Jump to content

virus help


Recommended Posts

I have noticed the CPU usage has been really high, also i am getting a lot of web redirects. I also noticed a process that I am unfamiliar with, ping.exe.

Here is the DDS log and attach.txt

Thank you in advance!!!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by DB at 17:19:07 on 2011-12-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1053 [GMT -5:00]

.

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Pragmatic Solutions Inc\LeverageService\LeverageService.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Saitek\Software\ProfilerU.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\ping.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cnn.com/

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\ntunecmd.exe" perf "c:\documents and settings\db\local settings\application data\nvidia corporation\ntune\profiles\Best system.npe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [Profiler] c:\program files\saitek\software\ProfilerU.exe

mRun: [saiMfd] c:\program files\saitek\software\SaiMfd.exe

mRun: [TaskTray]

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 66.76.227.40 208.180.42.68

TCP: Interfaces\{FE7235F1-7340-40E4-8437-F6B763F977CB} : DhcpNameServer = 66.76.227.40 208.180.42.68

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\db\application data\mozilla\firefox\profiles\52m8l9n4.default\

FF - prefs.js: browser.startup.homepage - www.cnn.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-12-14 748440]

R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-3-30 22504]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-6-15 54760]

R2 LeverageService;LeverageService;c:\program files\pragmatic solutions inc\leverageservice\LeverageService.exe [2010-3-12 37376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-20 366152]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-4 855904]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-20 22216]

R3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2011-2-15 176640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-15 136176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-6 167264]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-15 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

.

=============== Created Last 30 ================

.

2011-12-20 18:05:00 -------- d-----w- c:\documents and settings\db\application data\Malwarebytes

2011-12-20 18:04:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-12-20 18:04:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-20 18:04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-15 18:14:59 -------- d-----w- c:\documents and settings\db\application data\Search Settings

2011-12-15 18:14:55 -------- d-----w- c:\program files\IObit Toolbar

2011-12-15 18:14:55 -------- d-----w- c:\program files\common files\Spigot

2011-12-15 18:14:55 -------- d-----w- c:\program files\Application Updater

2011-12-04 10:35:38 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2011-12-04 10:35:35 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-12-04 10:35:34 -------- d-----w- c:\program files\AVG Secure Search

2011-12-01 01:59:26 42392 ----a-w- c:\windows\system32\xfcodec.dll

2011-11-21 14:02:12 -------- d-----w- c:\program files\Paint.NET

2011-11-21 14:01:58 -------- d-----w- c:\documents and settings\db\local settings\application data\Paint.NET

.

==================== Find3M ====================

.

2011-12-20 19:10:10 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-12-20 19:10:03 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-12-20 19:10:03 271200 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-12-20 03:08:55 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-11-01 21:19:28 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-11-01 21:03:29 22328 ----a-w- c:\documents and settings\db\application data\PnkBstrK.sys

2011-09-29 06:05:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll

2011-09-29 06:05:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll

.

============= FINISH: 17:20:23.42 ===============

ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/14/2011 7:35:35 PM

System Uptime: 12/20/2011 1:28:34 PM (4 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5N-E SLI

Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 932 GiB total, 847.338 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: PCI Device

Device ID: PCI\VEN_197B&DEV_2360&SUBSYS_82081043&REV_02\4&268339C6&0&0038

Manufacturer:

Name: PCI Device

PNP Device ID: PCI\VEN_197B&DEV_2360&SUBSYS_82081043&REV_02\4&268339C6&0&0038

Service:

.

Class GUID:

Description: Network Controller

Device ID: PCI\VEN_1814&DEV_0701&SUBSYS_00741737&REV_00\4&DC268A3&0&3080

Manufacturer:

Name: Network Controller

PNP Device ID: PCI\VEN_1814&DEV_0701&SUBSYS_00741737&REV_00\4&DC268A3&0&3080

Service:

.

==== System Restore Points ===================

.

RP230: 9/21/2011 10:51:53 PM - System Checkpoint

RP231: 9/23/2011 1:20:37 AM - System Checkpoint

RP232: 9/24/2011 1:28:43 AM - System Checkpoint

RP233: 9/25/2011 2:04:35 AM - System Checkpoint

RP234: 9/25/2011 10:54:43 PM - Installed DirectX

RP235: 9/25/2011 11:01:27 PM - Installed Windows KB954550-v5.

