VirusPain
-
Posts
43 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by VirusPain
-
-
Here's the DDS logs
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Abi at 12:57:55 on 2011-05-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.237 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Abi\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\abi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9eaa30&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-GB&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-18 27632]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-8 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-18 13224]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-5-18 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-5-18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-5-18 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-5-18 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-5-18 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-5-18 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-5-18 109736]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-2 19840]
.
=============== Created Last 30 ================
.
2011-05-23 06:43:15 -------- d-----w- c:\documents and settings\abi\application data\QuickScan
2011-05-21 06:31:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 19:07:19 -------- d-----w- c:\documents and settings\abi\application data\Serif
2011-05-16 19:02:27 -------- d-----w- c:\program files\Serif
2011-05-11 19:35:40 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 19:35:38 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 19:35:34 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-11 19:35:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 19:35:33 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 19:35:26 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-11 19:35:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 19:35:20 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-07 08:49:21 3140 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-04-07 08:49:08 88 -csh--r- c:\documents and settings\all users\application data\CFF4E75662.sys
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 12:59:25.23 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 07/11/2009 04:36:56
System Uptime: 23/05/2011 11:26:35 (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NC10
Processor: Intel® Atom CPU N270 @ 1.60GHz | U2E1 | 1595/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 104.901 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E00C105B&REV_01\4&192AC53F&0&00E0
Manufacturer: Atheros
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E00C105B&REV_01\4&192AC53F&0&00E0
Service: AR5416
.
==== System Restore Points ===================
.
RP88: 26/02/2011 10:48:11 - Software Distribution Service 3.0
RP89: 06/03/2011 21:49:01 - System Checkpoint
RP90: 09/03/2011 21:46:59 - Software Distribution Service 3.0
RP91: 15/03/2011 09:27:59 - Avg Update
RP92: 15/03/2011 09:28:48 - Avg Update
RP93: 16/03/2011 08:18:24 - Installed Java 6 Update 24
RP94: 25/03/2011 16:24:44 - Software Distribution Service 3.0
RP95: 07/04/2011 09:54:14 - Removed Corel WinDVD 2010.
RP96: 07/04/2011 14:06:34 - Installed AVG 2011
RP97: 07/04/2011 14:08:56 - Removed AVG 9.0
RP98: 07/04/2011 14:09:07 - Removed AVG 2011
RP99: 07/04/2011 14:10:57 - Removed AVG 9.0
RP100: 07/04/2011 14:13:22 - Installed AVG 2011
RP101: 07/04/2011 14:15:14 - Removed AVG 9.0
RP102: 07/04/2011 14:15:25 - Removed AVG 2011
RP103: 08/04/2011 06:52:28 - Removed AVG 9.0
RP104: 08/04/2011 07:16:12 - Installed AVG 2011
RP105: 08/04/2011 07:18:07 - Removed AVG 9.0
RP106: 08/04/2011 07:22:20 - Installed AVG 2011
RP107: 11/04/2011 17:21:35 - System Checkpoint
RP108: 15/04/2011 10:20:02 - Software Distribution Service 3.0
RP109: 15/04/2011 12:30:58 - Software Distribution Service 3.0
RP110: 27/04/2011 10:04:19 - Software Distribution Service 3.0
RP111: 11/05/2011 10:00:22 - Software Distribution Service 3.0
RP112: 15/05/2011 09:23:34 - System Checkpoint
RP113: 16/05/2011 20:02:20 - Installed Serif CraftArtist Professional
RP114: 16/05/2011 20:25:44 - Installed Serif CraftArtist Wedding Day Collection
RP115: 16/05/2011 20:32:41 - Installed Serif CraftArtist Greeting Cards Collection
RP116: 16/05/2011 20:43:51 - Installed Serif CraftArtist Baby Photos Collection
RP117: 16/05/2011 21:01:20 - Installed Serif CraftArtist Scrapbooks Collection
RP118: 20/05/2011 12:44:03 - System Checkpoint
RP119: 22/05/2011 14:53:03 - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Amazon Kindle For PC
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
Audials
Audials TV
Avanquest update
AVG 2011
AVG PC Tuneup 2011
Bonjour
BufferChm
C4600
DBXpress
Destinations
DeviceDiscovery
Easy Display Manager
Easy Network Manager
GPBaseService2
Hide IP NG 1.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
imagine digital freedom - Samsung
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java 6 Update 24
Magic Keyboard
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Namuga 1.3M Webcam
OpenOffice.org 3.1
Play Camera
PS_AIO_05_C4600_Software_Min
QuickTime
Realtek High Definition Audio Driver
Samsung Battery Manager
Samsung EDS
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Samsung Wallpaper
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Segoe UI
Serif CraftArtist Baby Photos Collection
Serif CraftArtist Greeting Cards Collection
Serif CraftArtist Professional
Serif CraftArtist Scrapbooks Collection
Serif CraftArtist Wedding Day Collection
Shop for HP Supplies
Skype Toolbars
Skype
-
Hi,
I've posted the first two AVG logs, the first was when it found and removed a rootkit, but it found and removed the same thing the day before. Then the second log later on it found 11 infections, removed 1 but said it couldn't remove the others.
