VirusPain Posted May 22, 2011 ID:432317 Share Posted May 22, 2011 Hi I have AVG Internet Security 2011. Last night during a scan it said it found 1 rootkit and removed it. This made me slightly cautious so I ran AVG and Malware Bytes in safe mode, neither found anything. To be extra safe this morning I decided to try and use Panda online scan, for this I had to use Internet Explorer (I normally use Firefox). After awhile I quit it as it was taking so long. I then restarted AVG which now found 11 infections! All 11 are reportedly called Win32/PEPatch. One was removed but AVG seemed unable to remove the other 10 for some reason.I hope someone can help me ,I've followed the instructions and here is the DDS log. I've attached the other two logsThanksAbi.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24Run by Abi at 13:01:41 on 2011-05-22Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.146 [GMT 1:00].AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG10\avgfws.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\TomTom HOME 2\TomTomHOMEService.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Samsung\Samsung EDS\EDSAgent.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exeC:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVG\AVG10\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Samsung\Easy Display Manager\dmhkcore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exeC:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\TomTom HOME 2\TomTomHOMERunner.exeC:\WINDOWS\system32\igfxext.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\AVG\AVG10\avgui.exeC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG10\avgemcx.exeC:\Program Files\AVG\AVG10\avgnsx.exeC:\Program Files\AVG\AVG10\avgchsvx.exeC:\Program Files\AVG\AVG10\avgrsx.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\Program Files\AVG\AVG10\avgam.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\Abi\My Documents\Downloads\Defogger.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Abi\My Documents\Downloads\dds.scrC:\WINDOWS\system32\WSCRIPT.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.localuInternet Settings,ProxyServer = socks=uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exemRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exemRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exemRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\abi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlIE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9eaa30&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-GB&q=FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0FF - prefs.js: network.proxy.type - 0FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll.---- FIREFOX POLICIES ----FF - user.js: network.proxy.type - 0FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0FF - user.js: network.proxy.socks_version - 5FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0.============= SERVICES / DRIVERS ===============.R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-18 27632]R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]RUnknown pavboot;pavboot; [x]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-8 947528]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-18 13224]S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-5-18 86696]S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-5-18 15016]S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-5-18 114472]S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-5-18 108328]S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-5-18 26024]S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-5-18 104616]S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-5-18 109736]S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-2 19840].=============== Created Last 30 ================.2011-05-21 06:31:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-16 19:07:19 -------- d-----w- c:\documents and settings\abi\application data\Serif2011-05-16 19:02:27 -------- d-----w- c:\program files\Serif2011-05-11 19:35:40 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-05-11 19:35:38 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-05-11 19:35:34 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-05-11 19:35:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-05-11 19:35:33 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-05-11 19:35:26 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll2011-05-11 19:35:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-05-11 19:35:20 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll.==================== Find3M ====================.2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys2011-04-07 08:49:21 3140 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys2011-04-07 08:49:08 88 -csh--r- c:\documents and settings\all users\application data\CFF4E75662.sys2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec2011-02-22 07:13:02 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys.============= FINISH: 13:02:54.64 ===============ark.zip Link to post Share on other sites More sharing options...
Kenny94 Posted May 22, 2011 ID:432456 Share Posted May 22, 2011 Hi VirusPain and Welcome to Malwarebytes!Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.---------------------------------------------------------------------------------------------Please run the BitDefender QuickScan BetaYou can use either Internet Explorer or Mozilla FireFox and Google Chrome for this scan.Accept the plug-in installation by clicking the bar above.From the contextual menu please choose 'Install ActiveX" control and you will be prompted to install the application.Once done, press the View Report link. Post that log in your next reply.NextUpdate Run MalwarebytesLaunch Malwarebytes' Anti-MalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In your next reply, please include these log(s): 1.BitDefender Report2.MBAM log Link to post Share on other sites More sharing options...
