Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Choppy Computer (used to have redirects, but seem to have gone with time)


  • This topic is locked This topic is locked
16 replies to this topic

#1 yass

yass

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 11 September 2012 - 10:48 AM

Hi all, I was forwarded to this forum from: http://www.bleepingcomputer.com/forums/topic464481.html

I just have finished my preparation. Here is the data. I also have some specy analysis here much thanks to Roger: http://www.bleepingcomputer.com/forums/topic468139.html/page__view__findpost__p__2836245

DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 7.0.5730.11  BrowserJavaVersion: 10.0.0
Run by SONY VAIO at 1:52:00 on 2012-09-11
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2039.811 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\TCB Networks\StrokeIt\Bin\StrokeIt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\LWS\LU\LULnchr.exe
C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
L:\uTorrentPortable\uTorrentPortable.exe
L:\uTorrentPortable\App\uTorrent\uTorrent.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.4\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\21.0.1180.89\npchrome_frame.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.4\AVG Secure Search_toolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sony vaio\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [StrokeIt] c:\documents and settings\sony vaio\local settings\application data\tcb networks\strokeit\bin\StrokeIt.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: rasterwerks.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{45F0A112-6DD4-49C5-8AAC-AA9C72B74B7E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5BDCD4F1-F205-461E-8747-7F17EA02C955} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{782C1085-06DE-440A-B22C-27D496416DE3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{996D56C4-7685-47A4-A58B-A49ACE712410} : DhcpNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\21.0.1180.89\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sony vaio\application data\mozilla\firefox\profiles\vr10qb8s.default\
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\sony vaio\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sony vaio\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\sony vaio\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\sony vaio\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-8-9 151520]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-8-10 89440]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-10 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-6 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-25 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-8-20 5751928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-8-20 184304]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-1-25 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-7-18 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-24 47640]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-2-26 72672]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-6 722528]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-8-29 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-8-29 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-8-29 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-8-29 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-8-29 25704]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-8-9 54112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-20 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gamescampus\asda2\system\gameguard\dump_wmimmc.sys --> c:\program files\gamescampus\asda2\system\gameguard\dump_wmimmc.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-20 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-7-21 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-31 114144]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]
S3 USBFVNETR;NETGEAR MA101   USB Adapter;c:\windows\system32\drivers\ma101rndxp.sys [2009-5-23 76160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-09-11 08:37:47	--------	d-----w-	c:\program files\Speccy
2012-09-10 22:37:05	--------	d-----w-	c:\documents and settings\sony vaio\local settings\application data\uTorrent
2012-09-06 15:42:57	--------	d-----w-	c:\documents and settings\sony vaio\application data\AVG2013
2012-09-06 15:36:06	--------	d-----w-	c:\documents and settings\sony vaio\local settings\application data\AVG Secure Search
2012-09-06 15:36:06	--------	d-----w-	c:\documents and settings\sony vaio\application data\TuneUp Software
2012-09-06 15:35:56	--------	d-----w-	c:\documents and settings\all users\application data\AVG Secure Search
2012-09-06 15:35:43	--------	d-----w-	c:\documents and settings\sony vaio\application data\AVG Secure Search
2012-09-06 15:35:39	27496	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2012-09-06 15:35:36	--------	d-----w-	c:\program files\common files\AVG Secure Search
2012-09-06 15:35:34	--------	d-----w-	c:\program files\AVG Secure Search
2012-09-06 15:34:22	--------	d--h--w-	C:\$AVG
2012-09-06 15:34:22	--------	d-----w-	c:\documents and settings\all users\application data\AVG2013
2012-09-06 15:32:49	--------	d-----w-	c:\program files\AVG
2012-09-06 15:31:01	--------	d-----w-	c:\documents and settings\sony vaio\local settings\application data\MFAData
2012-09-06 15:31:01	--------	d-----w-	c:\documents and settings\sony vaio\local settings\application data\Avg2013
2012-09-06 15:31:01	--------	d-----w-	c:\documents and settings\all users\application data\MFAData
2012-09-06 12:09:35	--------	d-----w-	c:\program files\CCleaner
2012-09-06 07:31:37	--------	d-----w-	c:\documents and settings\sony vaio\local settings\application data\Thinstall
2012-09-06 07:31:37	--------	d-----w-	c:\documents and settings\sony vaio\application data\Thinstall
2012-08-30 00:40:36	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-08-30 00:40:14	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-08-30 00:39:21	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-08-30 00:38:55	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-08-30 00:38:11	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-08-30 00:38:03	892928	----a-w-	c:\windows\system32\iconv.dll
2012-08-30 00:38:03	675840	----a-w-	c:\windows\system32\ac3filter.ax
2012-08-30 00:38:02	153600	----a-w-	c:\windows\system32\WS_ATLMovie.dll
2012-08-30 00:38:00	--------	d-----w-	c:\program files\Aimersoft
2012-08-29 08:55:18	--------	d-----w-	c:\documents and settings\all users\application data\Amazon
2012-08-29 08:55:05	--------	d-----w-	c:\program files\Amazon
2012-08-29 08:52:39	--------	d-----w-	c:\program files\Windows Media Connect 2
2012-08-18 15:54:25	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-18 15:54:25	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2012-08-18 15:52:39	--------	d-----w-	c:\program files\iPod
2012-08-18 15:52:33	--------	d-----w-	c:\program files\iTunes
2012-08-18 15:52:33	--------	d-----w-	c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-18 15:50:56	--------	d-----w-	c:\program files\Bonjour
2012-08-13 23:40:54	176096	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
.
==================== Find3M  ====================
.
2012-08-10 11:52:38	164704	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2012-08-10 11:52:28	19808	----a-w-	c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 11:52:18	35168	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 20:56:44	178656	----a-w-	c:\windows\system32\drivers\avglogx.sys
2012-08-09 20:56:36	54112	----a-w-	c:\windows\system32\drivers\avgidshx.sys
2012-08-09 20:56:22	151520	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2012-08-08 14:38:03	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-08 14:38:03	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-02 01:35:09	87456	----a-w-	c:\windows\system32\LMIinit.dll
2012-08-02 01:35:09	83392	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2012-08-02 01:35:09	52128	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-08-02 01:35:09	30624	----a-w-	c:\windows\system32\LMIport.dll
2012-07-03 20:46:44	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
.
============= FINISH:  1:54:55.15 ===============

