Jump to content

Recommended Posts

Hi! I am having a nightmare with my laptop. Occassionally I will get a message that my pc is unable to connect to internet...http error something I cant understand. I tried installing Firefox but installation won't proceed...the interface just dies out. I am also unable to run MBAM(I was lucky I was able to install it maybe)...I can't even run F-Secure Online Scanner coz the screen keeps on getting back to "start scan" . I'd like to run HijckThis but don't know where to get the latest installer. I have run Spybot and SuperAntispyware OK...found mostly tracking cookies and quarantined it BUT still I can't run my MBAM and why I cant install Firefox? I've ran Process Explorer and the report is in my desktop but dont know if you would require it. Help please. What kind of infection is this?

Link to post
Share on other sites

Hello Dezvouz1946 and welcome back to the forums here at MalwareBytes.

In order to get a better idea of what might be going on it would help if we could get some scans/logs.

Let's try these.

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

Thank for replying to my post. Here is the result of the ot the antirootkit.the scan took about 40 minutes to finished.

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF782C470]

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF1A390B0]

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF782C5C0]

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF782C660]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\AVG\AVG9\avgfws9.exe[188] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\AVG\AVG9\avgfws9.exe[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\AVG\AVG9\avgfws9.exe[188] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\AVG\AVG9\avgfws9.exe[188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\svchost.exe[228] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[276] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10033D7C

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10033BEC

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10033DEC

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10033AA0

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10033214

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100327E4

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10032778

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[524] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10033A4C

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10033D7C

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10033BEC

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10033DEC

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10033AA0

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10033214

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100327E4

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10032778

.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10033A4C

.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\Bonjour\mDNSResponder.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\Bonjour\mDNSResponder.exe[724] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\Bonjour\mDNSResponder.exe[724] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10043D7C

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10043BEC

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10043DEC

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10043AA0

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10043214

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100427E4

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10042778

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[744] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10043A4C

.text C:\Program Files\Dell Support\DSAgnt.exe[776] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\Dell Support\DSAgnt.exe[776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\Dell Support\DSAgnt.exe[776] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\Dell Support\DSAgnt.exe[776] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0101F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[796] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\svchost.exe[932] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1216] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\Java\jre6\bin\jqs.exe[1216] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\Java\jre6\bin\jqs.exe[1216] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\svchost.exe[1320] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1356] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1372] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\winlogon.exe[1460] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\winlogon.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\winlogon.exe[1460] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\winlogon.exe[1460] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\lsass.exe[1524] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\lsass.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\lsass.exe[1524] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\lsass.exe[1524] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[1584] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1868] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\svchost.exe[1960] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\svchost.exe[1960] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\AVG\AVG9\avgam.exe[2260] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\AVG\AVG9\avgam.exe[2260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\AVG\AVG9\avgam.exe[2260] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\AVG\AVG9\avgam.exe[2260] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\AVG\AVG9\avgemc.exe[2384] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\AVG\AVG9\avgemc.exe[2384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\AVG\AVG9\avgemc.exe[2384] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\AVG\AVG9\avgemc.exe[2384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\AVG\AVG9\avgnsx.exe[2424] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\Creative\Shared Files\CamTray.exe[2560] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2744] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\ctfmon.exe[2756] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\ctfmon.exe[2756] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\System32\alg.exe[2820] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\System32\alg.exe[2820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\System32\alg.exe[2820] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\System32\alg.exe[2820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3296] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

.text C:\WINDOWS\system32\wscntfy.exe[5380] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003D7C

.text C:\WINDOWS\system32\wscntfy.exe[5380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003BEC

.text C:\WINDOWS\system32\wscntfy.exe[5380] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003DEC