I'll do the other scans you asked for now.
Thanks again
Abi
1st Log
"Scan ""Scheduled scan"" completed."
"Rootkits";"1";"1";"0"
"Information";"81"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"21 May 2011, 19:14:51"
"Scan finished:";"21 May 2011, 22:36:28 (3 hour(s) 21 minute(s) 37 second(s))"
"Total object scanned:";"721328"
"User who launched the scan:";"SYSTEM"
"Rootkits"
"";"File";"Infection";"Result"
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS0547D.log";"Hidden file";"Object is inaccessible."
"Information"
"";"File";"Information";"Result"
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\d5fea37c-ffff-ffff-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\97193d48-ffff-ffff-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\4c422478-0000-1000-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\3f1a90da-0000-1000-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\320108d6-0000-1000-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip.bak";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Relationships.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\registryCoverage.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip.bak";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\md5Cache.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip.bak";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Characteristics.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.dat";"Password-protected";""
"";"C:\Documents and Settings\Abi\Local Settings\Temporary Internet Files\Content.IE5\1ZLEQK8F\Weald of Kent May_Regional.doc";"Contains macros";""
"";"C:\WINDOWS\temp\avg-fdf2a209-f433-452b-9f11-701d142b6e01.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-f7d77b41-9976-415e-b95b-37363ec8cc61.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-f7d77b41-9976-415e-b95b-37363ec8cc61.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-e587123f-b733-4733-999c-1b584bcb7f7d.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-e55bfa53-259a-4b6c-bfc3-5a04e9cb7c28.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-e4a9756c-4fb2-4d23-b1f3-c94950626c68.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-e0177922-7df1-465a-b5f5-3630c7ebf81b.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-df04456a-c1ee-4c70-a1ba-5068948bd719.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-dc5ce704-06c6-4c05-80aa-9378137ef35f.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-d734be2f-7a87-4853-94e2-3d3211289208.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-c4351073-36aa-4118-82a2-be45c1423317.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-b9ae6f2d-3463-4227-b07b-1937bac9ef32.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-b5e45132-6da0-4d23-9b79-8d46e668fa41.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-9ba8a25b-7818-4b08-8a14-8e6b51465a2b.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-8be8fd63-1f02-4957-a65c-e61b20567f78.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-86992d0b-9269-4853-91c8-d021c3d86a2f.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-6e862f32-5595-4445-94d4-a447ff870405.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-5777906b-1599-4653-9577-415c0c5b981c.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-4a676f22-2c07-4f35-83de-fd31c5de375c.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-4352c601-17af-4941-b9ac-c92c99f6bc6c.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-37a62171-623c-4776-a92a-541d49d2af5b.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-2d824d43-c067-484f-9d87-d359d4e83e1f.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-2a6db848-e990-4324-81a9-3a0df3b0b827.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-22515677-8e08-4562-a3b0-315ff801b453.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-2075af6f-6b2e-4c7e-bf14-6f07c6f92a53.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-1e31264a-8547-4b0f-85df-a16484dc4368.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-19677d12-5d0a-4925-af85-551b59730f7f.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-173ba748-a757-4273-8a9e-9d53a5359a1b.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\temp\avg-03cd5c4e-851d-4d00-9f23-6d13af99e764.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\system.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\software.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\SECURITY.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\SAM.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\default.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\CatRoot2\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\CatRoot2\edb.log";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\LocalService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\AVG10\avgam\avgam.lck";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Application Data\Mozilla\Firefox\Profiles\y3wth8zt.default\parent.lock";"Locked file. Not tested.";"Locked file. Not tested."
2nd Log
"Scan ""Scheduled scan"" completed."
