Jump to content

rundll error ? from malware


Recommended Posts

I have a rundll error which I suspect is from malware.I have updated and run a scan using the malwarebytes software which has not provided a solution. As a result I am unable change my desktop wallpaper without the display programme hanging. I have posted the 3 log files DDS.txt and attach.txt, as well as the rootkit file as per instructions on website. Thanks for your help.

DDS file

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by USERXP at 15:30:34.76 on 2011/03/25

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1074 [GMT 2:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\conquest\dgateserv.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\conquest\dgate.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\USERXP\Desktop\Defogger.exe

C:\Documents and Settings\USERXP\Desktop\dds(2).scr

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\userxp\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [CAHeadless] c:\program files\adobe\elements organizer 8.0\caheadless\ElementsAutoAnalyzer.exe

uRun: [skype] "c:\documents and settings\userxp\desktop\phone\Skype.exe" /nosplash /minimized

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe

mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect

mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation

mRun: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart

mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui

mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent

mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quicken2\billmind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken2\bagent.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: MIW Deployment - hxxps://196.38.48.3/downloads/MIWDeploy.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {54FF454A-8F37-4406-8797-4C3607918A85} - hxxp://pacs.tuft.co.za:87/ami/install/amiviewer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\userxp\applic~1\mozilla\firefox\profiles\952ut2xk.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage - hxxp://www.mweb.co.za/home/home.aspx|http://www.google.co.za/|http://www.iafrica.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc03dc5&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\userxp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared

FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]

R1 RapportCerberus_23945;RapportCerberus_23945;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\23945\RapportCerberus_23945.sys [2011-2-28 55224]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-23 25824]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]

R2 RUSHTON;RUSHTON;c:\conquest\DgateServ.exe [2008-12-2 54784]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176]

S2 mrtRate;mrtRate; [x]

S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\userxp\locals~1\temp\aticdsdr.sys --> c:\docume~1\userxp\locals~1\temp\ATICDSDr.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-21 517448]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

.

=============== Created Last 30 ================

.

2011-03-22 15:08:34 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-03-22 15:08:31 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-03-22 15:08:30 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-03-22 15:08:28 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-03-22 15:08:24 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-03-22 15:07:38 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2011-03-22 15:07:33 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-03-22 15:07:31 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-03-22 15:07:21 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-03-22 15:07:20 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2011-03-22 15:06:24 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2011-03-22 15:06:18 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2011-03-22 15:06:16 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2011-03-22 15:06:02 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2011-03-22 15:04:59 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2011-03-22 15:03:58 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2011-03-22 15:02:59 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2011-03-22 15:01:59 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2011-03-22 15:01:56 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2011-03-22 15:01:53 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2011-03-22 15:01:50 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-03-22 15:01:47 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2011-03-22 15:01:43 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2011-03-22 15:01:39 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2011-03-22 15:01:28 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2011-03-22 15:01:25 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2011-03-22 15:01:23 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2011-03-22 15:01:19 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2011-03-22 15:01:02 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2011-03-22 14:59:39 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll

2011-03-22 14:59:37 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2011-03-22 14:59:34 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys

2011-03-22 14:59:32 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2011-03-22 14:59:29 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys

2011-03-22 14:59:29 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys

2011-03-22 14:59:28 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys

2011-03-22 14:59:21 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll

2011-03-22 14:59:19 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll

2011-03-22 14:59:15 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll

2011-03-22 14:59:09 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll

2011-03-22 14:58:54 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys

2011-03-22 14:58:50 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys

2011-03-22 14:58:44 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys

2011-03-22 14:58:40 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll

2011-03-22 14:58:37 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys

2011-03-22 14:58:36 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys

2011-03-22 14:58:32 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll

2011-03-22 14:58:29 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys

2011-03-22 14:58:26 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll

2011-03-22 14:58:23 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2011-03-22 14:58:21 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2011-03-22 14:58:18 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2011-03-22 14:57:13 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-03-22 14:57:11 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2011-03-22 14:57:09 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2011-03-22 14:57:07 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2011-03-22 14:57:03 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2011-03-22 14:56:50 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2011-03-22 14:56:31 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys

2011-03-22 14:56:28 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys

2011-03-22 14:56:25 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys

2011-03-22 14:56:18 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys

2011-03-22 14:56:15 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys

2011-03-22 14:56:09 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys

2011-03-22 14:56:06 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys

2011-03-22 14:56:02 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys

2011-03-22 14:54:57 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys

2011-03-22 14:53:58 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-03-22 14:52:59 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys

2011-03-22 14:51:58 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll

2011-03-22 14:51:56 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys

2011-03-22 14:51:53 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys

2011-03-22 14:51:50 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys

2011-03-22 14:51:47 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys

2011-03-22 14:51:40 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys

2011-03-22 14:51:37 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys

2011-03-22 14:51:35 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys

2011-03-22 14:51:33 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys

2011-03-22 14:51:00 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys

2011-03-22 14:50:57 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll

2011-03-22 14:50:40 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-03-22 14:50:33 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2011-03-22 14:50:31 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2011-03-22 14:50:30 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2011-03-22 14:50:26 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2011-03-22 14:50:23 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2011-03-22 14:50:14 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2011-03-22 14:50:10 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2011-03-22 14:50:03 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2011-03-22 14:48:54 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2011-03-22 14:48:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-03-22 14:48:32 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-03-22 14:48:30 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2011-03-22 14:48:29 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2011-03-22 14:47:47 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2011-03-22 14:47:44 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2011-03-22 14:47:43 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2011-03-22 14:47:30 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2011-03-22 14:47:08 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2011-03-22 14:45:58 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2011-03-22 14:44:58 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-03-22 14:43:57 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe

2011-03-22 14:42:58 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2011-03-22 14:41:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll

2011-03-22 14:40:56 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll

2011-03-22 14:39:58 594238 -c--a-w- c:\windows\system32\dllcache\es56hpi.sys

2011-03-22 14:38:58 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys

2011-03-22 14:37:59 49792 -c--a-w- c:\windows\system32\dllcache\cyzport.sys

2011-03-22 14:36:59 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys

2011-03-22 14:35:14 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-03-22 14:34:55 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll

2011-03-22 14:33:59 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2011-03-22 14:32:35 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-03-21 18:31:30 -------- d-----w- c:\docume~1\userxp\applic~1\Malwarebytes

2011-03-21 18:31:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-21 18:31:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-03-21 18:31:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-21 18:31:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-26 16:48:13 -------- d-----w- c:\program files\InterActual

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 15:32:49.40 ===============

Attach.txt

ark.txt

Link to post
Share on other sites

Hi LD Tate

Thanks for the response. When I try to change my desktop wallpaper to a photo from my own collection when I click apply and okay to change the wallpaper the display programme hangs and I get an "End Program-rundll32.exe this program is not responding" message. Windows wants to send an error message containing the following files C:\DOCUMEN~1\USERXP\LOCAL~1\TEMP\WER8236.dir00\rundll32.exe.mdmp or at other times this C:\DOCUMEN~1\USERXP\LOCAL~1\TEMP\WER11ef.dir00\rundll.exe.mdmp. I have run a scan using the SFC with my XP disc in but this did not help. MWBAM picked up about 30+ threats when I ran the scan.

Link to post
Share on other sites

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove if listed:

logitech\desktop messenger

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Here is the log file from the MBAM scan.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6163

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2011/03/25 06:49:21 AM

mbam-log-2011-03-25 (06-49-21).txt

Scan type: Quick scan

Objects scanned: 179095

Time elapsed: 20 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 27

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\funwebproducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Link to post
Share on other sites

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove if listed:

logitech\desktop messenger

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

No longer get the rundll.exe message, although I have to be really patient as the display program in the control panel is slow to apply the new photo. If I try to do other tasks, minimize etc. while it "applies" the photo it hangs again. It may be slow because I am applying large full res Jpeg files from from a 16 megapixel camera. Otherwise all appears to be running fine.

Link to post
Share on other sites

Good job thumbup.gif

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.