Attach.text

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 13 September 2012 - 08:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#3 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 13 September 2012 - 07:04 PM

Hi nasdaq thanks much. The combofix log is below. Ill run that security check right now.
ComboFix 12-09-13.01 - SONY VAIO 09/13/2012   8:53.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2039.854 [GMT -7:00]
Running from: c:\documents and settings\SONY VAIO\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\SONY VAIO\Local Settings\Application Data\TCB Networks\StrokeIt\Bin\StrokeIt.exe
c:\documents and settings\SONY VAIO\WINDOWS
C:\hosts
c:\hosts\HOSTS
c:\hosts\License.txt
c:\hosts\mvps.bat
c:\hosts\PrivacyPolicy.txt
c:\hosts\readme.txt
c:\windows\system32\SET17A8.tmp
c:\windows\system32\SET17AD.tmp
c:\windows\system32\SET17B4.tmp
c:\windows\system32\SET17BD.tmp
c:\windows\system32\SET17BF.tmp
c:\windows\system32\SET17C2.tmp
c:\windows\system32\SET17F1.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\XSxS
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-13 to 2012-09-13  )))))))))))))))))))))))))))))))
.
.
2012-09-11 08:37 . 2012-09-11 08:37	--------	d-----w-	c:\program files\Speccy
2012-09-10 22:37 . 2012-09-10 22:37	--------	d-----w-	c:\documents and settings\SONY VAIO\Local Settings\Application Data\uTorrent
2012-09-06 15:42 . 2012-09-06 15:42	--------	d-----w-	c:\documents and settings\SONY VAIO\Application Data\AVG2013
2012-09-06 15:36 . 2012-09-06 15:36	--------	d-----w-	c:\documents and settings\SONY VAIO\Local Settings\Application Data\AVG Secure Search
2012-09-06 15:36 . 2012-09-06 15:36	--------	d-----w-	c:\documents and settings\SONY VAIO\Application Data\TuneUp Software
2012-09-06 15:35 . 2012-09-06 15:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-09-06 15:35 . 2012-09-06 15:35	--------	d-----w-	c:\documents and settings\SONY VAIO\Application Data\AVG Secure Search
2012-09-06 15:35 . 2012-09-06 15:35	27496	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2012-09-06 15:35 . 2012-09-06 15:35	--------	d-----w-	c:\program files\Common Files\AVG Secure Search
2012-09-06 15:35 . 2012-09-06 15:35	--------	d-----w-	c:\program files\AVG Secure Search
2012-09-06 15:34 . 2012-09-06 17:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG2013
2012-09-06 15:34 . 2012-09-06 15:34	--------	d-----w-	C:\$AVG
2012-09-06 15:32 . 2012-09-06 15:32	--------	d-----w-	c:\program files\AVG
2012-09-06 15:31 . 2012-09-13 16:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2012-09-06 15:31 . 2012-09-06 16:33	--------	d-----w-	c:\documents and settings\SONY VAIO\Local Settings\Application Data\Avg2013
2012-09-06 15:31 . 2012-09-06 15:31	--------	d-----w-	c:\documents and settings\SONY VAIO\Local Settings\Application Data\MFAData
2012-09-06 12:09 . 2012-09-06 12:09	--------	d-----w-	c:\program files\CCleaner
2012-09-06 07:31 . 2012-09-06 07:31	--------	d-----w-	c:\documents and settings\SONY VAIO\Local Settings\Application Data\Thinstall
2012-09-06 07:31 . 2012-09-06 07:31	--------	d-----w-	c:\documents and settings\SONY VAIO\Application Data\Thinstall
2012-08-30 00:40 . 2010-12-24 22:27	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-08-30 00:40 . 2010-12-24 22:27	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-08-30 00:39 . 2010-12-24 22:27	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-08-30 00:38 . 2010-12-24 22:27	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-08-30 00:38 . 2010-12-24 22:27	25704	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-08-30 00:38 . 2010-12-24 22:27	892928	----a-w-	c:\windows\system32\iconv.dll
2012-08-30 00:38 . 2010-12-24 22:27	675840	----a-w-	c:\windows\system32\ac3filter.ax
2012-08-30 00:38 . 2011-01-15 21:08	153600	----a-w-	c:\windows\system32\WS_ATLMovie.dll
2012-08-30 00:38 . 2012-08-30 00:38	--------	d-----w-	c:\program files\Aimersoft
2012-08-29 09:05 . 2004-08-04 12:00	25600	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-08-29 09:00 . 2012-08-29 09:00	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2012-08-29 08:55 . 2012-08-29 08:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Amazon
2012-08-29 08:55 . 2012-08-29 08:55	--------	d-----w-	c:\program files\Amazon
2012-08-29 08:52 . 2012-08-29 08:52	--------	d-----w-	c:\program files\Windows Media Connect 2
2012-08-29 08:50 . 2012-08-29 08:51	--------	d-----w-	c:\windows\system32\drivers\UMDF
