Jump to content

fuzzy2u

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Everything posted by fuzzy2u

  1. fuzzy2u
    For the past couple days, it seems that I'm being constantly bombarded by a server in China (according to geobytes ip address search). MB seems to be successfully blocking the invasions because the balloons keep popping up every 5-10 minutes. I ran through the instructions on this forum: MB quick scan found nothing, AVG full scan found nothing. Downloaded and ran DeFogger, DDS, and GMER. CD emulation is still disabled. The dds.txt file is pasted below. The zipped attach.txt and ark.txt files are attached. What do I do now? Fuzzy . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mark Sanner at 16:15:58 on 2011-06-16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2442 [GMT -4:00] . AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\WINDOWS2\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS2\System32\svchost.exe -k netsvcs C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS2\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\AVG\AVG10\avgam.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe C:\WINDOWS2\system32\svchost.exe -k hpdevmgmt C:\WINDOWS2\system32\svchost.exe -k HPService C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS2\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS2\system32\nvsvc32.exe C:\WINDOWS2\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe C:\WINDOWS2\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS2\system32\SearchIndexer.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS2\system32\wuauclt.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS2\Explorer.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\WINDOWS2\system32\KADxMain.exe C:\WINDOWS2\system32\wbem\unsecapp.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS2\system32\ctfmon.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS2\system32\SearchProtocolHost.exe C:\WINDOWS2\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe" mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [sAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exe mRun: [nwiz] nwiz.exe /installquiet mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows2\system32\NvCpl.dll,NvStartup mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [KADxMain] c:\windows2\system32\KADxMain.exe mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-explorer: NoThemesTab = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoColorChoice = 0 (0x0) uPolicies-system: NoSizeChoice = 0 (0x0) uPolicies-system: NoVisualStyleChoice = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: jzip.com\www Trusted Zone: mlxchange.com\ctmls Trusted Zone: realtytools.com Trusted Zone: toolkitcma.com Trusted Zone: toolkitcma2.com DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293051597734 DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://ctmls.mlxchange.com/5.1.01.9506/Control/IRCSharc.cab DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://avptcam.uconn.edu/activex/AMC.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: DhcpNameServer = 68.87.71.230 68.87.73.246 TCP: Interfaces\{9AF8E951-B06D-4910-9429-96E373ECE1F7} : DhcpNameServer = 68.87.71.230 68.87.73.246 TCP: Interfaces\{D682A14A-635A-49CC-BC87-7EEF23F429FF} : DhcpNameServer = 10.1.10.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows2\system32\drivers\AVGIDSEH.sys [2010-9-13 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows2\system32\drivers\avgrkx86.sys [2010-9-7 32592] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows2\system32\drivers\tdrpm273.sys [2010-12-30 752128] R1 Avgldx86;AVG AVI Loader Driver;c:\windows2\system32\drivers\avgldx86.sys [2010-9-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows2\system32\drivers\avgmfx86.sys [2010-9-7 34896] R1 Avgtdix;AVG TDI Driver;c:\windows2\system32\drivers\avgtdix.sys [2010-11-10 297168] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-30 3246040] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 cpuz135;cpuz135;c:\windows2\system32\drivers\cpuz135_x32.sys [2011-5-5 21992] R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440] R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-23 312152] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-21 363344] R3 afcdp;afcdp;c:\windows2\system32\drivers\afcdp.sys [2010-12-30 167968] R3 AVGIDSDriver;AVGIDSDriver;c:\windows2\system32\drivers\AVGIDSDriver.sys [2010-8-20 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows2\system32\drivers\AVGIDSFilter.sys [2010-8-20 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows2\system32\drivers\AVGIDSShim.sys [2010-8-20 27216] R3 DXEC01;DXEC01;c:\windows2\system32\drivers\dxec01.sys [2006-11-2 97536] R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [2011-1-21 20952] . =============== Created Last 30 ================ . 2011-06-16 11:30:00 105472 -c----w- c:\windows2\system32\dllcache\mup.sys 2011-05-30 20:57:23 -------- d-----w- c:\documents and settings\mark sanner.mark-4100f7f6f5\application data\Flip Video 2011-05-30 20:31:05 -------- d-----w- c:\program files\Flip Video 2011-05-30 20:07:13 -------- d-----w- c:\documents and settings\all users.windows2\application data\Flip Video . ==================== Find3M ==================== . 2011-06-07 22:51:44 404640 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows2\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows2\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows2\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows2\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows2\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows2\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows2\system32\drivers\mup.sys 2011-04-15 01:28:42 134480 ----a-w- c:\windows2\system32\drivers\AVGIDSDriver.sys 2011-04-06 20:20:16 91424 ----a-w- c:\windows2\system32\dnssd.dll 2011-04-06 20:20:16 75040 ----a-w- c:\windows2\system32\jdns_sd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows2\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows2\system32\dns-sd.exe 2011-04-05 04:59:56 297168 ----a-w- c:\windows2\system32\drivers\avgtdix.sys . ============= FINISH: 16:17:03.37 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.