"Infections";"11";"1";"10"
"Information";"57"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"22 May 2011, 12:00:04"
"Scan finished:";"22 May 2011, 12:16:10 (16 minute(s) 5 second(s))"
"Total object scanned:";"722136"
"User who launched the scan:";"SYSTEM"
"Infections"
"";"File";"Infection";"Result"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628)";"Virus found Win32/PEPatch";"Deleted"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf50000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf40000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf30000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0afe0000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fc0000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fb0000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fa0000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f90000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f80000";"Virus found Win32/PEPatch";"Infected"
"";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f70000";"Virus found Win32/PEPatch";"Infected"
"Information"
"";"File";"Information";"Result"
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\d5fea37c-ffff-ffff-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\97193d48-ffff-ffff-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\4c422478-0000-1000-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\3f1a90da-0000-1000-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\320108d6-0000-1000-8000-000000000000.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip.bak";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Relationships.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\registryCoverage.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip.bak";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\md5Cache.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip.bak";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Characteristics.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.dat";"Password-protected";""
"";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.dat";"Password-protected";""
"";"C:\Documents and Settings\Abi\Local Settings\Temporary Internet Files\Content.IE5\1ZLEQK8F\Weald of Kent May_Regional.doc";"Contains macros";""
"";"C:\WINDOWS\temp\avg-13d4f437-e8cb-481c-8e41-470a1099084b.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\system.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\software.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\SECURITY.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\SAM.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\default.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\CatRoot2\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\WINDOWS\system32\CatRoot2\edb.log";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\LocalService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\All Users\Application Data\AVG10\avgam\avgam.lck";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Local Settings\temp\config.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D697977-8449-11E0-9413-00234EEA9FC6}.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B915FE3-8449-11E0-9413-00234EEA9FC6}.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7B915FE2-8449-11E0-9413-00234EEA9FC6}.dat";"Locked file. Not tested.";"Locked file. Not tested."
"";"C:\Documents and Settings\Abi\Application Data\Mozilla\Firefox\Profiles\y3wth8zt.default\parent.lock";"Locked file. Not tested.";"Locked file. Not tested."
-
Hi,
thanks for answering. Here is the BitDefender Report:
QuickScan Beta 32-bit v0.9.9.93
-------------------------------
Scan date: Mon May 23 07:43:22 2011
Machine ID: 1C00A568
No infection found.
-------------------
Processes
---------
(unsigned) Adobe Photo Downloader 3476 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
(unsigned) BatteryManager 3392 C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
(unsigned) Easy Display Manager 3716 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(unsigned) EasySpeedUpManager 3840 C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
(unsigned) EDSAgentEx Application 3168 C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
(unsigned) GPCore COM object 4500 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(unsigned) HP Digital Imaging 6036 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(unsigned) HP Digital Imaging 5404 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(unsigned) Magic Keyboard for Samsung 3788 C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
(unsigned) OpenOffice.org 3.1 1880 C:\Program Files\OpenOffice.org 3\program\soffice.bin
(unsigned) OpenOffice.org 3.1 988 C:\Program Files\OpenOffice.org 3\program\soffice.exe
(unsigned) PhotoshopElementsFileAgent.exe 1316 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(verified) hpwuSchd Application 3504 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(verified) AVG Internet Security 3016 C:\Program Files\AVG\AVG10\avgam.exe
(verified) AVG Internet Security 4172 C:\Program Files\AVG\AVG10\avgcsrvx.exe
(verified) AVG Internet Security 2676 C:\Program Files\AVG\AVG10\avgcsrvx.exe
(verified) AVG Internet Security 2640 C:\Program Files\AVG\AVG10\avgemcx.exe
(verified) AVG Internet Security 1388 C:\Program Files\AVG\AVG10\avgfws.exe
(verified) AVG Internet Security 3084 C:\Program Files\AVG\AVG10\avgnsx.exe
(verified) AVG Internet Security 3680 C:\Program Files\AVG\AVG10\avgtray.exe
(verified) AVG Internet Security 1404 C:\Program Files\AVG\AVG10\avgwdsvc.exe
(verified) AVG Internet Security 2528 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(verified) AVG Internet Security 1828 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
(verified) AVG Internet Security 1516 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
(verified) AVGIDSMonitor.exe 3256 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(verified) Bluetooth Software 492 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(verified) Bluetooth Software 3936 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(verified) Bluetooth Software 2764 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
