Jump to content

Trojan horse BackDoor.Generic14.AVBQ Infestation

fdn3180

By fdn3180
in Resolved Malware Removal Logs

 Share

Recommended Posts

fdn3180

fdn3180

Posted
Posted

System is operating fine (for now) besides redirects from Google searches. AVG keeps notifying me of the problem but Malwarebytes, Spybot, and AVG have been unable to remove it. Also when I re-start my system I get this lovely message:

"The maximum number of secrets that may be stored in a single system has been exceed. The length and number of secrets is limited to satisfy United States Department export restrictions."

Attached is my AVG scan as well. Thanks for any help that can/will be provided.

attach.txt

dds.txt

AVG Scan.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello fdn3180! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please follow the instructions here to download and run ComboFix tool:

www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Post the log file in your next reply.

Link to post
Share on other sites
fdn3180

fdn3180

Posted
  • Author
Posted

ComboFix 11-11-18.02 - Administrator 11/18/2011 10:05:52.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1354 [GMT -6:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Total Protection *Enabled/Outdated* {8C354827-2F54-4E28-90DC-AD391E77808C}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

* Resident AV is active

.

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\extensions\{dd288c79-094a-4fa1-85de-1da3dd55e3b2}\install.rdf

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\$NtUninstallKB16501$

c:\windows\$NtUninstallKB16501$\262817364

c:\windows\$NtUninstallKB16501$\364554800\@

c:\windows\$NtUninstallKB16501$\364554800\L\ktrspibc

c:\windows\$NtUninstallKB16501$\364554800\loader.tlb

c:\windows\$NtUninstallKB16501$\364554800\U\@00000001

c:\windows\$NtUninstallKB16501$\364554800\U\@000000c0

c:\windows\$NtUninstallKB16501$\364554800\U\@000000cb

c:\windows\$NtUninstallKB16501$\364554800\U\@000000cf

c:\windows\$NtUninstallKB16501$\364554800\U\@80000000

c:\windows\$NtUninstallKB16501$\364554800\U\@800000c0

c:\windows\$NtUninstallKB16501$\364554800\U\@800000cb

c:\windows\$NtUninstallKB16501$\364554800\U\@800000cf

c:\windows\system32\

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\75e76b8aed0d2a46.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))

.

.

2011-11-18 15:50 . 2011-11-18 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2011-11-17 15:27 . 2011-11-17 15:27 -------- d-----w- c:\program files\SpywareBlaster

2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-11-16 19:57 . 2011-11-16 20:12 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-11-15 21:12 . 2011-11-17 17:13 -------- d-sh--w- c:\documents and settings\LocalService\Local Settings\Application Data\15baaa30

2011-11-15 18:21 . 2011-11-17 15:14 -------- d-----w- c:\windows\system32\drivers\AVG

2011-11-14 09:20 . 2011-11-14 09:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 23:22 . 2011-08-08 17:57 426984 ----a-w- c:\windows\system32\HP2030SM.EXE

2011-11-11 14:46 . 2011-08-08 16:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-06 16:55 . 2011-08-08 16:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-10-06 16:55 . 2011-08-08 16:13 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2011-09-16 20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2008-04-14 09:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]

"BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288]

"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-10-06 16:55 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Virtual Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248]

R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2/20/2009 3:04 PM 195456]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 113496]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 184828]

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/8/2011 10:50 AM 8600]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 366916]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 6:04 PM 12856]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [8/8/2011 10:50 AM 165900]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]

R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [5/20/2010 2:46 AM 30208]

S2 0159701312820365mcinstcleanup;McAfee Application Installer Cleanup (0159701312820365);c:\docume~1\ADMINI~1\LOCALS~1\Temp\015970~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\015970~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20]

.

2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe

AddRemove-MVS - c:\program files\McAfee\Managed VirusScan\Agent\myinx

AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-18 10:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-499000131-4267111148-3219469454-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1024)

c:\windows\system32\WININET.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'lsass.exe'(1096)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(2940)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\McAfee\Managed VirusScan\VScan\McShield.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\McAfee\Managed VirusScan\Agent\myAgtTry.exe

c:\bizcover\BizCover.exe

.

**************************************************************************

.

Completion time: 2011-11-18 10:32:19 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-18 16:32

.

Pre-Run: 123,483,324,416 bytes free

Post-Run: 127,156,031,488 bytes free

.

- - End Of File - - 674FA98AAF79B0395F428606BDF4B496

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::
AV: Total Protection *Enabled/Outdated* {8C354827-2F54-4E28-90DC-AD391E77808C}

Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\15baaa30

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites
fdn3180

fdn3180

Posted
  • Author
Posted

Here's my log but for some reason I am unable to connect to the internet.

