Jump to content

Help I think I'm Infected


ts1971

Recommended Posts

Hi,

To make a long story very short: I think that my machine is infected with Malware / Virus. I've run DDS and here and below are the results. The instructions don't specify exactly how the two generated files should be included so I'm just going to include the contents inline. If this isn't right, let me know and I'll zip them up or attach them or whatever.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/22/2008 9:25:15 PM

System Uptime: 12/6/2011 2:36:00 PM (0 hours ago)

.

Motherboard: LENOVO | | 2242CTO

Processor: Intel Pentium III Xeon processor | None | 2526/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 39 GiB total, 10.351 GiB free.

D: is FIXED (NTFS) - 39 GiB total, 29.106 GiB free.

E: is CDROM ()

F: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&B1BFB68&0&18

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&B1BFB68&0&18

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Serial Port

Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_20EC17AA&REV_07\3&B1BFB68&0&1B

Manufacturer:

Name: PCI Serial Port

PNP Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_20EC17AA&REV_07\3&B1BFB68&0&1B

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Modem Device on High Definition Audio Bus

Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_5051&SUBSYS_17AA20FC&REV_1000\4&2B9C4D19&0&0002

Manufacturer:

Name: Modem Device on High Definition Audio Bus

PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_5051&SUBSYS_17AA20FC&REV_1000\4&2B9C4D19&0&0002

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Network Controller

Device ID: PCI\VEN_8086&DEV_4236&SUBSYS_10118086&REV_00\4&318470AD&0&00E1

Manufacturer:

Name: Network Controller

PNP Device ID: PCI\VEN_8086&DEV_4236&SUBSYS_10118086&REV_00\4&318470AD&0&00E1

Service:

.

==== System Restore Points ===================

.

