Jump to content

Defogger download


Ms M

Recommended Posts

Hi, when trying to download the defogger I followed the instructions given but it did not ask me to reboot the machine. Is this classed as an error message? Or can I continue with the instructions after manually rebooting the machine myself?

This is on a 2002/3 MESH desk top pc running windows XP with service pack 3. I am in Scotland, thanks in advance for any help or suggestions you may have.

P.S. This is the Defogger notepad message from the desk top.

defogger_disable by jpshortstuff (28.11.09.2)

Log created at 20:32 on 29/11/2009 (Lisa McManus)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Link to post
Share on other sites

Hi, these are the logs that have come from following the GMER rootkit scanner instructions.

We have had various problems with our pc and have had a few blue screen crashes, hangups etc and also on start up it says the fire wall is not switched on, when you click the balloon to check the fire wall is on and the warning balloon has gone. I have run Malware Bytes, AVG, Avira, Trend and Windows one scan, which haven't really helped. Windows one scan cleaned the registry but found one file it couldn't clean "HKCR\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\" and info says it is Com\ActiveX when I searched for it I couldn't find it. Avira also found a file it couldn't scan as it was a windows system file "C:\pagefile.sys" and when I searched for this it said the file couldn't be found. I am now trying this to see if any one thinks there is a problem with my system and maybe you can help. I am logging this from the UK and my system is a Mesh computer running Windows XP with service pack3 installed. Thanks to anyone that can help.

DDS (Ver_09-11-29.01) - NTFSx86

Run by Lisa McManus at 21:35:13.98 on 29/11/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.175 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

Malwarebytes' Anti-Malware 1.41

Database version: 3245

Windows 5.1.2600 Service Pack 3

28/11/2009 00:07:31

mbam-log-2009-11-28 (00-07-31).txt

Scan type: Full Scan (C:\|)

Objects scanned: 198181

Time elapsed: 2 hour(s), 20 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Lisa McManus\Local Settings\Temporary Internet Files\Content.IE5\VF2K4FK8\setupxv[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\SMART Board Software\SMARTBoardService.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\SMART Board Software\SMARTBoardTools.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\SMART Board Software\Aware.exe

C:\Program Files\SMART Board Software\Marker.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Lisa McManus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:9090

uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [Adware Alert] c:\program files\adware alert\Adware Alert.exe -boot

mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe

mRun: [updReg] c:\windows\Updreg.exe

mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe

mRun: [AudioHQ] c:\program files\creative\sblive\audiohq\AHQTB.EXE

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [<NO NAME>]

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart board software\SMARTBoardTools.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-explorer: <NO NAME> =

IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: hotmail.com

Trusted Zone: internet

Trusted Zone: live.com

Trusted Zone: mcafee.com

Trusted Zone: msn.com

Trusted Zone: passport.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164540737453

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164585602423

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.cortona3d.com/bin/cortvrml.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2006-11-26 8192]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-29 11608]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-7 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-7 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-7 108552]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-29 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-29 185089]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-7 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-7 297752]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-29 55656]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S2 gupdate1c98fad8e733910;Google Update Service (gupdate1c98fad8e733910);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]

S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\nvtvsnd.sys --> c:\windows\system32\drivers\nvtvsnd.sys [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\system32\drivers\webstar.sys --> c:\windows\system32\drivers\WebSTAR.sys [?]

S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2006-11-26 305920]

=============== Created Last 30 ================

2009-11-29 20:26:14 0 ----a-w- c:\documents and settings\lisa mcmanus\defogger_reenable

2009-11-29 13:23:08 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-29 13:22:39 0 d-----w- c:\program files\Avira

2009-11-29 13:22:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2009-11-27 21:33:15 0 d-----w- c:\docume~1\lisamc~1\applic~1\Adware Alert

2009-11-27 17:25:23 0 d-----w- c:\program files\BANKER Removal Tool[1]

2009-11-24 20:02:13 0 d-----w- c:\docume~1\lisamc~1\applic~1\Windows Search

2009-11-24 13:56:53 0 d-----w- c:\windows\nview

2009-11-23 20:52:14 0 d-----w- c:\program files\Microsoft

2009-11-23 20:51:56 0 d-----w- c:\docume~1\lisamc~1\applic~1\Windows Desktop Search

2009-11-23 20:49:06 0 d-----w- c:\program files\Windows Desktop Search

2009-11-23 20:49:04 0 d-----w- c:\windows\system32\GroupPolicy

2009-11-23 20:46:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2009-11-23 20:46:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2009-11-23 20:46:01 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2009-11-16 23:47:47 101 ----a-w- c:\documents and settings\lisa mcmanus\Register.bat

2009-11-11 23:37:20 0 d-----w- c:\docume~1\lisamc~1\applic~1\SMART Technologies Inc

2009-11-11 19:46:41 0 d-----w- c:\program files\SMART Technologies Inc

2009-11-11 19:43:22 110592 ----a-w- c:\windows\system32\tsccvid.dll

2009-11-11 19:37:21 0 d-----w- c:\program files\SMART Board Software

2009-11-11 19:37:21 0 d-----w- c:\program files\common files\SMART Technologies Inc

2009-11-07 19:16:09 0 d-sh--w- c:\documents and settings\lisa mcmanus\IECompatCache

2009-11-01 21:18:38 0 d-----w- c:\program files\iPod

2009-11-01 21:18:18 0 d-----w- c:\program files\iTunes

2009-10-31 19:14:25 26184 ---ha-w- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-11 04:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 14:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2009-10-08 14:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 14:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-06-07 19:34:23 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-08-28 11:01:12 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 21:36:48.97 ===============

Attach.zip

ark.zip

Link to post
Share on other sites

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don

Link to post
Share on other sites

Hi,

Thanks for the reply, it's very much appreicated. My husband is currently re-running the tools provided in the link. At the moment my wee boy who is 18 months old is very poorly so I will post the logs and the present state of the machine tomorrow night. I have just posted this so you would be aware of why we have taken so long to post back to your reply,

Many thanks,

Ms M.

