Jump to content

t42

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by t42

  1. t42
    Hi Chris- Thanks again for helping me troubleshoot this......here are the results of the F-Secure scan and the Security Check. I'll let you know in 24 hrs how computer is behaving. Regards, Gordon Scanning Report Wednesday, July 21, 2010 21:23:33 - 21:48:55 Computer name: LENOVO-X61 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- 15 malware found TrackingCookie.Questionmarket (spyware) System (Disinfected) TrackingCookie.Adinterax (spyware) System (Disinfected) TrackingCookie.Advertising (spyware) System (Disinfected) TrackingCookie.Atdmt (spyware) System (Disinfected) TrackingCookie.Doubleclick (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.Zanox (spyware) System (Disinfected) TrackingCookie.Adbrite (spyware) System (Disinfected) TrackingCookie.Webtrends (spyware) System (Disinfected) TrackingCookie.Mediaplex (spyware) System (Disinfected) TrackingCookie.Tradedoubler (spyware) System (Disinfected) TrackingCookie.Statcounter (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) TrackingCookie.Yieldmanager (spyware) System (Disinfected) TrackingCookie.Imrworldwide (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 36327 System: 2919 Not scanned: 11 Actions: Disinfected: 15 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\PAGEFILE.SYS C:\HIBERFIL.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\DOCUMENTS AND SETTINGS\GORDON\LOCAL SETTINGS\TEMP\HSPERFDATA_GORDON\1516 C:\DOCUMENTS AND SETTINGS\GORDON\LOCAL SETTINGS\TEMP\HSPERFDATA_GORDON\4080 -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics -------------------------------------------------------------------------------- Copyright
  2. t42
    Hi screen317- Thanks for helping, here are the logs. ComboFix 10-07-20.01 - Gordon 07/20/2010 20:31:59.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2436 [GMT -4:00] Running from: c:\documents and settings\Gordon\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gordon\Recent\energy.tmp c:\documents and settings\Gordon\Recent\tjd.tmp c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))) . 2010-07-18 13:03 . 2010-07-18 13:03 -------- d-----w- c:\windows\system32\NtmsData 2010-07-18 13:03 . 2010-07-18 13:03 -------- d-----w- c:\documents and settings\Gordon\Application Data\Avira 2010-07-18 12:59 . 2010-07-18 12:59 -------- d-----w- c:\program files\Avira 2010-07-18 12:59 . 2010-07-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-07-18 12:59 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-07-18 12:59 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-18 12:59 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-07-18 12:59 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-07-18 10:48 . 2010-07-18 10:49 -------- dc-h--w- c:\windows\ie8 2010-07-18 10:35 . 2010-07-18 10:35 -------- d-sh--w- c:\documents and settings\Gordon\IECompatCache 2010-07-15 00:16 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-04 17:44 . 2010-07-04 17:44 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-04 17:44 . 2010-07-04 17:44 -------- d-----w- c:\program files\ThinkVantage 2010-07-04 17:44 . 2010-07-04 17:44 -------- d-----w- C:\Icons . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-04 18:11 . 2010-03-05 01:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-14 14:31 . 2006-04-30 07:10 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-13 14:41 . 2010-02-28 01:26 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-04 16:34 . 2010-06-04 16:34 61440 ----a-w- c:\documents and settings\Gordon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-701cc15b-n\decora-sse.dll 2010-06-04 16:34 . 2010-06-04 16:34 503808 ----a-w- c:\documents and settings\Gordon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-397b3926-n\msvcp71.dll 2010-06-04 16:34 . 2010-06-04 16:34 499712 ----a-w- c:\documents and settings\Gordon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-397b3926-n\jmc.dll 2010-06-04 16:34 . 2010-06-04 16:34 348160 ----a-w- c:\documents and settings\Gordon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-397b3926-n\msvcr71.dll 2010-06-04 16:34 . 2010-06-04 16:34 12800 ----a-w- c:\documents and settings\Gordon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-701cc15b-n\decora-d3d.dll 2010-05-24 00:28 . 2010-05-23 23:23 -------- d-----w- c:\documents and settings\Gordon\Application Data\ICAClient 2010-05-23 23:23 . 2010-05-23 23:23 -------- d-----w- c:\program files\Citrix 2010-05-23 22:22 . 2010-03-28 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-23 22:22 . 2010-05-23 22:22 -------- d-----w- c:\program files\Linksys 2010-05-06 10:41 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2006-04-30 06:55 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 19:39 . 2010-03-05 01:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-03-05 01:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2004-03-17 22:13 . 2004-03-17 22:13 1028368 ----a-w- c:\program files\vbrun60sp6.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 135680] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "CmFlywaveName"="c:\windows\System\CmFlywav.exe" [2007-10-05 283466] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\Gordon\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\blp\\Wintrv\\WINTRV.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/18/2010 8:59 AM 135336] R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [5/23/2010 6:22 PM 1410240] . Contents of the 'Scheduled Tasks' folder 2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] 2010-02-26 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2006-04-30 00:12] 2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{603806EF-BB4C-4A80-97FF-112384BF11E3}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-20 20:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-07-20 20:35:47 ComboFix-quarantined-files.txt 2010-07-21 00:35 Pre-Run: 58,740,158,464 bytes free Post-Run: 58,977,701,888 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 3E66C43A004EAF162E72199C2213F9F0 DDS (Ver_10-03-17.01) - NTFSx86 Run by Gordon at 20:46:50.10 on Tue 07/20/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2475 [GMT -4:00] AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System\CmFlywav.