RP236: 9/25/2011 11:01:31 PM - Printer Driver Microsoft XPS Document Writer Installed

RP237: 9/25/2011 11:05:40 PM - Printer Driver Microsoft XPS Document Writer Installed

RP238: 9/25/2011 11:07:46 PM - Installed LeverageService

RP239: 9/25/2011 11:31:55 PM - Installed DirectX

RP240: 9/26/2011 6:13:26 PM - Installed DirectX

RP241: 9/27/2011 6:40:56 PM - System Checkpoint

RP242: 9/29/2011 9:57:46 PM - System Checkpoint

RP243: 9/30/2011 10:46:49 PM - System Checkpoint

RP244: 10/3/2011 2:02:39 PM - System Checkpoint

RP245: 10/4/2011 8:30:43 PM - System Checkpoint

RP246: 10/5/2011 9:28:09 PM - System Checkpoint

RP247: 10/7/2011 12:38:41 AM - System Checkpoint

RP248: 10/8/2011 2:23:19 AM - System Checkpoint

RP249: 10/9/2011 2:33:28 AM - System Checkpoint

RP250: 10/10/2011 2:59:19 AM - System Checkpoint

RP251: 10/12/2011 10:25:58 AM - System Checkpoint

RP252: 10/13/2011 4:22:05 PM - System Checkpoint

RP253: 10/14/2011 6:37:29 PM - System Checkpoint

RP254: 10/15/2011 6:44:59 PM - System Checkpoint

RP255: 10/16/2011 10:01:38 PM - System Checkpoint

RP256: 10/18/2011 12:14:52 AM - System Checkpoint

RP257: 10/19/2011 12:44:59 AM - System Checkpoint

RP258: 10/20/2011 1:44:50 AM - System Checkpoint

RP259: 10/21/2011 4:28:01 AM - System Checkpoint

RP260: 10/22/2011 4:44:52 AM - System Checkpoint

RP261: 10/23/2011 6:56:49 AM - System Checkpoint

RP262: 10/24/2011 7:39:30 AM - System Checkpoint

RP263: 10/25/2011 7:50:22 AM - System Checkpoint

RP264: 10/26/2011 8:44:38 AM - System Checkpoint

RP265: 10/27/2011 9:32:29 AM - System Checkpoint

RP266: 10/28/2011 11:12:01 AM - System Checkpoint

RP267: 10/29/2011 12:52:41 PM - System Checkpoint

RP268: 10/30/2011 1:02:52 PM - System Checkpoint

RP269: 10/31/2011 3:53:04 PM - System Checkpoint

RP270: 11/1/2011 3:47:27 PM - Removed Call of Duty® 4 - Modern Warfare

RP271: 11/2/2011 4:42:01 PM - System Checkpoint

RP272: 11/3/2011 5:42:00 PM - System Checkpoint

RP273: 11/4/2011 6:41:59 PM - System Checkpoint

RP274: 11/5/2011 7:41:57 PM - System Checkpoint

RP275: 11/6/2011 7:56:30 PM - System Checkpoint

RP276: 11/7/2011 10:05:54 PM - System Checkpoint

RP277: 11/9/2011 1:46:04 PM - System Checkpoint

RP278: 11/10/2011 2:10:52 PM - System Checkpoint

RP279: 11/11/2011 3:10:50 PM - System Checkpoint

RP280: 11/12/2011 4:48:36 PM - System Checkpoint

RP281: 11/13/2011 8:09:13 PM - System Checkpoint

RP282: 11/14/2011 8:49:40 PM - System Checkpoint

RP283: 11/15/2011 9:10:50 PM - System Checkpoint

RP284: 11/17/2011 10:05:09 PM - System Checkpoint

RP285: 11/19/2011 1:37:30 AM - System Checkpoint

RP286: 11/20/2011 2:13:36 AM - System Checkpoint

RP287: 11/21/2011 2:42:59 AM - System Checkpoint

RP288: 11/21/2011 9:02:10 AM - Paint.NET v3.5.10

RP289: 11/22/2011 9:19:03 AM - System Checkpoint

RP290: 11/23/2011 9:20:12 AM - System Checkpoint

RP291: 11/24/2011 11:04:30 AM - System Checkpoint

RP292: 11/25/2011 11:12:52 AM - System Checkpoint

RP293: 11/26/2011 11:57:45 AM - System Checkpoint

RP294: 11/27/2011 12:27:21 PM - System Checkpoint

RP295: 11/28/2011 1:33:44 PM - System Checkpoint

RP296: 11/29/2011 2:45:45 PM - System Checkpoint

RP297: 11/30/2011 3:30:38 PM - System Checkpoint

RP298: 12/1/2011 3:57:32 PM - System Checkpoint

RP299: 12/2/2011 5:09:30 PM - System Checkpoint

RP300: 12/3/2011 5:33:04 PM - System Checkpoint

RP301: 12/4/2011 5:57:04 PM - System Checkpoint

RP302: 12/5/2011 6:33:01 PM - System Checkpoint

RP303: 12/6/2011 7:57:03 PM - System Checkpoint

RP304: 12/7/2011 8:13:32 PM - System Checkpoint

RP305: 12/8/2011 10:30:01 PM - System Checkpoint

RP306: 12/10/2011 12:32:51 AM - System Checkpoint

RP307: 12/11/2011 1:02:28 AM - System Checkpoint

RP308: 12/12/2011 11:06:54 AM - System Checkpoint

RP309: 12/13/2011 2:40:59 PM - System Checkpoint

RP310: 12/14/2011 4:00:00 PM - System Checkpoint

RP311: 12/15/2011 4:12:56 PM - System Checkpoint

RP312: 12/16/2011 10:16:32 PM - System Checkpoint