(verified) Bonjour 1424 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) Firefox 4128 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 656 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Firefox 6088 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) HP Digital Imaging 3968 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(verified) Intel® Common User Interface 3240 C:\WINDOWS\system32\hkcmd.exe
(verified) Intel® Common User Interface 1664 C:\WINDOWS\system32\igfxext.exe
(verified) Intel® Common User Interface 3252 C:\WINDOWS\system32\igfxpers.exe
(verified) Intel® Common User Interface 3384 C:\WINDOWS\system32\igfxsrvc.exe
(verified) Intel® Common User Interface 3216 C:\WINDOWS\system32\igfxtray.exe
(verified) iTunes 2948 C:\Program Files\iPod\bin\iPodService.exe
(verified) iTunes 3752 C:\Program Files\iTunes\iTunesHelper.exe
(verified) Java Platform SE 6 U24 1528 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Java Platform SE Auto Updater 2 0 3648 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Messenger 3820 C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft
-
Hi I have AVG Internet Security 2011. Last night during a scan it said it found 1 rootkit and removed it. This made me slightly cautious so I ran AVG and Malware Bytes in safe mode, neither found anything. To be extra safe this morning I decided to try and use Panda online scan, for this I had to use Internet Explorer (I normally use Firefox). After awhile I quit it as it was taking so long. I then restarted AVG which now found 11 infections! All 11 are reportedly called Win32/PEPatch. One was removed but AVG seemed unable to remove the other 10 for some reason.
I hope someone can help me ,
I've followed the instructions and here is the DDS log. I've attached the other two logs
Thanks
Abi
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Abi at 13:01:41 on 2011-05-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.146 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Abi\My Documents\Downloads\Defogger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Abi\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\abi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9eaa30&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-GB&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-18 27632]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]
RUnknown pavboot;pavboot; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-8 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-18 13224]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-5-18 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-5-18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-5-18 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-5-18 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-5-18 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-5-18 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-5-18 109736]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-2 19840]
.
=============== Created Last 30 ================
.
2011-05-21 06:31:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 19:07:19 -------- d-----w- c:\documents and settings\abi\application data\Serif
2011-05-16 19:02:27 -------- d-----w- c:\program files\Serif
2011-05-11 19:35:40 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 19:35:38 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 19:35:34 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-11 19:35:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 19:35:33 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 19:35:26 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-11 19:35:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 19:35:20 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-07 08:49:21 3140 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-04-07 08:49:08 88 -csh--r- c:\documents and settings\all users\application data\CFF4E75662.sys
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 07:13:02 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
.
============= FINISH: 13:02:54.64 ===============
-
Well, temporarily left it.
Ok thanks so much again, I'll make a donation to you later on today, I'm very grateful to finally have this sorted.
-
Yes to all questions.
The one that shows up in C: where the icon is like a desktop computer wont let me delete it, it says:
Cannot delete CF28132.cfxxe: Access is denied.
Please make sure the disk is not full or write-protected and that the file is not currently in use.
-
Ok I've done those, Combo fix said it had uninstalled but I can still see it's item on my desktop should I just delete it?
I can also see it when I click on My Computer\Local Disk (C:) it has a icon that looks like a desktop computer, should I delete this as well?
Just found it also showing in my download folder, should this be manually deleted as well?
Thanks again, you've been great helping me with this.
-
Hi, looks like I'm still not clean. Here's the log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process.
OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=297922b37171974ba89e66496881d825
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-23 01:37:52
# local_time=2010-05-23 02:37:52 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 1158 1158 0 0
# scanned=47942
# found=1
# cleaned=1
# scan_time=9731
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\tcpip.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
-
I can't see any obvious problems. Should I run any of the programs again like combofix and post logs to make sure my computer is now clean?
-
To check whether everything is OK, repeat things, where before the problem appeared.
Ok I give it a go and get back to you
-
How are things now?
Not sure, it wasn't really obvious in the first place.
I knew I had a virus thanks to all the trojans and then safe mode finding the virus in system 32.
Also when I searched for something in google and clicked a link it quite often took me to an unrelated site, I've just tried a quick search and this seems to have stopped now.
How do I tell for definate that this virus is gone, should I run a scan in safe mode again?