2012-08-18 15:54 . 2009-05-18 20:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-18 15:54 . 2008-04-17 19:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2012-08-18 15:52 . 2012-08-18 15:52	--------	d-----w-	c:\program files\iPod
2012-08-18 15:52 . 2012-08-18 15:54	--------	d-----w-	c:\program files\iTunes
2012-08-18 15:52 . 2012-08-18 15:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-18 15:51 . 2012-08-18 15:51	--------	d-----w-	c:\documents and settings\LocalService\Application Data\Apple Computer
2012-08-18 15:50 . 2012-08-18 15:50	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 23:40 . 2012-08-13 23:40	176096	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 11:52 . 2012-08-10 11:52	164704	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2012-08-10 11:52 . 2012-08-10 11:52	89440	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2012-08-10 11:52 . 2012-08-10 11:52	19808	----a-w-	c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 11:52 . 2012-08-10 11:52	35168	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 20:56 . 2012-08-09 20:56	178656	----a-w-	c:\windows\system32\drivers\avglogx.sys
2012-08-09 20:56 . 2012-08-09 20:56	54112	----a-w-	c:\windows\system32\drivers\avgidshx.sys
2012-08-09 20:56 . 2012-08-09 20:56	151520	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2012-08-08 14:38 . 2012-08-08 14:38	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-08 14:38 . 2011-06-27 06:53	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 01:35 . 2009-05-24 07:21	83392	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2012-08-02 01:35 . 2009-05-24 07:21	52128	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-08-02 01:35 . 2009-05-24 07:21	30624	----a-w-	c:\windows\system32\LMIport.dll
2012-08-02 01:35 . 2009-05-24 07:21	87456	----a-w-	c:\windows\system32\LMIinit.dll
2012-07-03 20:46 . 2010-05-04 05:08	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-07 17:15 . 2012-09-07 17:14	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-06 15:35	2045536	----a-w-	c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll" [2012-09-06 2045536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-17 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-08-29 3039352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-06 950368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-09-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-08-02 01:35	87456	----a-w-	c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06	88363	----a-w-	c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00	57344	----a-w-	c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-22 01:44	2744832	----a-w-	c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-10 05:10	344064	----a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-04 12:00	110592	----a-w-	c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17	53248	----a-w-	c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00	15360	------w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-12 05:53	136176	----atw-	c:\documents and settings\SONY VAIO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 23:10	61952	----a-w-	c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27	126976	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31	155648	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 10:10	55824	----a-w-	c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-01-27 18:22	63048	------w-	c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2006-11-09 19:00	24576	----a-w-	c:\documents and settings\SONY VAIO\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:49	13892200	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-08-03 11:49	111208	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-10-21 22:20	77824	----a-w-	c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 20:59	252136	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-06 08:13	4777856	----a-w-	c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2007-04-18 03:19	100056	----a-w-	c:\progra~1\SYMNET~1\SNDMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2010-07-08 13:28	815704	----a-w-	c:\program files\TightVNC\tvnserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08	28672	----a-w-	c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31	85160	----a-w-	c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 02:20	866584	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"tvnserver"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\SONY VAIO\\Desktop\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Psygnosis\\Metal Fatigue\\MFatigue.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Python25\\pythonw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\SONY VAIO\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\SONY VAIO\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\SONY VAIO\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"l:\\uTorrentPortable\\App\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"56225:TCP"= 56225:TCP:Pando Media Booster