RP313: 12/18/2011 2:07:39 AM - Restore Operation

RP314: 12/18/2011 2:15:34 AM - Restore Operation

RP315: 12/19/2011 2:58:21 AM - System Checkpoint

RP316: 12/20/2011 3:22:55 PM - System Checkpoint

.

==== Installed Programs ======================

.

7-Zip 4.57

A2A Accusim for the Wings of POWER 3 Razorback

A2A B17 Accusim

A2A Wings of POWER 3 P47 Razorback

Abacus Scenery Shortcut

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

AI Carriers

Airport Design Editor 9x Version 1.47.7.0

ARCA Leverage Client

AVG 2011

BlackBox flightlogger V2.9.41 beta

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.4 Patch

Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Capo Frasca Range (LICF) for FSX - v.1 .0

CCleaner

CPUID CPU-Z 1.57

Dropbox

EVGA Display Driver

FaceTrackNoIR

Flight Sim Nation Carrier

Flight Simulator X

Flight Simulator X Service Pack 1

FS Recorder 2.01 for FSX

FSFDT FSCopilot

FSFDT FSInn

FSX Planner

Game Booster 3

Google Earth

Google Update Helper

H&R Block Deluxe + Efile + State 2010

H&R Block North Carolina 2010

Hardware Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32

IObit Toolbar v4.9

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

LeverageService

Logitech Vid

Logitech Webcam Software

Logitech Webcam Software Driver Package

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Flight Simulator X

Microsoft Flight Simulator X: Acceleration

Microsoft Flight Simulator X: Acceleration SDK

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 Parser and SDK

NVIDIA nTune

OpenAL

Orbiter 2010-P1

Paint.NET v3.5.10

Plan-G

Radar v2.0 for FSX

Realtek High Definition Audio Driver

Saitek SST Programming Software

Scenerysync_X 1.0.2

Segoe UI

Skype Click to Call

Skype™ 5.5

TeamSpeak 2 RC2

TeamSpeak 3 Client

TeamViewer 6

USS Harry S Truman 1.00b2

VAT-Spy

VRC

VRS F/A-18E Superbug X

WebFldrs XP

Windows Imaging Component

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows XP Service Pack 3

Wings of POWER II: B17

Xfire (remove only)

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

12/18/2011 3:09:33 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/18/2011 2:18:24 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

12/18/2011 2:16:54 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/18/2011 2:15:28 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/18/2011 2:15:27 AM, error: Service Control Manager [7022] - The LeverageService service hung on starting.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I see you have IOBit software installed.

Please read this:

http://forums.malwarebytes.org/index.php?showtopic=33217

I highly recommend uninstalling their software.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

MBAM log. Running the other after this post. Thank you!!

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

DB :: DB-F9510E3DCB05 [administrator]

Protection: Enabled

12/27/2011 11:36:59 PM

mbam-log-2011-12-27 (23-36-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202007

Time elapsed: 16 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hi, IOBIT was uninstalled. Mbam was updated and log is in previous post. Combofix ran and all seems ok. I do not have a combofix log, and I cannot connect this machine to the internet. It is hardwired to a wireless router, and the other devices on the wireless router are able to connect ok. I followed the advice in the combofix instructions for manually restoring internet to no avail.

However, after combofix, I no longer see ping.executive in the processes, and another issue of when my PC would be told to restart, it would start shutting down ans stop the process after saving the settings has been fixed too. Now clicking restart will restart the PC.

Where should I go now??

Thank you so much for your help thus far.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.