-
Ok this is the log that popped up from Combofix
ComboFix 10-05-22.01 - Abi 22/05/2010 22:13:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.539 [GMT 1:00]
Running from: c:\documents and settings\Abi\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Abi\Application Data\867031401A3031614E7CD96420E078E2
c:\documents and settings\Abi\Application Data\867031401A3031614E7CD96420E078E2\enemies-names.txt
c:\documents and settings\All Users\Application Data\hpe3FF.dll
c:\windows\SEC
c:\windows\SEC\DelMt.cmd
c:\windows\SEC\JRE150.exe
c:\windows\SEC\Marker.exe
c:\windows\SEC\MEMIO.sys
c:\windows\SEC\MEMIO.vxd
c:\windows\SEC\MP10ENG.exe
c:\windows\SEC\Region.vbs
c:\windows\SEC\SECINSTALL.EXE
c:\windows\SEC\SECINSTALL.INI
c:\windows\SEC\StartMem.exe
c:\windows\system32\AbaleZip.dll
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.
2010-05-22 09:55 . 2010-05-22 09:55 -------- d-----w- c:\documents and settings\Abi\Application Data\Malwarebytes
2010-05-22 09:55 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 09:55 . 2010-05-22 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-22 09:55 . 2010-05-22 09:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 09:55 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 16:52 . 2010-05-20 16:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-20 16:06 . 2010-05-20 16:06 -------- d-----w- C:\$AVG
2010-05-18 14:59 . 2010-05-20 16:37 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-05-18 13:12 . 2010-05-18 13:12 -------- d-----w- c:\program files\Avanquest update
2010-05-18 13:09 . 2010-05-18 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-05-18 13:07 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-18 13:03 . 2010-05-18 13:03 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-05-18 13:03 . 2010-05-18 13:02 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-05-18 13:03 . 2010-05-18 13:02 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-05-18 13:03 . 2010-05-18 13:02 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-05-18 13:02 . 2010-05-20 16:39 -------- d-----w- c:\program files\Sony Ericsson
2010-05-18 12:58 . 2010-05-18 12:58 -------- d-sh--w- c:\documents and settings\Abi\PrivacIE
2010-05-10 11:37 . 2010-05-10 11:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-10 11:36 . 2010-05-10 11:36 -------- d-sh--w- c:\documents and settings\Abi\IETldCache
2010-05-10 08:54 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-10 08:54 . 2010-02-25 10:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-10 08:54 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-10 08:54 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-10 08:54 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-10 08:54 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-10 08:54 . 2010-05-10 08:54 -------- d-----w- c:\windows\ie8updates
2010-05-10 08:53 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-10 08:51 . 2010-05-10 08:53 -------- dc-h--w- c:\windows\ie8
2010-04-28 15:32 . 2010-04-28 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2010-04-28 15:29 . 2010-04-28 15:29 -------- d-----w- c:\documents and settings\Abi\Local Settings\Application Data\TomTom
2010-04-28 15:29 . 2010-04-28 15:29 -------- d-----w- c:\documents and settings\Abi\Application Data\TomTom
2010-04-28 15:29 . 2010-04-28 15:29 -------- d-----w- c:\program files\TomTom International B.V
2010-04-28 15:29 . 2010-04-28 15:29 -------- d-----w- c:\program files\TomTom HOME 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 21:10 . 2010-04-17 07:50 -------- d-----w- c:\documents and settings\Abi\Application Data\Skype
2010-05-22 20:50 . 2010-01-16 08:24 -------- d-----w- c:\documents and settings\Abi\Application Data\HPAppData
2010-05-22 18:36 . 2010-04-17 07:55 -------- d-----w- c:\documents and settings\Abi\Application Data\skypePM
2010-05-20 20:47 . 2009-11-09 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-20 09:49 . 2009-11-13 20:53 1 ----a-w- c:\documents and settings\Abi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-18 13:13 . 2009-02-12 19:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-18 13:10 . 2010-05-18 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-05-18 13:07 . 2010-05-18 13:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-05-18 13:07 . 2010-05-18 13:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-05-18 13:07 . 2010-05-18 13:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-18 12:57 . 2009-11-09 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-20 15:15 . 2009-11-09 22:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-17 07:55 . 2010-04-17 07:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-17 07:42 . 2010-04-17 07:41 -------- d-----r- c:\program files\Skype
2010-04-17 07:41 . 2010-04-17 07:41 -------- d-----w- c:\program files\Common Files\Skype
2010-04-17 07:41 . 2010-04-17 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-13 13:22 . 2009-02-12 19:35 -------- d-----w- c:\program files\Google
2010-03-28 20:31 . 2010-03-28 20:31 -------- d-----w- c:\documents and settings\Abi\Application Data\AVG9
