Jump to content

Malwarebytes successfully blocked incoming Malicious website...


Recommended Posts

Hi there,

I keep getting the following message: Malwarebytes successfully blocked incoming Malicious website... (All seem to be ChinaNet IP addresses)

How do these attacks get passed our Router? Also passed my AVG Firewall??

I have performed a full Mawarebytes scan (nothing spotted) and also a Full Virus Scan (24-tracking cookies found/removed)

I ran DDS as recommended in other posts and include the 2-logs.

Any advice? Is this a 'real' threat??

Kind regards,

Bill.

attach.txt

dds.txt

Link to post
Share on other sites

Hello Bill and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please download Malwarebytes Anti-Rootkit here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

Link to post
Share on other sites

Hi Maniac. WOW! Took a long, long time to scan... but then I have millions of files and a bloated XP registry!

Scan completed: No Threats Found.

So, that's a good start...

Malwarebytes is saying the Threat is "incoming" - How can it get through our Router Firewall? We use a non-standard Port address as well...

Link to post
Share on other sites

Please post your log files directly in your comment here.

No, I don't their that they are related somewhow to your firewalls.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Good work here!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hi Maniac,

ESET took 5-Hours to run!

No log file was saved but i copied this to Clipboard before closing IE:

C:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined

C:\Program Files\RegistryFix\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined

C:\Program Files\RegistryFix7\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined

E:\i386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined

E:\Program Files\RegistryFix\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined

E:\Program Files\RegistryFix7\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined

I considered ALL 6 to be False Positives so I restored them...

I think from all these sans we are not infected... But why the attacks from China? HOW can anyone get through our Firewall?

KR

Bill.
Link to post
Share on other sites

I considered ALL 6 to be False Positives so I restored them...

This is a big mistake. These files are part of rogue security program called RegistryFix.

Please locate and manually delete the following folders:

C:\Program Files\RegistryFix

C:\Program Files\RegistryFix7

E:\Program Files\RegistryFix7

E:\Program Files\RegistryFix

Restart your computer and let me know how are things then.

Link to post
Share on other sites

I am still seeing 2-3 IP-Blocks a day...

Interesting point: Router has had same IP Address for 40-days so I reset it to get new IP Address.. The Chinese IP Addresses have not appeared in the Block list but 2-3 new IP Addresses have appeared.

Seems: When someone latches on to an active IP address they regularly try to hack in? Perhaps this is what is going on??

Link to post
Share on other sites

Results Log:

RogueKiller V8.3.1 [Nov 22 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : it.support [Admin rights]

Mode : Remove -- Date : 11/22/2012 14:31:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Run : UpdReg (C:\WINDOWS\Updreg.EXE) -> DELETED

[TASK][sUSP PATH] Get Web Log Files.job : C:\WINDOWS\gl.bat -> NOT SELECTED

[TASK][sUSP PATH] RestartGetIPAddress.job : c:\WINDOWS\RestartGetIPAddress.bat -> NOT SELECTED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> E:\windows\system32\config\SOFTWARE

-> E:\Documents and Settings\Administrator\NTUSER.DAT

-> E:\Documents and Settings\administrator.WESSEXSYSTEMS\NTUSER.DAT

-> E:\Documents and Settings\All Users\NTUSER.DAT

-> E:\Documents and Settings\Bill\NTUSER.DAT

-> E:\Documents and Settings\Default User\NTUSER.DAT

-> E:\Documents and Settings\LocalService\NTUSER.DAT

-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160023AS +++++

--- User ---

[MBR] e921802fec088c9f071b604d65c1a68b

[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 152507 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500320NS +++++

--- User ---

[MBR] 2df5682701fd25046801e9177f81fbb3

[bSP] d990dfeb63ff9996f331fba14a2a2054 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 227 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 465885 | Size: 476710 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_11222012_02d1431.txt >>

RKreport[1]_S_11222012_02d1423.txt ; RKreport[2]_D_11222012_02d1431.txt

Link to post
Share on other sites

Attach LOG:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 03/08/2005 00:25:05

System Uptime: 25/11/2012 12:25:32 (1 hours ago)

.

Motherboard: Dell Inc. | | 0GC068

Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3199/800mhz

.

==== Disk Partitions =========================

.

.

==== Installed Programs ======================

.