RP959: 9/29/2011 3:22:54 AM - System Checkpoint

RP960: 9/30/2011 4:46:31 AM - System Checkpoint

RP961: 10/1/2011 5:22:55 AM - System Checkpoint

RP962: 10/2/2011 6:22:55 AM - System Checkpoint

RP963: 10/3/2011 7:24:00 AM - System Checkpoint

RP964: 10/4/2011 8:22:55 AM - System Checkpoint

RP965: 10/5/2011 11:16:34 AM - System Checkpoint

RP966: 10/6/2011 11:35:20 AM - System Checkpoint

RP967: 10/7/2011 5:16:34 PM - System Checkpoint

RP968: 10/8/2011 5:35:47 PM - System Checkpoint

RP969: 10/9/2011 6:23:39 PM - System Checkpoint

RP970: 10/10/2011 8:12:44 PM - System Checkpoint

RP971: 10/11/2011 10:02:20 PM - System Checkpoint

RP972: 10/12/2011 10:29:52 PM - System Checkpoint

RP973: 10/13/2011 3:00:14 AM - Software Distribution Service 3.0

RP974: 10/14/2011 3:25:38 AM - System Checkpoint

RP975: 10/15/2011 11:07:56 AM - System Checkpoint

RP976: 10/16/2011 1:18:01 PM - System Checkpoint

RP977: 10/17/2011 1:50:44 PM - System Checkpoint

RP978: 10/18/2011 3:32:54 PM - System Checkpoint

RP979: 10/19/2011 5:05:34 PM - System Checkpoint

RP980: 10/20/2011 6:47:54 PM - System Checkpoint

RP981: 10/21/2011 9:23:19 PM - System Checkpoint

RP982: 10/22/2011 9:28:16 PM - System Checkpoint

RP983: 10/24/2011 12:02:37 AM - System Checkpoint

RP984: 10/25/2011 12:28:17 AM - System Checkpoint

RP985: 10/26/2011 4:35:44 PM - System Checkpoint

RP986: 10/27/2011 9:34:50 PM - System Checkpoint

RP987: 10/28/2011 11:06:52 PM - System Checkpoint

RP988: 10/30/2011 12:23:03 AM - System Checkpoint

RP989: 10/31/2011 12:52:32 AM - System Checkpoint

RP990: 11/1/2011 1:51:27 AM - System Checkpoint

RP991: 11/2/2011 2:51:27 AM - System Checkpoint

RP992: 11/2/2011 10:53:48 AM - Software Distribution Service 3.0

RP993: 11/3/2011 11:41:03 AM - System Checkpoint

RP994: 11/4/2011 1:22:16 PM - System Checkpoint

RP995: 11/5/2011 1:52:37 PM - System Checkpoint

RP996: 11/6/2011 4:13:03 PM - System Checkpoint

RP997: 11/7/2011 5:59:08 PM - System Checkpoint

RP998: 11/8/2011 11:19:48 PM - System Checkpoint

RP999: 11/9/2011 3:00:14 AM - Software Distribution Service 3.0

RP1000: 11/10/2011 3:52:37 AM - System Checkpoint

RP1001: 11/11/2011 3:00:13 AM - Software Distribution Service 3.0

RP1002: 11/12/2011 3:21:03 AM - System Checkpoint

RP1003: 11/13/2011 4:21:03 AM - System Checkpoint

RP1004: 11/14/2011 5:21:03 AM - System Checkpoint

RP1005: 11/15/2011 6:21:03 AM - System Checkpoint

RP1006: 11/16/2011 7:21:03 AM - System Checkpoint

RP1007: 11/17/2011 7:49:33 AM - System Checkpoint

RP1008: 11/18/2011 8:21:25 AM - System Checkpoint

RP1009: 11/19/2011 9:47:50 AM - System Checkpoint

RP1010: 11/20/2011 1:52:34 PM - System Checkpoint

RP1011: 11/21/2011 4:38:47 PM - System Checkpoint

RP1012: 11/22/2011 5:21:24 PM - System Checkpoint

RP1013: 11/27/2011 10:45:17 AM - System Checkpoint

RP1014: 11/28/2011 6:43:51 PM - System Checkpoint

RP1015: 11/29/2011 7:30:56 PM - System Checkpoint

RP1016: 11/30/2011 8:24:42 PM - System Checkpoint

RP1017: 12/1/2011 10:25:49 PM - System Checkpoint

RP1018: 12/2/2011 10:48:35 PM - System Checkpoint

RP1019: 12/3/2011 11:34:22 PM - System Checkpoint

RP1020: 12/5/2011 12:05:30 AM - System Checkpoint

RP1021: 12/6/2011 12:58:20 AM - System Checkpoint

RP1022: 12/6/2011 11:19:38 AM - Restore Operation

.

==== Installed Programs ======================

.

7-Zip 9.20

AC3Filter (remove only)

Acrobat.com

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Anki

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Ask Toolbar

Audacity 1.2.6

Avira Free Antivirus

Client Security - Password Manager

Conexant HD Audio

Content Transfer

Cookienator

Critical Update for Windows Media Player 11 (KB959772)

DiskCheckup V3.0

Exact Audio Copy 0.99pb4

Fiddler2

FreePDF (Remove only)

GPL Ghostscript 8.71

Help Center

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Precisionscan Pro 3.1

HP Share-to-Web

Integrated Camera Driver Installer Package Ver.1.18.500.0

Integrated Camera TWAIN

Intel® Graphics Media Accelerator Driver

Intel® Network Connections Drivers

Intel® Trusted Platform Module

ISO Recorder

Java Auto Updater

Java 6 Update 26

Lenovo System Toolbox

magicJack

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

Message Center

Message Center Plus

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2000 SR-1 Professional

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox (3.6.24)

Mp3 File Merger V1.6

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Notebook Hardware Control 2.0 Pre-Release-06 Bugfix

On Screen Display

OpenOffice.org 3.2

PartyPoker

PhotoScape

Presentation Director

Productivity Center Supplement for ThinkPad

Quicken 2009

QuickTime

RedMon - Redirection Port Monitor

Rescue and Recovery

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype™ 5.5

Spelling Dictionaries Support For Adobe Reader 9

System Update

ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter

ThinkPad EasyEject Utility

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Keyboard Customizer Utility

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Active Protection System

ThinkVantage Productivity Center

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

WinPcap 4.1.1

WinRAR archiver

Wireshark 1.2.8

Xvid 1.2.1 final uninstall

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/6/2011 11:14:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS RasAcd Rdbss ssmdrv Tcpip TPHKDRV TPPWRIF TSMAPIP tvtumon

