply when unable to get to forum)
Thank you

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:08 PM

Posted 10 June 2012 - 05:59 PM

can you send me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:08 PM

Posted 12 June 2012 - 11:20 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Green Country

Green Country
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 13 June 2012 - 02:45 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by Judy at 14:35:07 on 2012-06-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.520 [GMT -5:00]
.
FW: COMODO Firewall Pro *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG2012\avgmfapx.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVG\AVG2012\avgscanx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.sbc.com/dsl
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: WinTouch Bar: {b28bb341-2c37-4711-bf95-9ddb4ce55f4a} - %SystemRoot%\system32\shdocvw.dll
EB: SpeedRunner Bar: {cafb2180-ba09-11dc-95ff-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cdloader] "c:\documents and settings\judy\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{2AF06E74-688A-4B17-BFCA-E4B8BB073772} : DhcpNameServer = 192.168.0.1 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\judy\application data\mozilla\firefox\profiles\zh7xfbbc.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-05-29 20:18:32 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-04 22:25:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 22:25:22 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:25:19 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:43:32.75 ===============

#10 Green Country

Green Country
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 13 June 2012 - 02:47 PM

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/14/2008 7:57:01 PM
System Uptime: 6/13/2012 2:21:40 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 33.566 GiB free.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Agere Systems PCI Soft Modem
AIO_Scan
ATT-PRT22
Audacity 1.2.6
AVG 2012
BitTorrent 6.0.2
BroadJump Client Foundation
BufferChm
C4200
c4200_Help
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DNA
DocProc
DocProcQFolder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
ImgBurn
Intel® PRO Network Connections Drivers
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 31
Java™ 6 Update 7
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
magicJack
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
neroxml
NVIDIA Display Driver
Opera 11.64
PowerDVD
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Toolbox
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.1
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/7/2012 3:41:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 0007E97C9398 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
6/7/2012 3:39:51 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
6/7/2012 3:39:45 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Zpaction service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The XTrapD12 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The WmBEnum service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Winpower service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Wdelmgr20 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The W39n51 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Vusbbus service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Viagfx service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Vet-rec service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Vci service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Usbser service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Us30service service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Umwdf service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Ulcdrhlp service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Tvtfilter service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Tmcomm service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Tlntsvr service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Tiwlnsvc service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Tgsrvc_smartagent service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Tga service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Tavsvc service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Taphss service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The T6963C service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Svcwrsssdk service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The SunkFilt service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Spupdsvc service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Sntnlusb service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The SlNtHal service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Sigfilt service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Sfsync04 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Se44unic service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The SE2Dobex service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The SE2Cmgmt service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The SE27mdm service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Screadspool service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The SbieDrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The S716mdm service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The S616mdm service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Rsvchost service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Ptserlp service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Proxyhostmirrordisplay service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Pnp680r service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Pnarp service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Pelmouse service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Pdlnecfg service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Pcradminserver service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Ownershipprotocol service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Oracle_load_balancer_60_client-forms6ip9 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The NwSapAgent service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The NWDHCP service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Nvmpu401 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Nmraapache service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Nimdbgk service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Nimcdlbk service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Mwstick service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The MSSQL$AUTODESKVAULT service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The MSFWHLPR service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Mscsptisrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Mqdmbus service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The MKEMUSB service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Midisyn service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Mcsysmon service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Mafwboot service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Machnm32 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Ma_cmidi_installerservice service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Lxbs_device service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Lvmvdrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Lkcitadelserver service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Licenseservice service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Lexbces service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Lemsgt service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The L8042Kbd service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Ino_fltr service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Imountsrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Ibmpmdrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The HssDrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The HpqRemHid service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The GoProto service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The GetPlusHelper service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Gearsecurity service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The FreshIO service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Freesshdservice service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Fasttx2k service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Emproxy service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Elnkfwppservice service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Dvd-ram_service service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Dladresn service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Diskeeper service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Dell1100_FUService service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Defrag32b service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The DcPTP service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The CX88ENC service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Cwcspud service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Cwafadmincontroller service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The CTSBLFX.DLL service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The CTMMOUNT service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Ctmmfilt service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Cpqfcalm service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Cpntsrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The CoolerXPDriver service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Cmdmon service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Cdrbsvsd service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Ccalib8 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Btdriver service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Bmuservice service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Bhmonitorservice service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Besclient service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Backupexecnotificationserver service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Avgfwsrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Atksgt service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The ATKGFNEXSrv service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The AtiHdmiService service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Aswtdi service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Alpham2 service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The AeLookupSvc service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The Adfs service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:24 PM, error: Service Control Manager [7023] - The {a7447300-8075-4b0d-83f1-3d75c8ebc623} service terminated with the following error: The specified module could not be found.
6/7/2012 3:39:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
6/7/2012 3:39:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
6/13/2012 2:40:49 PM, error: Service Control Manager [7023] - The DirectUpdate service terminated with the following error: Access is denied.
6/13/2012 2:39:49 PM, error: Service Control Manager [7023] - The Ramaint service terminated with the following error: Access is denied.
6/13/2012 2:39:04 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
6/13/2012 2:39:04 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
6/13/2012 2:23:47 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:08 PM