A-PDF Image Extractor 2.0

AceFTP 3 Freeware

Acronis True Image Home

Actinic Link for Sage Line 50

Actinic MU v7

Actinic Payment Service Providers Component MU v7

Actinic Shared SSL Service Providers Component MU v7

Adobe Acrobat - Reader 6.0.2 Update

Adobe Acrobat 6.0.1 Professional

Adobe Acrobat and Reader 6.0.3 Update

Adobe Acrobat and Reader 6.0.4 Update

Adobe Acrobat and Reader 6.0.5 Update

Adobe Acrobat and Reader 6.0.6 Update

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Community Help

Adobe Creative Suite 5 Design Premium

Adobe Download Manager 2.0 (Remove Only)

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader 7.0.7

AFPL Ghostscript 8.53

AFPL Ghostscript Fonts

Alien Skin Image Doctor 2

AlphaZIP

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Control Panel

ATI Display Driver

AVG 2011

AVG Security Toolbar

Banner Designer Pro v5.0

Blue Squirrel Grab-a-Site

Blue Squirrel WebWhacker 5.0

Bonjour

Camera Control Pro 2

Canon MP Navigator EX 1.0

Canon Utilities Solution Menu

CanoScan LiDE 90

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Code 128 Conversion Utility 1.1.1

Color Wheel Expert 4.5

Color Wheel Pro 2.0

ColorImpact version 2.8.7

Compatibility Pack for the 2007 Office system

ControlMyNikon version 3.0

Corel Paint Shop Pro Photo X2

Corel Paint Shop Pro X

Corel PaintShop Photo Pro X3

Creative MediaSource

Crescent QuickPak 4.3

Critical Update for Windows Media Player 11 (KB959772)

Crystal Button 2.8

Crystal Reports

Dell Driver Download Manager

Dell Driver Reset Tool

Dell Media Experience

Dell Media Experience Update

Dell Picture Studio v3.0

Dell Software Uninstall

Download Manager and Options

Dropbox

DualCalc v1.02a

EmailUnlimited

File Uploader

FMS File Size 2.3

FolderSizes 5

Froogle Mash for Actinic

GeoChart 2.0

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GroupMail :: Business Edition

GroupMail :: SMS Add-on

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IBP & ARELIS 9.5.1

IBP 10.1.2

IBP 11.9.1

IBP 12.0

ICA

IDAutomation.com Code 39 Free Font

Inspyder Web2Disk Trial

InstallShield Express 2.11

Intel Matrix Storage Manager

Internet Explorer Default Page

IPM_PSP_CL

IPM_PSP_COM

iTunes

J2SE Runtime Environment 5.0 Update 10

Janus GridEX 2000a - ActiveX Control

Jasc Paint Shop Photo Album 5

Jasc Paint Shop Pro Studio, Dell Editon

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Longtion GIF Animator version 4.0

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft AutoRoute 2005

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Digital Image Library 9 - Blocker

Microsoft Encarta Encyclopedia Standard 2005

Microsoft FrontPage Client - English

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Money

Microsoft National Language Support Downlevel APIs

Microsoft Office Live Add-in 1.5

Microsoft Office XP Media Content

Microsoft Office XP Professional

Microsoft Photo Premium 10

Microsoft Picture It! Library 10

Microsoft Publisher 2002

Microsoft Silverlight

Microsoft SQL Server 2000

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft Visual Studio .NET Enterprise Developer 2003 - English

Microsoft Visual Studio 6.0 Enterprise Edition

Microsoft Web Publishing Wizard 1.53

Microsoft Word 2002

Microsoft Works

Microsoft Works 2005 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 8.0.1 (x86 en-GB)

MSDN Library - April 2005 DVD

MSDN Library - October 2001

MSVCRT

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

MyFonts Order M803081

MySQL Administrator 1.0

Nero Suite

Netscape Browser (remove only)

NetTracker 7.5 Enterprise

Nikon Message Center 2

Nikon RAW Codec

OGA Notifier 2.0.0048.0

One Stop Order Processing for Actinic

OpenGL Extensions Viewer 4.0

ParcelForce Labels

PC Connectivity Solution

PDF Password Cracker v3.1

PDF Settings CS5

Picture Control Utility

PowerDVD 5.5

Presto! PageManager 7.15.16

Print Server Driver

Product Mash for Actinic

PSPPContent

PSPPRO_DCRAW

QuickTime

RegistryFix v5.0

RegistryFix v7.0

Safari

Sage Line 50

ScanSoft OmniPage SE 4

ScriptFTP

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975254)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976323)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Segoe UI

SEO Report v1.0

Setup

Shockwave

Site Content Analyzer 2.2

Skins

SmartDraw 2007

Sonic DLA

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sophos Anti-Rootkit 1.5.20

Sound Blaster Audigy 2 ZS

Spartan

SurfOffline Professional 2

TextPad 5

Turbo Lister 2

Tweak UI

Ulead GIF Animator 5 TBYB

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

ViewNX

ViewNX 2

Vigo ActiveX Runtimes v1.0

Visual CSS QuickMenu

Visual Studio .NET Enterprise Developer 2003 - English

Visual Studio.NET Baseline - English

Visustin v3

Visustin v3 (C:\Program Files\Visustin\)

Wacom Tablet

WebEx

WebFldrs XP

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Defender

Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows Resource Kit Tools

Windows XP Service Pack 3

WinZip

Works Upgrade

Yahoo! Detect

.