2010-03-10 06:15 . 2009-02-12 18:05 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 10:11 . 2010-03-03 10:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-03 10:11 . 2009-11-09 22:42 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-03 10:11 . 2009-11-09 22:42 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-03 10:11 . 2009-11-09 22:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-03 10:11 . 2009-11-09 22:42 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-02 19:27 . 2010-01-24 09:33 18092 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-25 06:24 . 2009-02-12 18:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-02-12 18:05 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 18:39 . 2010-02-22 18:39 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-22 18:35 . 2009-12-08 17:59 18440 ----a-w- c:\documents and settings\Abi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 12:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Abi\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-03 10:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [09/11/2009 23:42 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [09/11/2009 23:42 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/11/2009 23:42 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/11/2009 23:42 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [03/03/2010 11:11 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 11:24 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [03/03/2010 11:11 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/03/2010 11:11 5888008]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12/02/2009 20:29 4300]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [09/11/2009 23:41 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [09/11/2009 23:41 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [09/11/2009 23:41 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [09/11/2009 23:41 26120]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 04:01 30208]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18/05/2010 14:03 27632]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12/02/2009 20:33 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/04/2010 14:22 135664]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [09/11/2009 23:41 30104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18/05/2010 14:03 13224]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [18/05/2010 14:10 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [18/05/2010 14:10 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [18/05/2010 14:10 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [18/05/2010 14:10 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [18/05/2010 14:10 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [18/05/2010 14:10 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [18/05/2010 14:10 109736]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [02/08/2006 00:57 19840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 13:22]
2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.danbroughton.com/websites/seek_x/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Abi\Application Data\Mozilla\Firefox\Profiles\y3wth8zt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Abi\Application Data\Mozilla\Firefox\Profiles\y3wth8zt.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 22:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-05-22 22:26:46
ComboFix-quarantined-files.txt 2010-05-22 21:26
Pre-Run: 139,058,348,032 bytes free
Post-Run: 140,442,877,952 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 1710F910C74D49EE65393B8993BDF4E8
-
Hi,
I've downloaded combo fix. I loaded AVG to disable it as you said, but it flashed up a red box with this message:
Malware dectected
File name: C:\\32788R22FWJFW\IEXPLORE.EXE
Threat name: Tool-NirCmd
Category: PUA
AVG is giving me the option to Quaratine or Allow this, which should I select?
Also what is a script blocker, is this something within AVG or a seperate program?
Thanks again
-
Hi, thanks here's the reports:
1.
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sat May 22 19:52:43 2010
Found and removed: Software\JavaSoft\Java2D\1.5.0
Found and removed: SOFTWARE\Classes\JavaPlugin.150
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
------------------------------------
Finished reporting.
2.
ROOTREPEAL © AD, 2007-2010
==================================================
Report Save Time: 2010/05/22 20:07
Program Version: Version 2.0.0.0
Windows Version: Windows XP SP3
==================================================
DRIVERS
-------------------
Hidden 0x00000000 , 0 bytes
File Invisible rootrepeal.sys 0xa808e000 C:\WINDOWS\system32\drivers\rootrepeal.sys, 49152 bytes
PROCESSES
-------------------
4 - System
268 - C:\WINDOWS\explorer.exe
400 - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
448 - C:\WINDOWS\system32\ctfmon.exe
508 - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
560 - C:\Program Files\Bonjour\mDNSResponder.exe
660 - C:\WINDOWS\system32\spoolsv.exe
736 - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
784 - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
816 - C:\Documents and Settings\Abi\My Documents\Downloads\RootRepeal.exe
836 - C:\WINDOWS\RTHDCPL.EXE
848 - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
880 - C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
892 - C:\WINDOWS\system32\igfxtray.exe
896 - C:\WINDOWS\system32\hkcmd.exe
928 - C:\WINDOWS\system32\igfxpers.exe
980 - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1004 - C:\WINDOWS\system32\smss.exe
1080 - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
1084 - C:\WINDOWS\system32\csrss.exe
1088 - C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
1108 - C:\WINDOWS\system32\winlogon.exe
1156 - C:\WINDOWS\system32\services.exe
1168 - C:\WINDOWS\system32\lsass.exe
1228 - C:\WINDOWS\system32\igfxsrvc.exe
1304 - C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
1340 - C:\WINDOWS\system32\svchost.exe
1368 - C:\Program Files\AVG\AVG9\avgemc.exe
1392 - C:\PROGRA~1\AVG\AVG9\avgtray.exe
