Jump to content

Recommended Posts

AVG found this in several system process. It could get rid of most of them, but not all. In particular, i cannot get rid of agent_r.ats that seems to be attached to ipsec.sys. now i cannot get online with that machine. the logs are below

dss.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.0.0

Run by BLXLYT at 19:07:39 on 2011-11-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2421 [GMT -8:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\MagicDisc\MagicDisc.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\iWin Games\iWinTrusted.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AVG\AVG2012\avgui.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local;192.168.*.*

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\prxtbiWi2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\prxtbiWi2.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe

mRun: [saiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

StartupFolder: c:\docume~1\blxlyt\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\blxlyt\startm~1\programs\startup\gmotes~1.lnk - c:\program files\gmoteserver\GmoteServer.exe

StartupFolder: c:\docume~1\blxlyt\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.15 v.1.00\WlanCU.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{4BC1280D-306D-40E2-A7D0-4B80CB372C2A} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{EA3E67A2-155A-47F1-AFD6-E84BE4A1F413} : DhcpNameServer = 192.168.2.1

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {D48g43BC-4266-43f0-B6ED-9D38C4202C7E} - c:\program files\common files\mscd.exe

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\blxlyt\application data\mozilla\firefox\profiles\ixgmgurt.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-11-28 902432]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-12 353672]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-11-28 2326920]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-11-28 159168]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-11-27 36864]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [2008-11-27 78720]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-8-25 6016]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-8-25 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-8-25 20480]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-8-25 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-8-25 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]

S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;c:\windows\system32\PCAND5BK.SYS [2008-11-27 15104]

S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2007-5-1 132232]

S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2007-5-1 28416]

.

=============== Created Last 30 ================

.

2011-11-24 02:53:31 -------- d-----w- c:\documents and settings\blxlyt\application data\Malwarebytes

2011-11-24 02:32:21 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-23 14:08:49 -------- d-----w- c:\documents and settings\blxlyt\application data\AVG2012

2011-11-23 05:19:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-23 05:19:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 05:19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-23 04:46:57 -------- d-----w- c:\windows\system32\drivers\AVG

2011-11-23 04:46:57 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-11-23 04:33:51 3903608 ----a-w- C:\avg_free_stb_all_2012_1869_cnet.exe

2011-11-23 04:14:32 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-11-04 11:26:01 -------- d-----w- c:\windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 14:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 14:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-17 15:49:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-13 14:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2009-01-06 00:24:05 57856 --sh--w- c:\program files\common files\svchost.exe

.

============= FINISH: 19:07:57.65 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/27/2008 12:30:35 AM

System Uptime: 11/23/2011 6:13:31 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M3A-H/HDMI

Processor: AMD Phenom 9600 Quad-Core Processor | CPU 1 | 2305/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 932 GiB total, 377.907 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1056: 8/26/2011 2:52:21 PM - System Checkpoint