12/6/2011 11:14:15 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 11:14:15 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 11:14:15 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 11:14:15 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 11:13:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

12/6/2011 11:13:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/3/2011 7:10:26 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

12/3/2011 7:10:26 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT

12/3/2011 7:08:21 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/3/2011 5:33:19 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/3/2011 5:26:13 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library SD Memory Card.

12/3/2011 10:47:15 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.

12/3/2011 10:47:15 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkIpx because another computer on the network has the same name. The server could not start.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 14:51:24 on 2011-12-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2548 [GMT -7:00]

.

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Notebook Hardware Control\nhc.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: 90cd0c88: {1123b85b-f2a7-de5f-fdf9-6c8cb1e4d803} - c:\windows\system32\msidntld32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TpShocks] TpShocks.exe

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [NotebookHardwareControl] "c:\program files\notebook hardware control\nhc.exe" -quiet

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe

mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\administrator\desktop\PartyPoker.lnk

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 172.27.35.1

TCP: Interfaces\{EEDD885B-B6EC-4E15-B3BD-665DE4CFC845} : DhcpNameServer = 172.27.35.1

Notify: igfxcui - igfxdev.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\boiioctq.default\

FF - prefs.js: browser.search.selectedEngine - {BLD_SEARCH_PLUGIN_NAME}

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-6 36000]

R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-8 46144]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-6 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-6 110032]

R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-12-6 463824]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-6 74640]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-23 94208]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]

R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-8 253952]

R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2008-12-23 72448]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-19 243856]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-6-7 81280]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

.

=============== Created Last 30 ================

.

2011-12-06 19:16:09 -------- d-----w- c:\documents and settings\administrator\application data\Avira

2011-12-06 19:10:12 -------- d-----w- c:\program files\Ask.com

2011-12-06 19:09:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-06 19:09:54 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-06 19:09:50 -------- d-----w- c:\program files\Avira

2011-12-06 19:09:50 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-12-06 18:22:44 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-06 18:22:44 -------- d-----w- c:\windows\system32\wbem\Repository

2011-12-04 07:03:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-12-04 07:03:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-12-04 07:03:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-12-04 07:03:43 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-12-04 07:03:43 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-12-04 07:03:43 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-12-04 07:03:43 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-12-04 07:03:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-11-08 01:51:53 -------- d-----w- c:\program files\Dictionary

.

==================== Find3M ====================

.

2011-12-06 21:40:51 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys

2011-12-06 18:26:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 14:51:54.79 ===============

Link to post
Share on other sites

Okay, I'm going to give this post it's 48 hr bump and also a quick update. It turns out that I was definitely infected. Shortly after making that post the fake Windows XP 2012 Antivirus virus kicked in. I was able to get around it initially by falling back to a restore point from November but within hours it was back and even worse as somehow it hooked into the system restore so solution avenue didn't work a second time.

After a couple of hours of tinkering I finally got around it by continuously killing the process in task manager and running some registry scripts I found on the internet and finally doing both MBAM and Avira scans and letting them remove whatever they found. At the moment things seem to be working but I have no idea whether or not I'm really clean. If anyone could give me a hand, I'd really appreciate it.

Thanks.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Thanks for taking the time to respond. I've updated MBAM and done a complete scan (results below). With respect to the machine bahaviour, I haven't had any additional problems over the last several days. I still don't know how I was infected (and reinfected) in the first place, but I'm not experiencing any symptoms at the moment. Thanks again.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8372

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/14/2011 5:33:14 PM

mbam-log-2011-12-14 (17-33-13).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)

Objects scanned: 340910

Time elapsed: 1 hour(s), 19 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.