ComboFix 11-11-18.02 - Administrator 11/18/2011 16:00:28.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1330 [GMT -6:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

* Resident AV is active

.

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\LocalService\Local Settings\Application Data\15baaa30

c:\documents and settings\LocalService\Local Settings\Application Data\15baaa30\@

.

.

((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))

.

.

2011-11-18 15:50 . 2011-11-18 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2011-11-17 15:27 . 2011-11-17 15:27 -------- d-----w- c:\program files\SpywareBlaster

2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-11-16 19:57 . 2011-11-16 20:12 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-11-15 18:21 . 2011-11-17 15:14 -------- d-----w- c:\windows\system32\drivers\AVG

2011-11-14 09:20 . 2011-11-14 09:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 23:22 . 2011-08-08 17:57 426984 ----a-w- c:\windows\system32\HP2030SM.EXE

2011-11-11 14:46 . 2011-08-08 16:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-06 16:55 . 2011-08-08 16:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-10-06 16:55 . 2011-08-08 16:13 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2011-09-16 20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2008-04-14 09:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]

"BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288]

"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-10-06 16:55 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Virtual Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248]

R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2/20/2009 3:04 PM 195456]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 113496]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 184828]

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/8/2011 10:50 AM 8600]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 366916]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 6:04 PM 12856]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [8/8/2011 10:50 AM 165900]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]

R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [5/20/2010 2:46 AM 30208]

S2 0159701312820365mcinstcleanup;McAfee Application Installer Cleanup (0159701312820365);c:\docume~1\ADMINI~1\LOCALS~1\Temp\015970~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\015970~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MFERKDK

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20]

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-18 16:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-499000131-4267111148-3219469454-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1024)

c:\windows\system32\WININET.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'lsass.exe'(1096)

c:\windows\system32\WININET.dll

.

Completion time: 2011-11-18 16:16:40

ComboFix-quarantined-files.txt 2011-11-18 22:16

ComboFix2.txt 2011-11-18 16:32

.

Pre-Run: 127,200,555,008 bytes free

Post-Run: 127,185,981,440 bytes free

.

- - End Of File - - 8E0956AFE75226DB74A89951B8759F38

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  1. Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 10
    del /f /q %0


  2. Once you've done that click on File and select Save As...
  3. In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  4. Name the file fix.bat (the .bat extension is very important)
  5. Save the file to your desktop and double click it to run it.
  6. Once it runs it will automatically restart your computer
  7. Once your computer boots again, check to see if your internet performance has improved

Please let me know how it went and a update on how your PC is doing.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open Start => Run... and type cmd . Then type ipconfig /release and press Enter button. Try the same way with the following commands:

ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all

Every new line is a new command.

Finally, reboot your PC and let me know.

Link to post
Share on other sites
fdn3180

fdn3180

Posted
  • Author
Posted

Here are the statements I get for the given commands:

ipconfig/release - IP Address for adapter Local Area Connection has already been released

ipconfig/renew - An error occurred while renewing interface Local Area Connection : The RPC server is unavailable

ipconfig/flushdns - Successfully flushed the DNS Resolver Cache

netsh winsock reset all - Successfully reset the Winsock Catalog

netsh int ip reset all - nothing comes up

After a reboot I am still unable to connect.

Link to post
Share on other sites
fdn3180

fdn3180

Posted
  • Author
Posted

ComboFix 11-11-25.01 - Administrator 11/25/2011 11:00:40.3.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1534 [GMT -6:00]

Running from: F:\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\searchplugins\bing-zugo.xml

.

.

((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))

.

.

2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-11-16 19:57 . 2011-11-18 23:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-11-15 18:21 . 2011-11-17 15:14 -------- d-----w- c:\windows\system32\drivers\AVG

2011-11-14 09:20 . 2011-11-14 09:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 23:22 . 2011-08-08 17:57 426984 ----a-w- c:\windows\system32\HP2030SM.EXE

2011-11-11 14:46 . 2011-08-08 16:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-06 16:55 . 2011-08-08 16:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-10-06 16:55 . 2011-08-08 16:13 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2011-09-16 20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-18_16.27.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-20 08:49 . 2009-05-15 23:15 34248 c:\windows\system32\drivers\mferkdk.sys

- 2010-05-20 08:49 . 2009-05-16 00:15 34248 c:\windows\system32\drivers\mferkdk.sys

- 2010-05-20 08:49 . 2009-05-16 00:15 35272 c:\windows\system32\drivers\mfebopk.sys

+ 2010-05-20 08:49 . 2009-05-15 23:15 35272 c:\windows\system32\drivers\mfebopk.sys

+ 2010-05-20 08:49 . 2009-05-15 23:15 79816 c:\windows\system32\drivers\mfeavfk.sys

- 2010-05-20 08:49 . 2009-05-16 00:15 79816 c:\windows\system32\drivers\mfeavfk.sys

+ 2010-05-20 08:49 . 2009-05-15 23:15 214024 c:\windows\system32\drivers\mfehidk.sys

- 2010-05-20 08:49 . 2009-05-16 00:15 214024 c:\windows\system32\drivers\mfehidk.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]

"BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-10-06 16:55 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\Virtual Firefox\\firefox.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248]

S1 FSLX;FSLX;\??\c:\windows\system32\drivers\fslx.sys --> c:\windows\system32\drivers\fslx.sys [?]

