Jump to content

siouxk

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I just cleaned my friends laptop about a month ago and she said she has not used it since I gave it back to her, but yet she ended up with this and could it have been sitting on her comp undetectable? Here is the DDS text from the scan I ran: DDS (Ver_11-03-05.01) - NTFSx86 Run by gina at 20:50:02.50 on Tue 06/07/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.71 [GMT -7:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Tablet.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\igfxpers.exe C:\Documents and Settings\gina\Local Settings\Application Data\mub.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Documents and Settings\gina\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uWindow Title = Windows Internet Explorer provided by Yahoo! uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [<NO NAME>] mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16 mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: musicmatch.com\online DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/html - {3df8a02e-18ea-4b3c-94a7-87112d384760} - Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\gina\applic~1\mozilla\firefox\profiles\y89espu6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z003&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ccc3ec7&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q= FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\gina\application data\mozilla\plugins\np-mswmp.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-26 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-22 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-26 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-26 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-26 297752] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-30 947528] . =============== Created Last 30 ================ . 2011-06-06 22:53:36 339968 --sha-w- c:\docume~1\gina\locals~1\applic~1\mub.exe . ==================== Find3M ==================== . 2011-05-05 22:58:14 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-05-05 22:58:09 88 --sh--r- c:\windows\system32\8B62EE4354.sys 2011-03-21 23:48:30 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . ============= FINISH: 20:51:03.18 =============== Screen shots
  2. Just finished the scan and removed all threats and this is what the log said: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6587 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 5/16/2011 12:06:57 AM mbam-log-2011-05-16 (00-06-57).txt Scan type: Quick scan Objects scanned: 156674 Time elapsed: 13 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\exqonczctruceg (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\njbtyjur (Trojan.FakeAlertRP.Gen) -> Value: njbtyjur -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\gina\local settings\Temp\yhmarjpkv\mjoflesxsik.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully. c:\documents and settings\gina\Desktop\null0.2761094618356461.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully. c:\documents and settings\gina\local settings\Temp\jar_cache42372.tmp (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
  3. Sorry to be such a pest but another update. The laptop is cooperating and being nice finally and letting me run a MalwareBytes scan and no fake pop up's or anything right now
  4. Strange, the laptop is not acting up now and was able to run the DDS scan and here is what I came up with: DDS (Ver_11-03-05.01) - NTFSx86 Run by gina at 22:38:34.40 on Sun 05/15/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.52 [GMT -7:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Tablet.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\system32\wscntfy.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Documents and Settings\gina\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uWindow Title = Windows Internet Explorer provided by Yahoo! uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:47392 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [njbtyjur] c:\docume~1\gina\locals~1\temp\yhmarjpkv\mjoflesxsik.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [<NO NAME>] mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16 mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe" mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: musicmatch.com\online DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/html - {3df8a02e-18ea-4b3c-94a7-87112d384760} - Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\gina\applic~1\mozilla\firefox\profiles\y89espu6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z003&form=ZGAPHP FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ccc3ec7&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q= FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\gina\application data\mozilla\plugins\np-mswmp.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-26 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-22 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-26 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-26 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-26 297752] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-30 517448] . =============== Created Last 30 ================ . 2011-04-26 01:48:57 -------- d-----w- c:\docume~1\gina\locals~1\applic~1\WMTools Downloaded Files . ==================== Find3M ==================== . 2011-05-05 22:58:14 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys 2011-05-05 22:58:09 88 --sh--r- c:\windows\system32\8B62EE4354.sys 2011-03-21 23:48:30 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . ============= FINISH: 22:39:38.65 ===============
  5. Oh ya, this a fake for AVG and this keeps popping up
  6. Tried running the dds scan and it wont let me and this is the error message I get
  7. Thank you. I just now got my friends laptop and going to run the scan and within the next 24 hours will have the log posted.
  8. Help please, my friends laptop is completly disabled. Something has gotten her AVG and pretty much everything else. Tried running MalwareBytes on it even off a thumb drive and it will not let me. Any idea what is infecting her comp? I have looked online and here on the fourms but hjave found nothing to help me. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.