.text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AA0

.text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003214

.text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027E4

.text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002778

.text C:\WINDOWS\system32\wscntfy.exe[5380] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A4C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device EDBC9D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{087F3405-C50C-733B-1D4C-B82680176732}\InProcServer32@ %SystemRoot%\system32\dsuiext.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{087F3405-C50C-733B-1D4C-B82680176732}\InProcServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{087F3405-C50C-733B-1D4C-B82680176732}\ShellEx\MayChangeDefaultMenu

Reg HKLM\SOFTWARE\Classes\CLSID\{087F3405-C50C-733B-1D4C-B82680176732}\ShellEx\MayChangeDefaultMenu@ 1

Reg HKLM\SOFTWARE\Classes\CLSID\{156F457B-4571-256D-D57D-647A582984D3}\InprocServer32@ C:\WINDOWS\system32\CLBCatQ.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{156F457B-4571-256D-D57D-647A582984D3}\InprocServer32@ThreadingModel Both

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED0344-3AEA-8BD4-B455-1990AE7C334F}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED0344-3AEA-8BD4-B455-1990AE7C334F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{4FED0344-3AEA-8BD4-B455-1990AE7C334F}\ProgID@ DAO.Index.36

---- EOF - GMER 1.0.15 ----

Here is the result of DDS scan.

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Creative\Shared Files\CamTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Evelyn Dequilla\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pep.ph/index.php

uDefault_Page_URL = hxxp://www.dell.co.uk/myway

Link to post
Share on other sites

Sorry if the DDS Log got cut off.I am new to the forum like this.Here is the DDS Log again.I need to run the DDS scan again to get this scan result.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 15/11/2007 19:17:57

System Uptime: 22/11/2009 17:07:22 (4 hours ago)

Motherboard: Dell Inc. | | 0X9238

Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 23.32 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP149: 24/08/2009 14:19:44 - System Checkpoint

RP150: 26/08/2009 11:37:48 - System Checkpoint

RP151: 26/08/2009 16:22:15 - Software Distribution Service 3.0

RP152: 28/08/2009 10:05:46 - System Checkpoint

RP153: 30/08/2009 13:40:12 - System Checkpoint

RP154: 09/09/2009 17:09:42 - Software Distribution Service 3.0

RP155: 22/09/2009 23:25:24 - System Checkpoint

RP156: 14/10/2009 17:42:57 - System Checkpoint

RP157: 17/10/2009 15:17:59 - Software Distribution Service 3.0

RP158: 22/10/2009 14:55:12 - System Checkpoint

RP159: 06/11/2009 12:36:49 - System Checkpoint

RP160: 06/11/2009 13:06:28 - Software Distribution Service 3.0

RP161: 11/11/2009 23:09:29 - Software Distribution Service 3.0

RP162: 18/11/2009 17:17:24 - Removed Norton Security Center

RP163: 18/11/2009 19:52:20 - Installed AVG 9.0

RP164: 19/11/2009 01:52:21 - Removed Skype

Link to post
Share on other sites

Sorry if the DDS Log got cut off.I am new to the forum like this.Here is the DDS Log again.I need to run the DDS scan again to get this scan result.
No problem, don't worry about it.

This last post has the attach.txt posted twice. I need the DDS.txt. It was the first log you had posted that got cut off. If you need to just run it again as it doesn't take long. Then only post DDS.txt.

Link to post
Share on other sites

Sorry again. I can see that you are really there to help me. Thanks for your patience. Here again is the complete DDS scan log:

DDS (Ver_09-10-26.01) - NTFSx86

Run by Evelyn Dequilla at 21:10:37.61 on 23/11/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.245 [GMT 0:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Creative\Shared Files\CamTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Evelyn Dequilla\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pep.ph/index.php

uDefault_Page_URL = hxxp://www.dell.co.uk/myway

uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html?p=DK

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-18 25608]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-18 161800]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-18 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-18 360584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480]

R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-18 906520]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-18 285392]

R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-11-18 2304192]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-18 5832712]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-2 55152]

R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-18 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-18 122376]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-18 30216]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-18 25736]

S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-18 30104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-19 38224]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-11-15 163840]