Posted 13 June 2012 - 08:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Green Country

Green Country
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 15 June 2012 - 06:41 PM

WHEW, FINALLY! AVG disabled but still alerting to threats and trojans. Rebooted twice.[/b]



ComboFix 12-06-15.06 - Judy 06/15/2012 18:05:56.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.855 [GMT -5:00]
Running from: c:\documents and settings\Judy\My Documents\Downloads\ComboFix.exe
FW: COMODO Firewall Pro *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Judy\Application Data\Microsoft\Windows\rayiou.exe
c:\documents and settings\Judy\My Documents\DPE.DUS
c:\windows\$NtUninstallKB25072$
c:\windows\$NtUninstallKB25072$\1130766998\@
c:\windows\$NtUninstallKB25072$\1130766998\bckfg.tmp
c:\windows\$NtUninstallKB25072$\1130766998\cfg.ini
c:\windows\$NtUninstallKB25072$\1130766998\Desktop.ini
c:\windows\$NtUninstallKB25072$\1130766998\keywords
c:\windows\$NtUninstallKB25072$\1130766998\kwrd.dll
c:\windows\$NtUninstallKB25072$\1130766998\L\uatbcihf
c:\windows\$NtUninstallKB25072$\1130766998\lsflt7.ver
c:\windows\$NtUninstallKB25072$\1130766998\oemid
c:\windows\$NtUninstallKB25072$\1130766998\U\00000001.@
c:\windows\$NtUninstallKB25072$\1130766998\U\00000002.@
c:\windows\$NtUninstallKB25072$\1130766998\U\00000004.@
c:\windows\$NtUninstallKB25072$\1130766998\U\80000000.@
c:\windows\$NtUninstallKB25072$\1130766998\U\80000004.@
c:\windows\$NtUninstallKB25072$\1130766998\U\80000032.@
c:\windows\$NtUninstallKB25072$\1130766998\version
c:\windows\$NtUninstallKB25072$\3051156400
c:\windows\system32\dds_trash_log.cmd
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 22:53 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 21:10 . 2012-04-07 21:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 21:10 . 2011-05-31 00:09 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 22:25 . 2012-05-04 21:26 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-04 20:56 . 2012-04-07 23:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 15:29 . 2011-12-18 15:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"cdloader"="c:\documents and settings\Judy\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-8 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Judy\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14418:TCP"= 14418:TCP:BitComet 14418 TCP
"14418:UDP"= 14418:UDP:BitComet 14418 UDP
"0:TCP"= 0:TCP:spport
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 2:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/17/2008 8:17 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 2:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 2:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 7:21 AM 16720]
S1 wanarpp;wanarpp;c:\windows\system32\drivers\wanarpp.sys --> c:\windows\system32\drivers\wanarpp.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 4:44 PM 257224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
psadd
ql2100
konfig
s125mdfl
AtiPcie
L6POD
SE2Emgmt
RR2Vbi
nisvcloc
ZDPNDIS5
VSP1284D
MR97310_USB_DUAL_CAMERA
SNDO763
ar5211
R300
s217obex
afs2k
axsaki
ashampoodefragservice
BrPar
mfeavfk
Wdf01000
avg7alrt
srvdpi
dlabmfsm
2wirepcp
nvsmu
pcctlcom
tapvpn
rapapp
SNTIE
IntelC53
BLKWGU(Belkin)
gameenum
artdhcp
EACSvrMngr
mrobeservice
wlidsvc
rpsupdaterr
logmein
asctrm
AtlsAud
w800bus
FireHook
smbusp
Nsynas32
useraccess7
PTDCVsp
vet-rec
beatjamupnpmusicserver
ET5Drv
SE2Dobex
emclisrv
hSONYPVh
Sntnlusb
snapman380
WmFilter
rvsinst
REVO
vmx86
fsks
icm10blk
eamon
sandboxu
InterBaseServer
GV600_4
RR2IOMod
tosrfbd
wcontrol
wkscfgsrv
tifm21
se45mgmt
CX23880
SE2Bmdm
s117obex
DSI_SiUSBXp_3_1
pivotmou
winpower
vsbus
nvgts
vrservice
webupdate
FlexBios
SE2Cmgmt
ca-messagequeuing
cvspydr2
ScanUSBEMPIA
Sunkfiltp
RIOXDRV
rassstp
e1000
mr7910
vmnetbridge
pwd_2K
s3savagemx
mscsptisrv
venturi2
sermouse
portio
ithsgt
prfldsvc
samfilt
xfilt
symfw
fgdxbus
tvtpktfilter
bdselfpr
pnrouter
InCDsrvR
s716unic
wanatw
g400
pcidrv
fsaua
NWHOST
unrealircd
bvrp_pci
idechndr
aswmon2
mcmscsvc
useraccess
SrvcTPIOMngr
inotask
fasttraksvc
ctxhttp
mcrdsvc
CnxTrUsb
usnsvc
CTMFLT
lxby_device
USBDeviceService
arrayssl_vpn_service3,0,1,9
symsnap
z525mgmt
vcsw
PhilCam8116
TCtrlIO
netmdsb
hcmon
OEM02Afx
ibmfilter
pfmodnt
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 21:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.sbc.com/dsl
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\zh7xfbbc.default\
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\PerfStringBackup.TMP
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(8680)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-06-15 18:34:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 23:34
ComboFix2.txt 2008-05-19 19:06
ComboFix3.txt 2008-05-18 20:58
ComboFix4.txt 2008-05-02 21:08
ComboFix5.txt 2012-06-15 22:49
.
Pre-Run: 36,819,374,080 bytes free
Post-Run: 39,332,798,464 bytes free
.
- - End Of File - - 46F736C24C09A07DFB60E6FEBA861672