VirusPain Posted May 23, 2011 Author ID:432522 Share Posted May 23, 2011 Hi,thanks for answering. Here is the BitDefender Report:QuickScan Beta 32-bit v0.9.9.93-------------------------------Scan date: Mon May 23 07:43:22 2011Machine ID: 1C00A568No infection found.-------------------Processes---------(unsigned) Adobe Photo Downloader 3476 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe(unsigned) BatteryManager 3392 C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe(unsigned) Easy Display Manager 3716 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe(unsigned) EasySpeedUpManager 3840 C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe(unsigned) EDSAgentEx Application 3168 C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe(unsigned) GPCore COM object 4500 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe(unsigned) HP Digital Imaging 6036 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe(unsigned) HP Digital Imaging 5404 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe(unsigned) Magic Keyboard for Samsung 3788 C:\Program Files\Samsung\MagicKBD\MagicKBD.exe(unsigned) OpenOffice.org 3.1 1880 C:\Program Files\OpenOffice.org 3\program\soffice.bin(unsigned) OpenOffice.org 3.1 988 C:\Program Files\OpenOffice.org 3\program\soffice.exe(unsigned) PhotoshopElementsFileAgent.exe 1316 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe(verified) hpwuSchd Application 3504 C:\Program Files\HP\HP Software Update\hpwuschd2.exe(verified) AVG Internet Security 3016 C:\Program Files\AVG\AVG10\avgam.exe(verified) AVG Internet Security 4172 C:\Program Files\AVG\AVG10\avgcsrvx.exe(verified) AVG Internet Security 2676 C:\Program Files\AVG\AVG10\avgcsrvx.exe(verified) AVG Internet Security 2640 C:\Program Files\AVG\AVG10\avgemcx.exe(verified) AVG Internet Security 1388 C:\Program Files\AVG\AVG10\avgfws.exe(verified) AVG Internet Security 3084 C:\Program Files\AVG\AVG10\avgnsx.exe(verified) AVG Internet Security 3680 C:\Program Files\AVG\AVG10\avgtray.exe(verified) AVG Internet Security 1404 C:\Program Files\AVG\AVG10\avgwdsvc.exe(verified) AVG Internet Security 2528 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe(verified) AVG Internet Security 1828 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe(verified) AVG Internet Security 1516 C:\PROGRA~1\AVG\AVG10\avgrsx.exe(verified) AVGIDSMonitor.exe 3256 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe(verified) Bluetooth Software 492 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe(verified) Bluetooth Software 3936 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(verified) Bluetooth Software 2764 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE(verified) Bonjour 1424 C:\Program Files\Bonjour\mDNSResponder.exe(verified) Firefox 4128 C:\Program Files\Mozilla Firefox\firefox.exe(verified) Firefox 656 C:\Program Files\Mozilla Firefox\plugin-container.exe(verified) Firefox 6088 C:\Program Files\Mozilla Firefox\plugin-container.exe(verified) HP Digital Imaging 3968 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe(verified) Intel® Common User Interface 3240 C:\WINDOWS\system32\hkcmd.exe(verified) Intel® Common User Interface 1664 C:\WINDOWS\system32\igfxext.exe(verified) Intel® Common User Interface 3252 C:\WINDOWS\system32\igfxpers.exe(verified) Intel® Common User Interface 3384 C:\WINDOWS\system32\igfxsrvc.exe(verified) Intel® Common User Interface 3216 C:\WINDOWS\system32\igfxtray.exe(verified) iTunes 2948 C:\Program Files\iPod\bin\iPodService.exe(verified) iTunes 3752 C:\Program Files\iTunes\iTunesHelper.exe(verified) Java Platform SE 6 U24 1528 C:\Program Files\Java\jre6\bin\jqs.exe(verified) Java Platform SE Auto Updater 2 0 3648 C:\Program Files\Common Files\Java\Java Update\jusched.exe(verified) Messenger 3820 C:\Program Files\Messenger\msmsgs.exe(verified) Microsoft Link to post Share on other sites More sharing options...
Kenny94 Posted May 23, 2011 ID:432567 Share Posted May 23, 2011 Can you post what AVG finds and can't remove?We need to look at some information about what is going on in your computer:Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pif[*]Double click on the DDS icon, allow it to run.[*]A small box will open, with an explanation about the tool. [*]When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt[*] Save both reports to your desktop.[*] The instructions here ask you to attach the Attach.txt.[*]Instead of attaching, please copy/past both logs into your Thread[*]Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt Link to post Share on other sites More sharing options...