=============== Created Last 30 ================

2009-11-19 14:36:44 0 d-----w- c:\program files\Eusing Free Registry Cleaner

2009-11-19 13:21:50 73728 ----a-w- c:\windows\system32\javacpl.cpl

2009-11-19 13:21:49 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-19 03:08:23 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-11-19 03:07:51 0 d-----w- c:\program files\SUPERAntiSpyware

2009-11-19 03:07:51 0 d-----w- c:\docume~1\evelyn~1\applic~1\SUPERAntiSpyware.com

2009-11-19 03:06:30 0 d-----w- c:\program files\common files\Wise Installation Wizard

2009-11-19 02:04:26 0 d-----w- c:\program files\Spybot - Search & Destroy

2009-11-19 02:04:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-11-19 01:05:47 0 d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2009-11-19 01:05:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-19 01:05:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-19 01:05:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-18 19:54:10 0 d--h--w- C:\$AVG

2009-11-18 19:53:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-18 19:53:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-18 19:53:29 0 d-----w- c:\windows\system32\drivers\Avg

2009-11-18 19:53:26 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2009-11-18 19:53:02 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2009-11-18 19:53:01 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-11-18 19:52:56 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-18 19:52:24 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2009-11-18 19:52:24 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2009-11-18 19:52:23 0 d-----w- c:\program files\AVG

2009-11-18 19:47:40 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2009-11-18 17:57:11 0 d-----w- c:\docume~1\evelyn~1\applic~1\abelhadigital.com

2009-11-18 17:57:11 0 d-----w- c:\docume~1\alluse~1\applic~1\abelhadigital.com

2009-11-18 17:57:05 0 d-----w- c:\program files\HostsMan

2009-11-18 17:42:08 0 d-----w- c:\program files\CCleaner

2009-11-18 17:40:10 0 d-----w- c:\docume~1\evelyn~1\applic~1\Malwarebytes

2009-11-18 17:40:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-11-18 16:58:28 0 d-----w- c:\windows\pss

2009-11-11 21:06:20 0 d-----w- C:\divx

2009-11-11 18:26:56 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys

2009-11-11 18:26:56 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2009-11-11 18:26:55 129784 ------w- c:\windows\system32\pxafs.dll

2009-11-11 18:20:28 0 d-----w- c:\program files\common files\DivX Shared

2009-11-11 18:20:26 0 d-----w- c:\program files\DivX

2009-11-08 08:16:12 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-11-08 08:16:12 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll

2009-09-25 16:42:38 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys

2009-09-25 16:42:38 120056 ------w- c:\windows\system32\pxcpyi64.exe

2009-09-25 16:42:38 118520 ------w- c:\windows\system32\pxinsi64.exe

2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll

2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll

2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll

2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll

2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll

2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll

2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll

2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

2008-09-27 10:41:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 21:11:50.09 ===============

Here is the Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 15/11/2007 19:17:57

System Uptime: 23/11/2009 20:54:25 (1 hours ago)

Motherboard: Dell Inc. | | 0X9238

Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 23.382 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP150: 26/08/2009 11:37:48 - System Checkpoint

RP151: 26/08/2009 16:22:15 - Software Distribution Service 3.0

RP152: 28/08/2009 10:05:46 - System Checkpoint

RP153: 30/08/2009 13:40:12 - System Checkpoint

RP154: 09/09/2009 17:09:42 - Software Distribution Service 3.0

RP155: 22/09/2009 23:25:24 - System Checkpoint

RP156: 14/10/2009 17:42:57 - System Checkpoint

RP157: 17/10/2009 15:17:59 - Software Distribution Service 3.0

RP158: 22/10/2009 14:55:12 - System Checkpoint

RP159: 06/11/2009 12:36:49 - System Checkpoint

RP160: 06/11/2009 13:06:28 - Software Distribution Service 3.0

RP161: 11/11/2009 23:09:29 - Software Distribution Service 3.0

RP162: 18/11/2009 17:17:24 - Removed Norton Security Center

RP163: 18/11/2009 19:52:20 - Installed AVG 9.0

RP164: 19/11/2009 01:52:21 - Removed Skype

Link to post
Share on other sites

Yes, those are the correct logs. I'm not seeing anything malicious, but that doesn't mean there isn't anything as Malware can hide. We'll do some more scans but wanted to check in to see how things were running at this point as it's been about 4 days since you posted originally.