==== End Of File ===========================

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_10

Run by it.support at 13:34:57 on 2012-11-25

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1662 [GMT 0:00]

.

.

============== Running Processes ================

.

\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\DKabcoms.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\msdtc.exe

\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\rdpclip.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\GroupMail 5\GMSdlr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

\\ws01\Users\it.support\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe

\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe

C:\Program Files\Actinic MU v7\Catalog.exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\WINDOWS\system32\logon.scr

C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Microsoft Works\WkDStore.exe

C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Wessex Systems\IPAddress\GetIPAddress.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uProxyOverride = <local>;*.local

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: {9696B0EA-5D5B-410B-89C3-3B2B147430A2} - <orphaned>

EB: {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} - <orphaned>

EB: {EB9EDE30-C8CA-4428-B41E-BFCF5A6E6F37} - <orphaned>

uRun: [GroupMail Scheduler] c:\program files\groupmail 5\GMSdlr.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [synchronization Manager] c:\windows\system32\mobsync.exe /logon

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\ATIPTAXX.EXE

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\admini~1.wes\startm~1\programs\startup\dropbox.lnk - \\ws01\users\it.support\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\admini~1.wes\startm~1\programs\startup\spartan.lnk - c:\program files\spartan\Spartan.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - c:\program files\blue squirrel\webwhacker 5.0\art\wwietb.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553555000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{164973F1-2088-41C0-BC3E-261BF8A6275E} : NameServer = 192.168.1.30,192.168.1.254

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: 0aMCPClient - <orphaned>

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - \\ws01\Users\it.support\Application Data\Mozilla\Firefox\Profiles\b6l4tlke.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: c:\program files\mozilla firefox\components\qfaservices.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 26984]

R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]

R2 GetIPAddress;Get IP Address;c:\wessex systems\ipaddress\GetIPAddress.exe [2006-9-27 24576]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-14 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-10 676936]

R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2012-5-16 7218040]

R2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\tablet\wacom\Wacom_TouchService.exe [2012-5-16 483704]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-10 22856]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-10 167264]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2012-5-16 11640]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2012-5-16 55672]

S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2012-5-16 13688]

.

=============== File Associations ===============

.

ShellExec: AlphaZip.exe: open="c:\progra~1\AlphaZIP/AlphaZIp.exe" "%1"

ShellExec: dreamweaver.exe: open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2012-11-23 06:25:09 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c1a2d5d8-af81-4d2c-9664-d1ce2fb90c76}\mpengine.dll

2012-11-16 15:30:16 -------- d-----w- C:\ComboFix

2012-11-16 14:40:53 -------- d-sha-r- C:\cmdcons

2012-11-16 14:36:08 98816 ----a-w- c:\windows\sed.exe

2012-11-16 14:36:08 256000 ----a-w- c:\windows\PEV.exe

2012-11-16 14:36:08 208896 ----a-w- c:\windows\MBR.exe

2012-11-15 11:54:17 -------- d-----w- c:\program files\Dropbox

2012-11-15 11:49:46 -------- d-----w- \\ws01\Users\it.support\Application Data\Dropbox

2012-11-08 10:58:17 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-10-31 19:15:02 -------- d-----w- c:\program files\Spartan

2012-10-31 18:47:59 -------- d-----w- \\ws01\Users\it.support\Application Data\M8 Software

2012-10-31 16:25:36 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-10-31 16:25:29 -------- d-----w- c:\program files\Download Manager and Options

2012-10-31 16:25:18 -------- d-----w- \\ws01\Users\it.support\Application Data\Babylon

.

==================== Find3M ====================

.

2012-11-24 16:11:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-24 16:11:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-03 09:15:04 715253 ----a-w- \\ws01\Users\it.support\Application Data\unins000.exe

2012-10-28 11:04:37 55296 ----a-w- c:\windows\system32\Crystl32.oca

2012-10-28 11:04:37 240128 ----a-w- c:\windows\system32\comctl32.oca

2012-10-28 11:04:36 265728 ----a-w- c:\windows\system32\mscomctl.oca

2012-10-28 11:04:35 158208 ----a-w- c:\windows\system32\GridEX20.oca

2012-10-28 11:04:35 146944 ----a-w- c:\windows\system32\Cstext32.oca

2012-10-28 11:04:34 39936 ----a-w- c:\windows\system32\Cscal32.oca

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-20 10:01:05 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-10-01 17:32:10 264416 ----a-w- c:\windows\system32\GMMailer.dll

2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-17 15:28:04 34 ----a-w- c:\windows\wol.bat

2012-09-04 17:03:26 122901 -c--a-w- c:\windows\Product Mash for Actinic Uninstaller.exe

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 13:42:15.42 ===============

Link to post
Share on other sites

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • a new fresh DDS log

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.