1432 - C:\WINDOWS\system32\svchost.exe
1476 - C:\WINDOWS\system32\svchost.exe
1512 - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
1556 - C:\WINDOWS\system32\svchost.exe
1576 - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1636 - C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
1656 - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1700 - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
1712 - C:\Program Files\AVG\AVG9\avgchsvx.exe
1720 - C:\Program Files\iTunes\iTunesHelper.exe
1724 - C:\Program Files\AVG\AVG9\avgrsx.exe
1764 - C:\WINDOWS\system32\svchost.exe
1828 - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1852 - C:\Program Files\Messenger\msmsgs.exe
1864 - C:\Program Files\AVG\AVG9\avgcsrvx.exe
1908 - C:\WINDOWS\system32\svchost.exe
1916 - C:\Program Files\Skype\Phone\Skype.exe
2116 - C:\Program Files\OpenOffice.org 3\program\soffice.exe
2124 - C:\WINDOWS\system32\rundll32.exe
2176 - C:\Program Files\OpenOffice.org 3\program\soffice.bin
2244 - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2452 - C:\Program Files\AVG\AVG9\avgcsrvx.exe
2612 - C:\WINDOWS\system32\svchost.exe
2764 - C:\WINDOWS\system32\svchost.exe
2956 - C:\Program Files\AVG\AVG9\avgam.exe
3024 - C:\Program Files\AVG\AVG9\avgnsx.exe
3384 - C:\WINDOWS\system32\svchost.exe
3636 - C:\WINDOWS\system32\svchost.exe
3744 - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
3800 - C:\Program Files\Skype\Plugin Manager\skypePM.exe
3884 - C:\WINDOWS\system32\svchost.exe
3960 - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
4012 - C:\Program Files\AVG\AVG9\avgwdsvc.exe
4052 - C:\Program Files\AVG\AVG9\avgfws9.exe
4240 - C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
4292 - C:\Program Files\iPod\bin\iPodService.exe
4312 - C:\Program Files\AVG\AVG9\avgcsrvx.exe
4836 - C:\WINDOWS\system32\igfxext.exe
5432 - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
5576 - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5752 - C:\WINDOWS\system32\svchost.exe
FILES
-------------------
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_aCAwMuNdESavJCsadZbw, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_anDl9mDJ1gM0rPJJnsCI, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_ctabcMeQ0p4cCpbqgpKW, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_e9rP9Kvx70NWusrPU7RF, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_F4fLeU8ccPLXH2Id07xt, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_GHeyqAg7Cnsg0092Kaqf, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_NvsE7LCR3c5c8qr7v6or, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_Q9J4dGSjVOqyxDkwYHhZ, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_sYVbNgiMWl4REB9wTv3T, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\Abi\Application Data\Skype\etilqs_xgzLX6GvorUCoKiFYgG0, Allocation size mismatch (API: 110040360684023936, Raw: 0)
Mismatch C:\Documents and Settings\All Users\Application Data\avg9\Log\avgfw.log, Size mismatch (API: 357930, Raw: 357120)
Mismatch C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl, Allocation size mismatch (API: 110040360684023936, Raw: 4096)
STEALTH CODE
-------------------
System 0x8551faea - Hidden Code
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_CLEANUP]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_CLOSE]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_CREATE]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_CREATE_MAILSLOT]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_CREATE_NAMED_PIPE]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_DEVICE_CHANGE]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_DEVICE_CONTROL]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_DIRECTORY_CONTROL]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_FILE_SYSTEM_CONTROL]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_FLUSH_BUFFERS]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_LOCK_CONTROL]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_POWER]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_QUERY_EA]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_QUERY_INFORMATION]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_QUERY_QUOTA]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_QUERY_SECURITY]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_QUERY_VOLUME_INFORMATION]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_READ]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_SCSI]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_SET_EA]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_SET_INFORMATION]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_SET_SECURITY]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_SET_VOLUME_INFORMATION]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_SHUTDOWN]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_SYSTEM_CONTROL]
System 0x8551fd01 - Hidden Code [Driver: , IRP: IRP_MJ_WRITE]
System 0xaa24cd23 - Modified Entry Point [Driver: Tcpip, Other Val: 0xaa250a94]
HIDDEN SERVICES
-------------------
SSDT
-------------------
SYSCALL OK, INT 0x2E OK, ServiceTable OK, Driver IAT OK
NtOpenProcess C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys 0xf76cd670
NtTerminateProcess C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys 0xf76cd720
NtTerminateThread C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys 0xf76cd7c0
NtWriteVirtualMemory C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys 0xf76cd860
-
Here I've attached my most recent malware bytes scan which isn't showing anything. Do you want me to attach the AVG log which shows the virus?