Are you still having issues? Will MBAM run? Will AVG run? If so can you run a full system scan and report what's found, if anything.

Link to post
Share on other sites

Hi again.I am lucky today that i can scan the MBAM and i was surprise.why 4 days ago i can't run the MBAM

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

24/11/2009 18:11:29

MBAM LOG 1

Scan type: Quick Scan

Objects scanned: 100582

Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 3

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.

Files Infected:

(No malicious items detect

What do i do next?My MBAM still open and i don't know what i am going to do next.

Link to post
Share on other sites

You need to have MBAM fix those items.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

With that said, the adware it found is pretty harmless as far as Malware goes. Shouldn't cause you any serious issues. Still get rid of it though.

Are you having any issues?

Link to post
Share on other sites

Im back. I have already "removed" the detections by mbam. Here is the log after I have removed the 6 items/malware>>>

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

24/11/2009 20:27:01

mbam-log-2009-11-24 (20-27-01).txt

Scan type: Quick Scan

Objects scanned: 100582

Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 3

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully

C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

(No malicious items detected)

I have also ran the AVG scan while waiting for your reply. I updated it first...I was surprised that I was able to update it because before it was saying "General Error...Update Failed" but eventually the update was successful. Here is the AVG scan result. overview, Infections, Warnings

By the way I just would like to add that whenever I am posting my reply to you I am having difficulty because the cursor of my mouse keeps on going everywhere...I have to re-write/delete again. Is this another symptom of infection? I am still getting occassional message in my laptop of "Connectivity Problem" which when I click "Diagnose" the connectivity will eventually succeed. Why is it like that? I am sorry if I have lots of questions...my laptop is really just acting weird. I'll wait for your reply again. Thanks!

Link to post
Share on other sites

By the way I just would like to add that whenever I am posting my reply to you I am having difficulty because the cursor of my mouse keeps on going everywhere...I have to re-write/delete again. Is this another symptom of infection?

I haven't seen anything in the logs we've run that shows you were ever infected. The Mywebsearch/MyWay that MBAM found came installed by Dell on your laptop, so it's been there all along. It's harmless, just annoying.

The mouse issue is more likely due to a hardware/driver issue. Have you tried updating the drivers from Dell?

I am still getting occassional message in my laptop of "Connectivity Problem" which when I click "Diagnose" the connectivity will eventually succeed. Why is it like that? I am sorry if I have lots of questions...my laptop is really just acting weird. I'll wait for your reply again. Thanks!

No problem on the questions, that's what I'm here for. Again, don't think it's Malware. Could be any number of things here too. Do you have other PC's on the network? What kind of set-up do you have. I'll help as much as I can then if we cannot solve it here you can go over to the Windows help forum here at MBAM.

Link to post
Share on other sites

How do I update it? Can you point me to the proper site? Any step by step guide?

I would suggest you go to the Dell website and put in your s/n, ect... it should give you some drivers to choose from. You can also go into your Device Manager and look for the name of the pointing device, touchpad, ect.... right click it and select update driver.

There is no other pc here in my house...we only have this one laptop. Where can I check my connectivity settings?

One place to start could be your ISP. They should at least check the incoming connections, modem, ect....then if you know those are okay then that isolates it to the PC. Have you tried some basic steps, such as resetting the power to the modem?

You also have several network related issues noted in the event viewer from the DDS log. I'll take a look at those and see if we can come up with some ideas.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.