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don

Link to post
Share on other sites

12056, refrain from replying to topic that is not yours.

--

@Ms M

No problem. I hope all is well with your family. Post the results once complete please. Thanks.

Hello once again.

We have finally finished running the tools and I have listed and attached the appropriate logs. The system is very very slow! It takes a long time to start up as well as opening the internet or an application! Sometimes there is a hang up and it takes a while to clear.

Many thanks, Ms M

ps-wee one is back to normal-thanks!

DDS (Ver_09-11-29.01) - NTFSx86

Run by Lisa McManus at 21:15:06.05 on 07/12/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.224 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SMART Board Software\SMARTBoardService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SMART Board Software\SMARTBoardTools.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\SMART Board Software\Aware.exe

C:\Program Files\SMART Board Software\Marker.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\HPZipm12.exe

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Documents and Settings\Lisa McManus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:9090

uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [Adware Alert] c:\program files\adware alert\Adware Alert.exe -boot

mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe

mRun: [updReg] c:\windows\Updreg.exe

mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe

mRun: [AudioHQ] c:\program files\creative\sblive\audiohq\AHQTB.EXE

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [<NO NAME>]

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart board software\SMARTBoardTools.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-explorer: <NO NAME> =

IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: hotmail.com

Trusted Zone: internet

Trusted Zone: live.com

Trusted Zone: mcafee.com

Trusted Zone: msn.com

Trusted Zone: passport.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164540737453

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164585602423

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.cortona3d.com/bin/cortvrml.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2006-11-26 8192]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-7 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-7 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-7 108552]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-29 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-29 185089]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-7 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-7 297752]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-29 56816]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-29 11608]

S2 gupdate1c98fad8e733910;Google Update Service (gupdate1c98fad8e733910);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]

S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\nvtvsnd.sys --> c:\windows\system32\drivers\nvtvsnd.sys [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\system32\drivers\webstar.sys --> c:\windows\system32\drivers\WebSTAR.sys [?]

S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2006-11-26 305920]

=============== Created Last 30 ================

2009-11-30 20:56:46 91136 ----a-r- c:\windows\system32\msls2.dll

2009-11-29 20:26:14 0 ----a-w- c:\documents and settings\lisa mcmanus\defogger_reenable

2009-11-29 13:23:08 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-29 13:22:39 0 d-----w- c:\program files\Avira

2009-11-29 13:22:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2009-11-27 21:33:15 0 d-----w- c:\docume~1\lisamc~1\applic~1\Adware Alert

2009-11-27 17:25:23 0 d-----w- c:\program files\BANKER Removal Tool[1]

2009-11-24 20:02:13 0 d-----w- c:\docume~1\lisamc~1\applic~1\Windows Search

2009-11-24 13:56:53 0 d-----w- c:\windows\nview

2009-11-23 20:52:14 0 d-----w- c:\program files\Microsoft

2009-11-23 20:51:56 0 d-----w- c:\docume~1\lisamc~1\applic~1\Windows Desktop Search

2009-11-23 20:49:06 0 d-----w- c:\program files\Windows Desktop Search

2009-11-23 20:49:04 0 d-----w- c:\windows\system32\GroupPolicy

2009-11-23 20:46:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2009-11-23 20:46:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2009-11-23 20:46:01 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2009-11-16 23:47:47 101 ----a-w- c:\documents and settings\lisa mcmanus\Register.bat

2009-11-11 23:37:20 0 d-----w- c:\docume~1\lisamc~1\applic~1\SMART Technologies Inc

2009-11-11 19:46:41 0 d-----w- c:\program files\SMART Technologies Inc

2009-11-11 19:43:22 110592 ----a-w- c:\windows\system32\tsccvid.dll

2009-11-11 19:37:21 0 d-----w- c:\program files\SMART Board Software

2009-11-11 19:37:21 0 d-----w- c:\program files\common files\SMART Technologies Inc

==================== Find3M ====================

2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-31 19:14:25 26184 ---ha-w- c:\windows\system32\mlfcache.dat

2009-10-11 04:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 14:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2009-10-08 14:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 14:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-07 19:34:23 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-08-28 11:01:12 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 21:16:42.24 ===============

ark.zip

Attach.zip

Link to post
Share on other sites

Hello.

The slowness we will see what we can do afterwards.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Are you still there?

Hi,

Yes we are still here! I'm sorry we have taken so long to get back to you-we have had some bother with Combofix as it isn't working at the moment. We have tried both recommended download sites but they both say the same thing-we must be patient and wait until the programmers resolve the issue. So, I guess we just wait!!

Will post as soon as we can use the application.

Thanks, Ms M

Link to post
Share on other sites

Hello.

Sorry for the delay.

Then...

We are going to start with Combofix:

Download Combofix from here: http://tinyurl.com/ycc4ls4

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

~Extremeboy

Link to post
Share on other sites

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,

Extremeboy

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.