-
Thanks, I've done the steps all apart from the GMER rootscanner, it crashes my machine everytime I try and use it. Can I use the AVG one instead?
Anyway here's the other steps.
DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by Abi at 16:28:42.54 on 22/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.212 [GMT 1:00]
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Abi\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.danbroughton.com/websites/seek_x/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Google Side Bar: {32004b8a-44a9-43e7-84e9-808838809519} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\abi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\abi\applic~1\mozilla\firefox\profiles\y3wth8zt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\extensions\npfax@microgaming.co.uk\platform\winnt_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-9 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-9 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-9 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-9 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-9 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-3 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-3-3 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-3 5888008]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-9 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-9 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-9 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-9 26120]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-22 38224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-18 27632]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-13 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-9 30104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-18 13224]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-5-18 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-5-18 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-5-18 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-5-18 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-5-18 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-5-18 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-5-18 109736]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-2 19840]
=============== Created Last 30 ================
2010-05-22 15:25:40 0 ----a-w- c:\documents and settings\abi\defogger_reenable
2010-05-22 09:55:25 0 d-----w- c:\docume~1\abi\applic~1\Malwarebytes
2010-05-22 09:55:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 09:55:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-22 09:55:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 09:55:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 16:06:17 0 d--h--w- C:\$AVG
2010-05-20 11:31:11 0 d-----w- c:\docume~1\abi\applic~1\867031401A3031614E7CD96420E078E2
2010-05-18 14:59:25 0 d-----w- c:\program files\common files\Sony Ericsson
2010-05-18 13:12:07 0 d-----w- c:\program files\Avanquest update
2010-05-18 13:10:01 148736 ----a-w- c:\docume~1\alluse~1\applic~1\hpe3FF.dll
2010-05-18 13:09:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2010-05-18 13:07:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-05-18 13:07:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-05-18 13:07:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-18 13:07:41 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-18 13:03:16 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-05-18 13:03:00 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-05-18 13:03:00 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-05-18 13:03:00 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-05-18 13:02:07 0 d-----w- c:\program files\Sony Ericsson
2010-05-18 12:58:00 0 d-sh--w- c:\documents and settings\abi\PrivacIE
2010-05-10 11:36:52 0 d-sh--w- c:\documents and settings\abi\IETldCache
2010-05-10 08:54:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-10 08:54:21 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-10 08:54:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-10 08:54:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-10 08:54:21 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-10 08:54:21 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-10 08:54:17 0 d-----w- c:\windows\ie8updates
2010-05-10 08:53:48 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-10 08:51:10 0 dc-h--w- c:\windows\ie8
2010-04-28 15:32:38 0 d-----w- c:\docume~1\alluse~1\applic~1\TomTom
2010-04-28 15:29:51 0 d-----w- c:\docume~1\abi\applic~1\TomTom
2010-04-28 15:29:43 0 d-----w- c:\program files\TomTom International B.V
2010-04-28 15:29:25 0 d-----w- c:\program files\TomTom HOME 2
==================== Find3M ====================
2010-04-20 15:15:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 10:11:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-02 19:27:41 18092 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
============= FINISH: 16:32:03.89 ===============
-
Hi everyone,
I have AVG 9.0 internet security and the day before yesterday it discovered a trojan horse, it removed and all seemed well for the next scan, then more appeared, cleaned again, then surprise surprise more appeared. I seem to be stuck in this cycle. I ran AVG in safe mode and it gives me this information
File: WINDOWS/system32/drivers/tcpip.sys
Infection: Virus Identified Win32/Patched.DY
Result: Object is white listed (critical/system file that should not be moved)
So I downloaded malware bytes that found yet more trojans and another couple of things, malware bytes now says the computer is clean but when I run AVG in safe mode the virus above is still there and I'm still getting the occasional random popup.
What should I try next and which scans should I provide you with. I didn't know if I should download the rootscan kit recommended as AVG has a rootscanner, wasn't sure if it would cause problems. Would the AVG log help?
Any help would be very much appeciated as this is driving me kind of nuts trying to fix it, I'm certainly no expert.
Can't remove infection - help
in Resolved Malware Removal Logs
Posted
The uninstaller couldn't detect AVG, should I just uninstall it through my computer?