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:08 PM

Posted 15 June 2012 - 08:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:08 PM

Posted 17 June 2012 - 11:46 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Green Country

Green Country
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 18 June 2012 - 11:23 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-18 11:02:10
-----------------------------
11:02:10.937 OS Version: Windows 5.1.2600 Service Pack 3
11:02:10.937 Number of processors: 1 586 0x207
11:02:10.937 ComputerName: PHOENIX UserName: Judy
11:02:11.703 Initialize success
11:19:55.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:19:55.125 Disk 0 Vendor: IC35L060AVV207-0 V22OA66A Size: 57220MB BusType: 3
11:19:55.171 Disk 0 MBR read successfully
11:19:55.171 Disk 0 MBR scan
11:19:55.171 Disk 0 Windows XP default MBR code
11:19:55.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57207 MB offset 63
11:19:55.250 Disk 0 scanning sectors +117162045
11:19:55.656 Disk 0 scanning C:\WINDOWS\system32\drivers
11:20:15.281 Service scanning
11:20:38.875 Modules scanning
11:20:51.937 Disk 0 trace - called modules:
11:20:51.953 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:20:51.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a19cab8]
11:20:51.953 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a20fd98]
11:20:52.312 Scan finished successfully
11:22:37.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Judy\My Documents\MBR.dat"
11:22:37.390 The log file has been saved successfully to "C:\Documents and Settings\Judy\My Documents\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users