VirusPain Posted May 23, 2011 Author ID:432580 Share Posted May 23, 2011 Hi,I've posted the first two AVG logs, the first was when it found and removed a rootkit, but it found and removed the same thing the day before. Then the second log later on it found 11 infections, removed 1 but said it couldn't remove the others.I'll do the other scans you asked for now.Thanks againAbi1st Log"Scan ""Scheduled scan"" completed.""Rootkits";"1";"1";"0""Information";"81""Folders selected for scanning:";"Whole computer scan""Scan started:";"21 May 2011, 19:14:51""Scan finished:";"21 May 2011, 22:36:28 (3 hour(s) 21 minute(s) 37 second(s))""Total object scanned:";"721328""User who launched the scan:";"SYSTEM""Rootkits""";"File";"Infection";"Result""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS0547D.log";"Hidden file";"Object is inaccessible.""Information""";"File";"Information";"Result""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\d5fea37c-ffff-ffff-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\97193d48-ffff-ffff-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\4c422478-0000-1000-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\3f1a90da-0000-1000-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\320108d6-0000-1000-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip.bak";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Relationships.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\registryCoverage.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip.bak";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\md5Cache.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip.bak";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Characteristics.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.dat";"Password-protected";"""";"C:\Documents and Settings\Abi\Local Settings\Temporary Internet Files\Content.IE5\1ZLEQK8F\Weald of Kent May_Regional.doc";"Contains macros";"""";"C:\WINDOWS\temp\avg-fdf2a209-f433-452b-9f11-701d142b6e01.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-f7d77b41-9976-415e-b95b-37363ec8cc61.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-f7d77b41-9976-415e-b95b-37363ec8cc61.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-e587123f-b733-4733-999c-1b584bcb7f7d.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-e55bfa53-259a-4b6c-bfc3-5a04e9cb7c28.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-e4a9756c-4fb2-4d23-b1f3-c94950626c68.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-e0177922-7df1-465a-b5f5-3630c7ebf81b.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-df04456a-c1ee-4c70-a1ba-5068948bd719.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-dc5ce704-06c6-4c05-80aa-9378137ef35f.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-d734be2f-7a87-4853-94e2-3d3211289208.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-c4351073-36aa-4118-82a2-be45c1423317.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-b9ae6f2d-3463-4227-b07b-1937bac9ef32.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-b5e45132-6da0-4d23-9b79-8d46e668fa41.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-9ba8a25b-7818-4b08-8a14-8e6b51465a2b.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-8be8fd63-1f02-4957-a65c-e61b20567f78.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-86992d0b-9269-4853-91c8-d021c3d86a2f.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-6e862f32-5595-4445-94d4-a447ff870405.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-5777906b-1599-4653-9577-415c0c5b981c.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-4a676f22-2c07-4f35-83de-fd31c5de375c.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-4352c601-17af-4941-b9ac-c92c99f6bc6c.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-37a62171-623c-4776-a92a-541d49d2af5b.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-2d824d43-c067-484f-9d87-d359d4e83e1f.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-2a6db848-e990-4324-81a9-3a0df3b0b827.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-22515677-8e08-4562-a3b0-315ff801b453.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-2075af6f-6b2e-4c7e-bf14-6f07c6f92a53.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-1e31264a-8547-4b0f-85df-a16484dc4368.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-19677d12-5d0a-4925-af85-551b59730f7f.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-173ba748-a757-4273-8a9e-9d53a5359a1b.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\temp\avg-03cd5c4e-851d-4d00-9f23-6d13af99e764.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\system.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\software.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\SECURITY.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\SAM.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\default.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\CatRoot2\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\CatRoot2\edb.log";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\LocalService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\AVG10\avgam\avgam.lck";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Application Data\Mozilla\Firefox\Profiles\y3wth8zt.default\parent.lock";"Locked file. Not tested.";"Locked file. Not tested."2nd Log"Scan ""Scheduled scan"" completed.""Infections";"11";"1";"10""Information";"57""Folders selected for scanning:";"Whole computer scan""Scan started:";"22 May 2011, 12:00:04""Scan finished:";"22 May 2011, 12:16:10 (16 minute(s) 5 second(s))""Total object scanned:";"722136""User who launched the scan:";"SYSTEM""Infections""";"File";"Infection";"Result""";"C:\Program Files\Internet Explorer\iexplore.exe (628)";"Virus found