S2 0083921321658316mcinstcleanup;McAfee Application Installer Cleanup (0083921321658316);c:\docume~1\ADMINI~1\LOCALS~1\Temp\008392~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\008392~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 184828]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 374152]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 6:04 PM 12856]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [5/20/2010 2:46 AM 30208]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20]

.

2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-25 11:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-499000131-4267111148-3219469454-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(292)

c:\windows\system32\WININET.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'lsass.exe'(352)

c:\windows\system32\WININET.dll

.

Completion time: 2011-11-25 11:09:56

ComboFix-quarantined-files.txt 2011-11-25 17:09

ComboFix2.txt 2011-11-18 22:16

ComboFix3.txt 2011-11-18 16:32

.

Pre-Run: 127,282,307,072 bytes free

Post-Run: 127,319,990,272 bytes free

.

- - End Of File - - 786960E06619153DE148B5557FD0EC7A

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites
fdn3180

fdn3180

Posted
  • Author
Posted

Here's the log. After restarting the system I am still unable to connect to the internet.

ComboFix 11-11-26.04 - Administrator 11/26/2011 12:26:44.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1434 [GMT -6:00]

Running from: F:\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))

.

.

2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-11-16 19:57 . 2011-11-18 23:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-16 19:57 . 2011-11-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-11-15 18:21 . 2011-11-17 15:14 -------- d-----w- c:\windows\system32\drivers\AVG

2011-11-14 09:20 . 2011-11-14 09:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 23:22 . 2011-08-08 17:57 426984 ----a-w- c:\windows\system32\HP2030SM.EXE

2011-11-11 14:46 . 2011-08-08 16:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2008-04-14 09:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-10-06 16:55 . 2011-08-08 16:13 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-06 16:55 . 2011-08-08 16:13 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-10-06 16:55 . 2011-08-08 16:13 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-10-06 16:55 . 2011-08-08 16:13 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2008-04-14 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2008-04-14 09:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2011-09-16 20:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-18_16.27.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-25 17:19 . 2011-11-25 17:19 16384 c:\windows\temp\Perflib_Perfdata_cd8.dat

- 2010-05-20 08:49 . 2009-05-16 00:15 34248 c:\windows\system32\drivers\mferkdk.sys

+ 2010-05-20 08:49 . 2009-05-15 23:15 34248 c:\windows\system32\drivers\mferkdk.sys

+ 2010-05-20 08:49 . 2009-05-15 23:15 35272 c:\windows\system32\drivers\mfebopk.sys

- 2010-05-20 08:49 . 2009-05-16 00:15 35272 c:\windows\system32\drivers\mfebopk.sys

+ 2010-05-20 08:49 . 2009-05-15 23:15 79816 c:\windows\system32\drivers\mfeavfk.sys

- 2010-05-20 08:49 . 2009-05-16 00:15 79816 c:\windows\system32\drivers\mfeavfk.sys

- 2010-05-20 08:49 . 2009-05-16 00:15 214024 c:\windows\system32\drivers\mfehidk.sys

+ 2010-05-20 08:49 . 2009-05-15 23:15 214024 c:\windows\system32\drivers\mfehidk.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]

"BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-05-07 36864]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-10-06 16:55 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\Virtual Firefox\\firefox.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 184828]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 6:04 PM 12856]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]

R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [5/20/2010 2:46 AM 30208]

S1 FSLX;FSLX;\??\c:\windows\system32\drivers\fslx.sys --> c:\windows\system32\drivers\fslx.sys [?]

S2 0083921321658316mcinstcleanup;McAfee Application Installer Cleanup (0083921321658316);c:\docume~1\ADMINI~1\LOCALS~1\Temp\008392~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\008392~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20]

.

2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499000131-4267111148-3219469454-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 14:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://208.6.28.109/QQEST/LOGIN/LOGIN.ASP?country=us&rg=d93fe3d6-4a8d-43a1-90b0-bdc170414dcc

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uejjz7sd.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20111023&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-26 12:33

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-499000131-4267111148-3219469454-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,2e,01,c9,6b,e5,6f,4f,be,5d,04,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(992)

c:\windows\system32\WININET.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\cscui.dll

.