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\WINDOWS\System\CMAS2DS.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Gordon\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [CmFlywaveName] c:\windows\system\CmFlywav.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\gordon\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267316265562 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267322833187 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-18 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-18 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-18 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-18 60936] R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2010-5-23 1410240] =============== Created Last 30 ================ 2010-07-21 00:29:50 0 d-sha-r- C:\cmdcons 2010-07-21 00:24:06 98816 ----a-w- c:\windows\sed.exe 2010-07-21 00:24:06 77312 ----a-w- c:\windows\MBR.exe 2010-07-21 00:24:06 256512 ----a-w- c:\windows\PEV.exe 2010-07-21 00:24:06 161792 ----a-w- c:\windows\SWREG.exe 2010-07-18 18:26:02 0 ----a-w- c:\documents and settings\gordon\defogger_reenable 2010-07-18 13:03:39 0 d-----w- c:\windows\system32\NtmsData 2010-07-18 13:03:12 0 d-----w- c:\docume~1\gordon\applic~1\Avira 2010-07-18 12:59:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-18 12:59:53 0 d-----w- c:\program files\Avira 2010-07-18 12:59:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-07-18 10:48:34 0 dc-h--w- c:\windows\ie8 2010-07-18 10:35:55 0 d-sh--w- c:\documents and settings\gordon\IECompatCache 2010-07-15 00:16:01 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-04 17:44:42 0 d-----w- c:\windows\system32\wbem\Repository 2010-07-04 17:44:24 0 d-----w- c:\program files\ThinkVantage 2010-07-04 17:44:24 0 d-----w- C:\Icons ==================== Find3M ==================== 2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys 2004-03-17 22:13:46 1028368 ----a-w- c:\program files\vbrun60sp6.exe ============= FINISH: 20:46:55.12 ===============
  3. t42
    Hi- Thank you very much for offering to help troubleshoot this Google re-direct virus. It has slowly been killing my laptop for the last several weeks and no doubt I made it worse by trying to troubleshoot myself. Symptoms: Redirects google searches to google.nl Redirects google searches to bogus search engines Blocking me from accessing Google.com I followed the instructions in the "I'm infected...." thread and have copied and attached all suggested files. Thanks, Gordon DDS (Ver_10-03-17.01) - NTFSx86 Run by Gordon at 20:23:43.01 on Sun 07/18/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2388 [GMT -4:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System\CmFlywav.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\System\CMAS2DS.EXE C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Linksys\WMB54G\WMB54G.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Documents and Settings\Gordon\Desktop\Defogger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Gordon\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [CmFlywaveName] c:\windows\system\CmFlywav.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\gordon\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267316265562 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267322833187 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 74.125.45.100 4-open-davinci.com Hosts: 74.125.45.100 securitysoftwarepayments.com Hosts: 74.125.45.100 privatesecuredpayments.com Hosts: 74.125.45.100 secure.privatesecuredpayments.com Hosts: 74.125.45.100 getantivirusplusnow.com Note: multiple HOSTS entries found. Please refer to Attach.txt ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-18 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-18 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-18 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-18 60936] R3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2010-5-23 1410240] =============== Created Last 30 ================ 2010-07-18 18:26:02 0 ----a-w- c:\documents and settings\gordon\defogger_reenable 2010-07-18 13:03:39 0 d-----w- c:\windows\system32\NtmsData 2010-07-18 13:03:12 0 d-----w- c:\docume~1\gordon\applic~1\Avira 2010-07-18 12:59:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-18 12:59:53 0 d-----w- c:\program files\Avira 2010-07-18 12:59:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-07-18 10:48:34 0 dc-h--w- c:\windows\ie8 2010-07-18 10:35:55 0 d-sh--w- c:\documents and settings\gordon\IECompatCache 2010-07-15 00:16:01 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-04 17:44:42 0 d-----w- c:\windows\system32\wbem\Repository 2010-07-04 17:44:24 0 d-----w- c:\program files\ThinkVantage 2010-07-04 17:44:24 0 d-----w- C:\Icons ==================== Find3M ==================== 2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll 2004-03-17 22:13:46 1028368 ----a-w- c:\program files\vbrun60sp6.exe ============= FINISH: 20:23:53.79 =============== ark.zip Attach.zip mbam_log_2010_07_19__21_56_29_.txt mbam_log_2010_06_29__20_38_43__one_infection.txt mbam_log_2010_06_29__21_20_26__seven_in_registry.txt mbam_log_2010_07_04__22_31_49__2_registry_keys.txt mbam_log_2010_07_04__22_36_49__6_files.txt
  4. t42
    Hello- I also have been afflicted by AntiVirus 2009 w/ similar issues to the person that started this thread. I burned an Avira AntiVir Rescue System boot disc on another computer that I think may well also have this virus, but disc burn appeared successful. I was able to boot the really badly afflicted computer with the Avira AntiVir Rescue System disc, but cant select anything but German for language, and so have no idea what i'm selcting after i hit SCAN. Why am I unable to select English? I can move the blue highlight bar up and down to highlight either English or Deutsch, but can't move the (X) to select English.....what am i missing here or is this damn av2009 locking me out of even that selection, similar to the way it wont let me safe mode boot or do a system restore.....? Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.