Win32/PEPatch";"Deleted""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf50000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf40000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0bf30000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_0afe0000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fc0000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fb0000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07fa0000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f90000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f80000";"Virus found Win32/PEPatch";"Infected""";"C:\Program Files\Internet Explorer\iexplore.exe (628):\memory_07f70000";"Virus found Win32/PEPatch";"Infected""Information""";"File";"Information";"Result""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\d5fea37c-ffff-ffff-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\97193d48-ffff-ffff-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\4c422478-0000-1000-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\3f1a90da-0000-1000-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\Quarantine\320108d6-0000-1000-8000-000000000000.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip.bak";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Relationships.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\registryCoverage.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip.bak";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\md5Cache.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip.bak";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Characteristics.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.dat";"Password-protected";"""";"C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.dat";"Password-protected";"""";"C:\Documents and Settings\Abi\Local Settings\Temporary Internet Files\Content.IE5\1ZLEQK8F\Weald of Kent May_Regional.doc";"Contains macros";"""";"C:\WINDOWS\temp\avg-13d4f437-e8cb-481c-8e41-470a1099084b.tmp";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\system.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\system";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\software.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\software";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\SECURITY.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\SAM.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\default.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\config\default";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\CatRoot2\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\WINDOWS\system32\CatRoot2\edb.log";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\hiberfil.sys";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\LocalService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\LocalService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\All Users\Application Data\AVG10\avgam\avgam.lck";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Local Settings\temp\config.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D697977-8449-11E0-9413-00234EEA9FC6}.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B915FE3-8449-11E0-9413-00234EEA9FC6}.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7B915FE2-8449-11E0-9413-00234EEA9FC6}.dat";"Locked file. Not tested.";"Locked file. Not tested.""";"C:\Documents and Settings\Abi\Application Data\Mozilla\Firefox\Profiles\y3wth8zt.default\parent.lock";"Locked file. Not tested.";"Locked file. Not tested." Link to post Share on other sites More sharing options...
VirusPain Posted May 23, 2011 Author ID:432587 Share Posted May 23, 2011 Here's the DDS logs.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24Run by Abi at 12:57:55 on 2011-05-23Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.237 [GMT 1:00].AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG10\avgfws.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\TomTom HOME 2\TomTomHOMEService.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG10\avgnsx.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Samsung\Samsung EDS\EDSAgent.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exeC:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVG\AVG10\avgtray.exeC:\Program Files\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\TomTom HOME 2\TomTomHOMERunner.exeC:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\WINDOWS\system32\igfxext.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\AVG\AVG10\avgemcx.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\AVG\AVG10\avgui.exeC:\Program Files\AVG\AVG10\avgscanx.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\Abi\Desktop\dds.scrC:\WINDOWS\system32\WSCRIPT.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.co.uk/uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.localuInternet Settings,ProxyServer = socks=uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exemRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exemRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exemRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\abi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlIE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9eaa30&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-GB&q=FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0FF - prefs.js: network.proxy.type - 0FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dllFF - plugin: c:\documents and settings\abi\application data\mozilla\firefox\profiles\y3wth8zt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll.---- FIREFOX POLICIES ----FF - user.js: network.proxy.type - 0FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0FF - user.js: network.proxy.socks_version - 5FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0.============= SERVICES / DRIVERS ===============.R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-18 27632]R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-8 947528]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-18 13224]S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-12-21 31848]S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-5-18 86696]S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-5-18 15016]S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-5-18 114472]S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-5-18 108328]S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-5-18 26024]S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-5-18 104616]S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-5-18 109736]S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-2 19840].