RP1057: 8/27/2011 3:51:16 PM - System Checkpoint

RP1058: 8/28/2011 4:57:59 PM - System Checkpoint

RP1059: 8/29/2011 6:14:22 PM - System Checkpoint

RP1060: 8/30/2011 7:09:43 PM - System Checkpoint

RP1061: 8/31/2011 7:51:16 PM - System Checkpoint

RP1062: 9/1/2011 8:04:16 PM - System Checkpoint

RP1063: 9/2/2011 9:03:16 PM - System Checkpoint

RP1064: 9/3/2011 9:27:11 PM - System Checkpoint

RP1065: 9/4/2011 9:55:06 PM - System Checkpoint

RP1066: 9/5/2011 9:57:16 PM - System Checkpoint

RP1067: 9/6/2011 10:57:16 PM - System Checkpoint

RP1068: 9/7/2011 11:57:16 PM - System Checkpoint

RP1069: 9/9/2011 12:57:15 AM - System Checkpoint

RP1070: 9/10/2011 1:50:20 AM - System Checkpoint

RP1071: 9/11/2011 2:50:20 AM - System Checkpoint

RP1072: 9/12/2011 3:50:20 AM - System Checkpoint

RP1073: 9/13/2011 3:51:35 AM - System Checkpoint

RP1074: 9/13/2011 8:33:45 AM - Avg Update

RP1075: 9/13/2011 6:42:09 PM - Avg Update

RP1076: 9/14/2011 6:51:35 PM - System Checkpoint

RP1077: 9/15/2011 7:12:18 PM - System Checkpoint

RP1078: 9/16/2011 8:38:40 PM - System Checkpoint

RP1079: 9/20/2011 10:26:06 PM - System Checkpoint

RP1080: 9/23/2011 2:02:02 PM - System Checkpoint

RP1081: 9/24/2011 2:06:56 PM - System Checkpoint

RP1082: 9/25/2011 2:07:00 PM - System Checkpoint

RP1083: 9/26/2011 3:07:00 PM - System Checkpoint

RP1084: 9/27/2011 3:19:01 PM - System Checkpoint

RP1085: 9/28/2011 4:19:01 PM - System Checkpoint

RP1086: 9/29/2011 5:20:26 PM - System Checkpoint

RP1087: 9/30/2011 5:20:35 PM - System Checkpoint

RP1088: 10/1/2011 6:07:00 PM - System Checkpoint

RP1089: 10/2/2011 7:11:55 PM - System Checkpoint

RP1090: 10/3/2011 8:07:00 PM - System Checkpoint

RP1091: 10/4/2011 9:08:05 PM - System Checkpoint

RP1092: 10/5/2011 10:07:00 PM - System Checkpoint

RP1093: 10/6/2011 10:19:00 PM - System Checkpoint

RP1094: 10/7/2011 11:07:00 PM - System Checkpoint

RP1095: 10/9/2011 9:50:49 AM - System Checkpoint

RP1096: 10/10/2011 10:07:00 AM - System Checkpoint

RP1097: 10/11/2011 11:07:00 AM - System Checkpoint

RP1098: 10/11/2011 4:31:27 PM - Avg Update

RP1099: 10/12/2011 5:34:11 PM - System Checkpoint

RP1100: 10/13/2011 6:08:05 PM - System Checkpoint

RP1101: 10/14/2011 7:23:17 PM - System Checkpoint

RP1102: 10/15/2011 8:07:01 PM - System Checkpoint

RP1103: 10/16/2011 7:54:28 PM - Software Distribution Service 3.0

RP1104: 10/17/2011 8:20:51 PM - System Checkpoint

RP1105: 10/18/2011 8:21:56 PM - System Checkpoint

RP1106: 10/19/2011 8:34:24 PM - System Checkpoint

RP1107: 10/20/2011 9:20:51 PM - System Checkpoint

RP1108: 10/23/2011 1:12:57 PM - System Checkpoint

RP1109: 10/24/2011 1:57:48 PM - System Checkpoint

RP1110: 10/25/2011 9:21:10 AM - Avg Update

RP1111: 10/26/2011 9:40:24 AM - System Checkpoint

RP1112: 10/27/2011 10:40:24 AM - System Checkpoint

RP1113: 10/28/2011 12:53:43 PM - System Checkpoint

RP1114: 10/29/2011 1:53:59 PM - System Checkpoint

RP1115: 10/30/2011 2:02:59 PM - System Checkpoint

RP1116: 10/31/2011 2:41:29 PM - System Checkpoint

RP1117: 11/1/2011 3:45:10 PM - System Checkpoint

RP1118: 11/2/2011 4:40:26 PM - System Checkpoint

RP1119: 11/3/2011 6:30:14 PM - System Checkpoint