"56225:UDP"= 56225:UDP:Pando Media Booster
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [8/9/2012 1:56 PM 54112]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8/10/2012 4:52 AM 35168]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/20/2009 6:19 PM 691696]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [8/13/2012 4:40 PM 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [8/10/2012 4:52 AM 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8/9/2012 1:56 PM 151520]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/10/2012 4:52 AM 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/6/2012 8:35 AM 27496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 5:26 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/25/2010 12:08 AM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [8/20/2012 4:52 AM 5751928]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [8/20/2012 4:53 AM 184304]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/25/2011 10:26 PM 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/18/2010 12:20 PM 12856]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2/26/2008 10:42 PM 72672]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/16/2010 2:06 PM 80896]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/6/2012 8:35 AM 722528]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [8/29/2012 5:38 PM 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [8/29/2012 5:38 PM 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [8/29/2012 5:39 PM 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [8/29/2012 5:40 PM 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [8/29/2012 5:40 PM 25704]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/20/2011 6:33 PM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\GamesCampus\Asda2\system\GameGuard\dump_wmimmc.sys --> c:\program files\GamesCampus\Asda2\system\GameGuard\dump_wmimmc.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/20/2011 6:33 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/21/2011 3:55 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/31/2012 10:39 PM 114144]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 12872]
S3 USBFVNETR;NETGEAR MA101   USB Adapter;c:\windows\system32\drivers\ma101rndxp.sys [5/23/2009 5:31 PM 76160]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S4 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [7/8/2010 6:28 AM 815704]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSHX
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-21 01:33]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-21 01:33]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278600100-1971447317-2599236540-1006Core.job
- c:\documents and settings\SONY VAIO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-12 05:53]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278600100-1971447317-2599236540-1006UA.job
- c:\documents and settings\SONY VAIO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-12 05:53]
.
2012-09-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2006-11-13 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00]
.
2006-11-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00]
.
2006-11-13 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
Trusted Zone: rasterwerks.com
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
FF - ProfilePath - c:\documents and settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\vr10qb8s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q=
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-StrokeIt - c:\documents and settings\SONY VAIO\Local Settings\Application Data\TCB Networks\StrokeIt\Bin\StrokeIt.exe
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 16:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\CLBCATQ.DLL
.
- - - - - - - > 'explorer.exe'(1520)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\LWS\LU\LULnchr.exe
c:\program files\Logitech\LWS\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2012-09-13  17:00:02 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-13 23:59
.
Pre-Run: 64,606,707,712 bytes free
Post-Run: 64,608,780,288 bytes free
.
- - End Of File - - 9A92D798BE35770136DCE8D95A820E64