=============== Created Last 30 ================.2011-05-23 06:43:15 -------- d-----w- c:\documents and settings\abi\application data\QuickScan2011-05-21 06:31:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-16 19:07:19 -------- d-----w- c:\documents and settings\abi\application data\Serif2011-05-16 19:02:27 -------- d-----w- c:\program files\Serif2011-05-11 19:35:40 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-05-11 19:35:38 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-05-11 19:35:34 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-05-11 19:35:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-05-11 19:35:33 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-05-11 19:35:26 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll2011-05-11 19:35:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-05-11 19:35:20 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll.==================== Find3M ====================.2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys2011-04-07 08:49:21 3140 -csha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys2011-04-07 08:49:08 88 -csh--r- c:\documents and settings\all users\application data\CFF4E75662.sys2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl.============= FINISH: 12:59:25.23 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_11-05-19.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 07/11/2009 04:36:56System Uptime: 23/05/2011 11:26:35 (1 hours ago).Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NC10 Processor: Intel® Atom CPU N270 @ 1.60GHz | U2E1 | 1595/mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 143 GiB total, 104.901 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Atheros AR5007EG Wireless Network AdapterDevice ID: PCI\VEN_168C&DEV_001C&SUBSYS_E00C105B&REV_01\4&192AC53F&0&00E0Manufacturer: AtherosName: Atheros AR5007EG Wireless Network AdapterPNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E00C105B&REV_01\4&192AC53F&0&00E0Service: AR5416.==== System Restore Points ===================.RP88: 26/02/2011 10:48:11 - Software Distribution Service 3.0RP89: 06/03/2011 21:49:01 - System CheckpointRP90: 09/03/2011 21:46:59 - Software Distribution Service 3.0RP91: 15/03/2011 09:27:59 - Avg UpdateRP92: 15/03/2011 09:28:48 - Avg UpdateRP93: 16/03/2011 08:18:24 - Installed Java 6 Update 24RP94: 25/03/2011 16:24:44 - Software Distribution Service 3.0RP95: 07/04/2011 09:54:14 - Removed Corel WinDVD 2010.RP96: 07/04/2011 14:06:34 - Installed AVG 2011RP97: 07/04/2011 14:08:56 - Removed AVG 9.0RP98: 07/04/2011 14:09:07 - Removed AVG 2011RP99: 07/04/2011 14:10:57 - Removed AVG 9.0RP100: 07/04/2011 14:13:22 - Installed AVG 2011RP101: 07/04/2011 14:15:14 - Removed AVG 9.0RP102: 07/04/2011 14:15:25 - Removed AVG 2011RP103: 08/04/2011 06:52:28 - Removed AVG 9.0RP104: 08/04/2011 07:16:12 - Installed AVG 2011RP105: 08/04/2011 07:18:07 - Removed AVG 9.0RP106: 08/04/2011 07:22:20 - Installed AVG 2011RP107: 11/04/2011 17:21:35 - System CheckpointRP108: 15/04/2011 10:20:02 - Software Distribution Service 3.0RP109: 15/04/2011 12:30:58 - Software Distribution Service 3.0RP110: 27/04/2011 10:04:19 - Software Distribution Service 3.0RP111: 11/05/2011 10:00:22 - Software Distribution Service 3.0RP112: 15/05/2011 09:23:34 - System CheckpointRP113: 16/05/2011 20:02:20 - Installed Serif CraftArtist ProfessionalRP114: 16/05/2011 20:25:44 - Installed Serif CraftArtist Wedding Day CollectionRP115: 16/05/2011 20:32:41 - Installed Serif CraftArtist Greeting Cards CollectionRP116: 16/05/2011 20:43:51 - Installed Serif CraftArtist Baby Photos CollectionRP117: 16/05/2011 21:01:20 - Installed Serif CraftArtist Scrapbooks CollectionRP118: 20/05/2011 12:44:03 - System CheckpointRP119: 22/05/2011 14:53:03 - System Checkpoint.==== Installed Programs ======================.32 Bit HP CIO Components InstallerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Help Center 2.0Adobe Photoshop Elements 4.0Adobe Reader 9.4.4Adobe Shockwave Player 11.5Amazon Kindle For PCApple Application SupportApple Mobile Device SupportApple Software UpdateAtheros WLAN ClientAudialsAudials TVAvanquest updateAVG 2011AVG PC Tuneup 2011BonjourBufferChmC4600DBXpressDestinationsDeviceDiscoveryEasy Display ManagerEasy Network ManagerGPBaseService2Hide IP NG 1.55Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Customer Participation Program 13.0HP Imaging Device Functions 13.0HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5HP Print Projects 1.0HP Smart Web Printing 4.60HP Solution Center 13.0HP UpdateHPDiagnosticAlerthpPrintProjectsHPProductAssistantHPSSupplyhpWLPGInstallerimagine digital freedom - SamsungIntel® Graphics Media Accelerator DriveriTunesJava Auto UpdaterJava 6 Update 24Magic KeyboardMalwarebytes' Anti-MalwareMarketResearchMarvell Miniport DriverMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Choice GuardMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Mozilla Firefox 4.0.1 (x86 en-GB)MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKNamuga 1.3M WebcamOpenOffice.org 3.1Play CameraPS_AIO_05_C4600_Software_MinQuickTimeRealtek High Definition Audio DriverSamsung Battery ManagerSamsung EDSSamsung Magic DoctorSamsung Recovery Solution IIISamsung Update PlusSamsung WallpaperScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Segoe UISerif CraftArtist Baby Photos CollectionSerif CraftArtist Greeting Cards CollectionSerif CraftArtist ProfessionalSerif CraftArtist Scrapbooks CollectionSerif CraftArtist Wedding Day CollectionShop for HP SuppliesSkype ToolbarsSkype Link to post Share on other sites More sharing options...