RP1120: 11/4/2011 4:26:53 AM - Removed LeapFrog Connect

RP1121: 11/5/2011 4:40:26 AM - System Checkpoint

RP1122: 11/6/2011 4:40:26 AM - System Checkpoint

RP1123: 11/7/2011 6:11:23 AM - System Checkpoint

RP1124: 11/8/2011 6:49:34 AM - System Checkpoint

RP1125: 11/9/2011 7:02:06 AM - System Checkpoint

RP1126: 11/10/2011 7:40:29 AM - System Checkpoint

RP1127: 11/11/2011 8:40:29 AM - System Checkpoint

RP1128: 11/12/2011 8:58:11 AM - System Checkpoint

RP1129: 11/13/2011 9:07:40 AM - System Checkpoint

RP1130: 11/14/2011 10:07:40 AM - System Checkpoint

RP1131: 11/15/2011 11:07:40 AM - System Checkpoint

RP1132: 11/16/2011 12:07:40 PM - System Checkpoint

RP1133: 11/17/2011 1:07:40 PM - System Checkpoint

RP1134: 11/18/2011 2:08:45 PM - System Checkpoint

RP1135: 11/19/2011 3:08:45 PM - System Checkpoint

RP1136: 11/20/2011 4:08:46 PM - System Checkpoint

RP1137: 11/21/2011 5:45:27 PM - System Checkpoint

RP1138: 11/22/2011 8:45:25 PM - Installed AVG 2012

RP1139: 11/23/2011 6:07:57 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

µTorrent

7-Zip 4.57

802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00

Acronis True Image Home

Ad-Aware

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Stock Photos 1.0

AMD Processor Driver

AMDAway INF

Android SDK Tools

Apple Mobile Device Support

Apple Software Update

ASUS Wireless Router Utilities

Atheros Communications Inc.® L1 Gigabit Ethernet Driver

ATI - Software Uninstall Utility

Audacity 1.2.6

AVG 2012

Belkin 11Mbps Wireless Desktop Network Card

BlackBerry Desktop Software 6.1

Bonjour

Borderlands

Bridge Base Online

Canon MP Navigator 3.0

Canon MP160

Canon MP160 User Registration

CCleaner (remove only)

Click to Call with Skype

Compatibility Pack for the 2007 Office system

Conduit Engine

Crysis WARHEAD®

CutePDF Writer 2.8

Diskeeper 2008 Pro Premier

EPSON Scan

Fallout 3

Family Feud (remove only)

Far Cry 2

FileZilla Client 3.2.3.1

Foxit PDF IFilter

Foxit Reader

Foxit Toolbar

GmoteServer

Grand Theft Auto Vice City

GTA San Andreas

Halo 2 for Windows Vista

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet 3740

ImTOO MPEG Encoder Platinum

iTunes

iWin Games (remove only)

iWin Toolbar

Java Auto Updater

Java DB 10.6.2.1

Java 6 Update 24

Java 7

Java SE Development Kit 6 Update 24

Java SE Development Kit 7

Juniper Networks Network Connect 7.1.0

Juniper Networks Setup Client Activex Control

Juniper Networks, Inc. Setup Client

Juniper Terminal Services Client

LADSPA_plugins-win-0.4.15

LightScribe System Software 1.17.90.1

MagicDisc 2.7.105

Mathcad 14

Mathcad 14 Help

Mathcad 14 Resource Center

MATLAB R2008b

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Diagnostics and Recovery Toolset 5.0

Microsoft Games for Windows - LIVE Redistributable

Microsoft Halo

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft WinUsb 1.0

Microsoft WinUsb 2.0

MotoHelper 2.0.51 Driver 5.1.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.2.0

Mozilla Firefox 8.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB925673)

Nero 7 Ultra Edition

neroxml

Network Stumbler 0.4.0 (remove only)