#4 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 13 September 2012 - 07:28 PM

Here's checkup.txt:

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2013
ESET Online Scanner v3
SonicStage Mastering Studio Audio Filter Custom Preset
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.3
SUPERAntiSpyware Free Edition
Windows Defender
HostsMan 3.2.73
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 21
Java™ 7
Java™ SE Development Kit 7
Java version out of Date!
Adobe Flash Player 11.3.300.268
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Thanks so much nasdaq!

Edited by nasdaq, 14 September 2012 - 08:02 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 14 September 2012 - 08:09 AM

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 2 x86
Out of date service pack!!

Click on the Out of date service pack!! link and update to SP3.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 21
Java™ 7
Java™ SE Development Kit 7


===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#6 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 17 September 2012 - 02:55 AM

Thanks nasdaq! I actually have a bunch of weird processes in my task manager. Like: juscheck.exe, ToolbarUpdate.exe, CameraHelper.exe, etc etc.
Are those safe? I don't have a need for those can you please help me remove it.

Sorry for late reply my week of work just ended, I work shift.

Edited by yass, 17 September 2012 - 02:56 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 17 September 2012 - 08:08 AM

C:\Program Files\Common Files\Java\Java Update\jusched.exe
Safe. It keeps your Java up to date. You can stop it from running at startup. Make sure you run the jusched.exe on occasions to get the latest version.
===

If this is the location of the ToobarUpdate.exe I would remove it.
C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe

If not the exact location pleas post the complete PATH for my review.
===

The CameraHelper.exe is required by these Logitech WebCam processes.
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe


#8 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 18 September 2012 - 06:17 AM

C:\Program Files\Common Files\Java\Java Update\jusched.exe
Safe. It keeps your Java up to date. You can stop it from running at startup. Make sure you run the jusched.exe on occasions to get the latest version.
===

If this is the location of the ToobarUpdate.exe I would remove it.
C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe

If not the exact location pleas post the complete PATH for my review.
===

The CameraHelper.exe is required by these Logitech WebCam processes.
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

Ah yeah its not a dogpile toolbar.