Kenny94 Posted May 23, 2011 ID:432590 Share Posted May 23, 2011 ComboFix will not run until AVG is uninstalled as a protective measure. This is an issue with AVG. Use the uninstaller below:Please download AppRemover to your Desktop. Double-click AppRemover.exe.Untick Enable anonymous usage statistic.Click Next>>. Select AVG to remove and click Next>>.By clicking Next>> again, AppRemover will start the uninstall process. This may take a few minutes.Once completed you may be prompted to restart your system. Please do so.Restart your computer completes removal of AVG Antivirus. You can install AVG after we clean your PC. Or I have another free Antivirus that you can install.Next Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
VirusPain Posted May 23, 2011 Author ID:432600 Share Posted May 23, 2011 The uninstaller couldn't detect AVG, should I just uninstall it through my computer? Link to post Share on other sites More sharing options...
Kenny94 Posted May 23, 2011 ID:432601 Share Posted May 23, 2011 Yes or use the site below:http://www.avg.com/us-en/download-tools Link to post Share on other sites More sharing options...
VirusPain Posted May 23, 2011 Author ID:432602 Share Posted May 23, 2011 I used the tool and it says it's removed AVG, but when I try and launch Combofix it still thinks I have AVG, should I risk running combofix? Link to post Share on other sites More sharing options...
Kenny94 Posted May 23, 2011 ID:432605 Share Posted May 23, 2011 Yes continue with ComboFix ignore any wanrnings. Link to post Share on other sites More sharing options...
VirusPain Posted May 23, 2011 Author ID:432619 Share Posted May 23, 2011 Hi,it's finished it's scan and heres the log. Am I ok to reinstall AVG now?Thanks againComboFix 11-05-22.01 - Abi 23/05/2011 14:08:45.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.525 [GMT 1:00]Running from: c:\documents and settings\Abi\Desktop\ComboFix.exeFW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Abi\Application Data\Localc:\documents and settings\Abi\WINDOWSc:\windows\system32\system..((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))..2011-05-23 06:43 . 2011-05-23 06:43 -------- d-----w- c:\documents and settings\Abi\Application Data\QuickScan2011-05-21 06:31 . 2011-05-21 06:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-16 19:07 . 2011-05-16 19:07 -------- d-----w- c:\documents and settings\Abi\Application Data\Serif2011-05-16 19:02 . 2011-05-16 19:02 -------- d-----w- c:\program files\Serif2011-05-11 19:35 . 2011-05-11 19:35 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll2011-05-11 19:35 . 2011-05-11 19:35 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll2011-05-11 19:35 . 2011-05-11 19:35 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll2011-05-11 19:35 . 2011-05-11 19:35 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll2011-05-11 19:35 . 2011-05-11 19:35 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll2011-05-11 19:35 . 2011-05-11 19:35 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll2011-05-11 19:35 . 2011-05-11 19:35 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll2011-05-11 19:35 . 2011-05-11 19:35 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-04-07 08:49 . 2010-08-27 20:39 3140 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys2011-04-07 08:49 . 2010-08-27 20:39 88 -csh--r- c:\documents and settings\All Users\Application Data\CFF4E75662.sys2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe2011-03-07 05:33 . 2009-02-12 19:23 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-03-04 06:37 . 2009-02-12 18:05 420864 ----a-w- c:\windows\system32\vbscript.dll2011-03-03 13:21 . 2009-02-12 18:05 1857920 ----a-w- c:\windows\system32\win32k.sys2011-02-22 23:06 . 2009-02-12 18:05 916480 ----a-w- c:\windows\system32\wininet.dll2011-02-22 23:06 . 2009-02-12 18:05 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-02-22 23:06 . 2009-02-12 18:05 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-05-11 19:35 . 2011-05-11 19:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\Abi\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12/02/2009 20:29 4300]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592]R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 04:01 30208]R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [21/12/2010 16:52 31848]R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18/05/2010 14:03 27632]R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12/02/2009 20:33 238464]S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18/05/2010 14:03 13224]S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [21/12/2010 16:52 31848]S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [18/05/2010 14:10 86696]S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [18/05/2010 14:10 15016]S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [18/05/2010 14:10 114472]S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [18/05/2010 14:10 108328]S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [18/05/2010 14:10 26024]S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [18/05/2010 14:10 104616]S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [18/05/2010 14:10 109736]S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [02/08/2006 00:57 19840].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.localuInternet Settings,ProxyServer = socks=uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\documents and settings\Abi\Application Data\Mozilla\Firefox\Profiles\y3wth8zt.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d9eaa30&v=6.103.018.001&i=26&tp=ab&iy=b&ychte=us&lng=en-GB&q=FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0FF - prefs.js: network.proxy.type - 0FF - user.js: network.proxy.type - 0FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0FF - user.js: network.proxy.socks_version - 5FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-05-23 14:21Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".Completion time: 2011-05-23 14:32:49ComboFix-quarantined-files.txt 2011-05-23 13:32ComboFix2.txt 2010-05-22 21:26.Pre-Run: 113,570,938,880 bytes freePost-Run: 113,985,855,488 bytes free.- - End Of File - - 392C9323146C208B8B3639CD79C66AE7 Link to post Share on other sites More sharing options...
Kenny94 Posted May 23, 2011 ID:432631 Share Posted May 23, 2011 Yes you can install AVG. ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites More sharing options...
VirusPain Posted May 23, 2011 Author ID:432654 Share Posted May 23, 2011 Hi,here is the Eset log, is it all clean now?ThanksAbiESETSmartInstaller@High as downloader log:all ok# version=7# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6427# api_version=3.0.2# EOSSerial=297922b37171974ba89e66496881d825# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2011-05-23 04:11:26# local_time=2011-05-23 05:11:26 (+0000, GMT Daylight Time)# country="United Kingdom"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=1032 16777189 100 97 726 49450952 0 0# compatibility_mode=8192 67108863 100 0 347 347 0 0# scanned=75382# found=0# cleaned=0# scan_time=6530 Link to post Share on other sites More sharing options...
Kenny94 Posted May 23, 2011 ID:432674 Share Posted May 23, 2011 There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections.Go to Start > Control Panel > Add/Remove Programs.Please remove these entries from Add/Remove Programs in the Control Panel Adobe Reader 9.4.4Java Link to post Share on other sites More sharing options...
VirusPain Posted May 23, 2011 Author ID:432703 Share Posted May 23, 2011 Hi,that's all done. The computer seems to be running ok, but to be honest I didn't notice anything huge before. Do you think I'm clean now? Should I remove any of the programs downloaded or reenable defogger?Thanks again Link to post Share on other sites More sharing options...
Kenny94 Posted May 23, 2011 ID:432740 Share Posted May 23, 2011 To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK. If not, reboot your PCYou can remove DeFogger.Your Computer is CleanSome final items:Follow these steps to uninstall Combofix and tools used in the removal of malwarePlease press the Windows Key and R on your keyboard. This will bring up the Run... command.Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)Please follow the prompts to uninstall Combofix.You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.Here are some additional links for you to check out to help you with your computer security. BrowsersJust because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK buttonIf it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.Additional Security MeasuresSecunia software inspector & update checker Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer.Visit My Blog for Malware and Spyware Tips Link to post Share on other sites More sharing options...
VirusPain Posted May 24, 2011 Author ID:432915 Share Posted May 24, 2011 Thank you so much for all your help. I'm off to visit the links and your blog for more tips Abi Link to post Share on other sites More sharing options...
Kenny94 Posted May 24, 2011 ID:432916 Share Posted May 24, 2011 You're Welcome. Link to post Share on other sites More sharing options...
Recommended Posts