NewsLeecher v3.9 Final

nLite 1.4.9.1

NVIDIA Drivers

NVIDIA PhysX v8.10.29

Oblivion

Passware Kit Professional 10.1

PeerGuardian 2.0

Power CD+G Burner

Power CD+G Player Pro

PowerDVD

PowerDVD Ultra

Project64 1.6

PunkBuster Services

QuickTime

Realtek High Definition Audio Driver

Saitek SD6 Programming Software 6.0.10.7

Screensavers.com Content

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shareaza 2.4.0.0

Skype™ 5.5

Spybot - Search & Destroy

TeraCopy 1.22

Tomb Raider: Underworld 1.0

Unlocker 1.8.7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC 9.0 Runtime

VLC media player 0.9.6

VST Bridge 1.1

WebFldrs XP

WinAce Archiver

Winamp

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Internet Explorer 7

Windows Media Format Runtime

Windows Presentation Foundation

WinRAR archiver

Wolfram Mathematica 6

Wolfram Notebook Indexer 2.0

XML Paper Specification Shared Components Pack 1.0

XXClone ver 0.58.0

Yule Log Screen Saver

ZoneAlarm

.

==== Event Viewer Messages From Past Week ========

.

11/23/2011 6:10:23 AM, error: Service Control Manager [7003] - The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

11/23/2011 6:10:23 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

11/23/2011 6:10:23 AM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

11/23/2011 6:10:20 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tcpip

11/23/2011 6:10:17 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.

11/23/2011 6:10:17 AM, error: Service Control Manager [7003] - The IPSEC Services service depends on the following nonexistent service: IPSec

11/23/2011 6:10:17 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2011 6:10:17 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2011 6:10:17 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2011 6:10:17 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/23/2011 6:07:38 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

11/22/2011 9:08:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Avgmfx86 Fips

11/22/2011 8:37:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/22/2011 8:32:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM AvgLdx86 AvgMfx86 Fips

11/22/2011 8:32:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/22/2011 7:16:03 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

11/22/2011 5:34:19 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

.

==== End Of File ===========================

Link to post
Share on other sites

I did a few things.....

The first thing I had to do was totally clean out the virus. I used both TDSKiller, and ComboFixer. Then I updated and re-ran my Antivirus (I use AVG 2012). Then I updated and re-ran SpybotSD (to get rid of any excess spyware). Then, I also had to run Chkdsk, because the virus totally screwed up the integrity of my hard drive. Then for good measure I updated my firewall software (I use ZoneAlarm). After that, the virus was basically gone.

But, I still couldn't get online because the virus had jacked up several of my windows system files. IPsec.sys in particular. I manually deleted the screwed up file from the windows/system32/drivers directory. Next I took out my trusty windows XP sp3 install disk, popped it in the drive and rebooted. I booted into the windows install disk. From this disk, there is an option to repair an existing windows installation. This basically just re-copies all of the windows systems files, and replaces any that have become corrupt. It does not delete any other files or data, so the data and programs on your system remain intact and unchanged.

All you do is boot into the windows system cd. When it get to the screen asking what you want to do, select the option that says something like "install windows." You will have to hit enter, not the option that asks you to hit "r" to go into the recovery console. At the next screen, it will ask you if you want to repair an existing installation. choose that option, and then let windows do its thing. You will have to re-enter your windows activation key during the process. Let it re-install the files, and then when it is done, you will be good to go. Once complete, you will have to re-install all the windows system updates, and you should also re-run your anti-virus just to be sure.

Also, as soon as I was done, I deleted MalwareBytes. It never did anything for me, never found any problems despite the fact that threr were many, and in fact appeared completely infected with spyware/adware when all my system files were re-installed. It has been several days now, and my system appears to be back in shape.

Link to post
Share on other sites

well SP3 boot disk is a no go. I ran Chkdsk, looks like it did a lot of correcting. I ran SpybotSD. Deleted the IPsec.sys & tried reinstalling the SP3, but as figured that wasn't enough. The only boot disk I have is the original windows XP install, so I'm gonna try using the repair function off of that, hope that it works & I'll just take the time to update again back to SP3. I will let u know the results. Other wise Malware, AVG2012, TDSKiller, ComboFixer & SpybotSd are not finding anything, even when ran in safe mode.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

We apologize for the delay, but your bumps caused your thread to look like it was already being addressed. Your rudeness is also not appreciated.

Anyone who is not haberbe, start your own thread and someone will assist you.

Haberbe, do you still need help?

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.