I actually am seeing redirects still.
Fro example when I click the links at the bottom of this page under the column: "From NYDailyNews.com"

they take me to the site but first go to traffic.outbrain this is one that happend:
http://traffic.outbrain.com/network/redir?key=0a6404c06abba16788703040cd1d1090&rdid=380721301&type=MV_d/t2_la&in-site=true&req_id=06db8dd6a60d127779a38080e2668726&agent=blog_JS_rec&recMode=7&reqType=1&wid=100&imgType=0&refPub=145&prs=true&scp=false

Is there soething still fishy?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 18 September 2012 - 07:42 AM

Ah yeah its not a dogpile toolbar

What is it?

Try this.

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

How is it now?

#10 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 20 September 2012 - 11:37 AM

Ah yeah its not a dogpile toolbar

What is it?

Try this.

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

How is it now?


Thanks I did the flushdns I don't know what difference it's supposed to make.

I don't know about what the toolbar.exe is :( I just know that when I looked i don't have any folder called C:\Program Files\dogpile

Sorry about late reply I'm having a tough time at work lately.

#11 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 20 September 2012 - 11:39 AM

Ah yeah its not a dogpile toolbar

What is it?

Try this.

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

How is it now?


Thanks I did the flushdns I don't know what difference it's supposed to make.

I don't know about what the toolbar.exe is :( I just know that when I looked i don't have any folder called C:\Program Files\dogpile

Sorry about late reply I'm having a tough time at work lately.

Also could is it ok now for me to follow the AVG removal steps here: http://www.bleepingcomputer.com/forums/topic468139.html/page__view__findpost__p__2836966

Thanks so much!

Edit: whoops! sorry theres a double post above

Edited by yass, 20 September 2012 - 11:40 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 20 September 2012 - 01:12 PM

Sorry I meant to say were (what folder) is this file ToolbarUpdate.exe located.

Yes you can remove AVG but make sure you install one of the suggested virus protection.

The redirection can come from your Router. Reset it.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html


How To Set Up a Network Router
http://compnetworking.about.com/od/homenetworking/ht/routerconfigure.htm

#13 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 21 September 2012 - 05:55 PM

Sorry I meant to say were (what folder) is this file ToolbarUpdate.exe located.

Yes you can remove AVG but make sure you install one of the suggested virus protection.

The redirection can come from your Router. Reset it.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html


How To Set Up a Network Router
http://compnetworking.about.com/od/homenetworking/ht/routerconfigure.htm

Thanks nasdaq. I saw the ToolbarUpdate.exe running in my processes ctlr+alt+del window. I don't know how to find it's exact location. :(

Thanks for that! I'll try that.

I think at this point I'm just dragging you along. I think you helped me so much get the ncessary thing done (ComboFix) maybe we should close this topic as resolved?

Thanks so much nasdaq for your continued support you guys are so nice here! And super patient!

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:30 PM

Posted 22 September 2012 - 08:06 AM

Thanks nasdaq. I saw the ToolbarUpdate.exe running in my processes ctlr+alt+del window. I don't know how to find it's exact location.


Lets find out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    ToolbarUpdate.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===

Were you able to reset the router?

How is it now?

#15 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 24 September 2012 - 12:52 AM

Thanks nasdaq. I saw the ToolbarUpdate.exe running in my processes ctlr+alt+del window. I don't know how to find it's exact location.


Lets find out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    ToolbarUpdate.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===

Were you able to reset the router?

How is it now?

Thanks nasdaq! Im running that systemlook now.

I reset the router just a moment ago but i cant find that link I posted earlier with the "From NY " column so I can't test :(


Found the thing, its acctually ToolbarUpdater.exe
SystemLook 30.07.11 by jpshortstuff
Log created at 22:57 on 23/09/2012 by SONY VAIO
Administrator - Elevation successful

========== filefind ==========

Searching for "ToolbarUpdater.exe"
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe	--a---- 722528 bytes	[15:35 06/09/2012]	[15:35 06/09/2012] 52591834B0FA3293D35FD407FC230F7D

-= EOF =-

Here's a screenshot of my running processes can you please help me clean it up to bare minimum: attached

Attached Files


Edited by yass, 24 September 2012 - 01:00 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users