- - - - - - - > 'lsass.exe'(1060)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1144)

c:\windows\system32\WININET.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-11-26 12:36:32

ComboFix-quarantined-files.txt 2011-11-26 18:36

ComboFix2.txt 2011-11-25 17:09

ComboFix3.txt 2011-11-18 22:16

ComboFix4.txt 2011-11-18 16:32

.

Pre-Run: 127,324,545,024 bytes free

Post-Run: 127,310,995,456 bytes free

.

- - End Of File - - 4AB38603A037E2DDEF88135D195C1B89

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please download MiniToolBox HERE http://download.bleepingcomputer.com/farbar/MiniToolBox.exe When the box opens click save file, save it to the desktop and run it.

Checkmark the following boxes:

List Last Ten Event Viewer Errors

List Mini Dump Files

Flush Dns

List Installed Programs

List Users, Partitions and Memory size

Click Go and post the result.

Link to post
Share on other sites
fdn3180

fdn3180

Posted
  • Author
Posted

MiniToolBox by Farbar

Ran by Administrator (administrator) on 28-11-2011 at 07:47:09

Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= Event log errors: ===============================

Application errors:

==================

Error: (11/25/2011 11:04:37 AM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (11/18/2011 05:16:18 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/18/2011 05:16:08 PM) (Source: Bonjour Service) (User: )

Description: ERROR: udsserver_init: 203 (The system could not find the environment option that was entered.)

System errors:

=============

Error: (11/26/2011 00:41:44 PM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%2

Error: (11/26/2011 00:41:44 PM) (Source: Service Control Manager) (User: )

Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Error: (11/26/2011 00:41:44 PM) (Source: Service Control Manager) (User: )

Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (11/26/2011 09:24:53 AM) (Source: Windows Update Agent) (User: )

Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (11/25/2011 11:19:16 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%2

Error: (11/25/2011 11:19:16 AM) (Source: Service Control Manager) (User: )

Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Error: (11/25/2011 11:19:16 AM) (Source: Service Control Manager) (User: )

Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (11/25/2011 11:11:55 AM) (Source: DCOM) (User: SYSTEM)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/25/2011 11:11:25 AM) (Source: DCOM) (User: Administrator)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/25/2011 11:11:13 AM) (Source: DCOM) (User: Administrator)

Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""

in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Microsoft Office Sessions:

=========================

=========================== Installed Programs ============================

.print Client Windows (RDP) (Version: 7.0.53)

Adobe AIR (Version: 2.7.0.19530)

Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)

Adobe Flash Player 11 Plugin (Version: 11.1.102.55)

Adobe Reader X (10.1.1) (Version: 10.1.1)

Apple Application Support (Version: 1.5.2)

Apple Mobile Device Support (Version: 3.4.1.2)

Apple Software Update (Version: 2.1.3.127)

AVG 2012 (Version: 12.0.1869)

AVG 2012 (Version: 12.0.1872)

AVG 2012 (Version: 12.0.2092)

BizCover (Version: 1.0.0.4)

Bonjour (Version: 3.0.0.2)

Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)

Google Earth (Version: 6.0.3.2197)

Google Update Helper (Version: 1.3.21.79)

HP Help and Support (Version: 4.2.0010)

HP LaserJet P2030 Series

hppusgP2030 (Version: 000.000.00005)

HPSSupply (Version: 2.1.1.0000)

Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5102)

InterVideo WinDVD 8 (Version: 8.5.10.36)

Java 6 Update 13 (Version: 6.0.130)

LogMeIn (Version: 4.1.1868)

Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)

MarketResearch (Version: 100.0.170.000)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)

Microsoft Search Enhancement Pack (Version: 1.2.123.0)

Microsoft Silverlight (Version: 4.0.60531.0)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)

MrvlUsgTracking (Version: 1.0.7)

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)

Pidgin (Version: 2.9.0)

Realtek High Definition Audio Driver (Version: 5.10.0.5963)

Segoe UI (Version: 14.0.4327.805)

Software Virtualization Agent (Version: 2.1.3071)

Spybot - Search & Destroy (Version: 1.6.2)

WebFldrs XP (Version: 9.50.7523)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live Sign-in Assistant (Version: 5.000.818.5)

Windows Live Toolbar (Version: 14.0.8064.206)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 23%

Total physical RAM: 1917.1 MB

Available physical RAM: 1467.46 MB

Total Pagefile: 3681.27 MB

Available Pagefile: 3247.21 MB

Total Virtual: 2047.88 MB

Available Virtual: 1995.18 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:139.49 GB) (Free:118.65 GB) NTFS

2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.55 GB) (Free:0.83 GB) NTFS

4 Drive f: (HDDREG) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT

========================= Users: ========================================

User accounts for \\S0810-1

Administrator Guest HelpAssistant

LogMeInRemoteUser SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept